From sle-updates at lists.suse.com Mon Oct 2 08:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 02 Oct 2023 08:30:02 -0000 Subject: SUSE-SU-2023:3929-1: important: Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP5) Message-ID: <169623540216.15232.10717735976293037026@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP5) Announcement ID: SUSE-SU-2023:3929-1 Rating: important References: * #1214123 Cross-References: * CVE-2023-4273 CVSS scores: * CVE-2023-4273 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4273 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_19 fixes one issue. The following security issue was fixed: * CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214123). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3929=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-3929=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3932=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-3932=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_16-debugsource-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_81-default-debuginfo-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_81-default-2-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_16-debugsource-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_81-default-debuginfo-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_81-default-2-150400.2.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_19-default-2-150500.2.1 * kernel-livepatch-5_14_21-150500_55_19-default-debuginfo-2-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_3-debugsource-2-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_19-default-2-150500.2.1 * kernel-livepatch-5_14_21-150500_55_19-default-debuginfo-2-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_3-debugsource-2-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4273.html * https://bugzilla.suse.com/show_bug.cgi?id=1214123 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 2 08:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 02 Oct 2023 08:30:05 -0000 Subject: SUSE-SU-2023:3924-1: important: Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP5) Message-ID: <169623540524.15232.5345123418674822411@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP5) Announcement ID: SUSE-SU-2023:3924-1 Rating: important References: * #1213587 * #1214123 * #1215119 Cross-References: * CVE-2023-3609 * CVE-2023-3776 * CVE-2023-4273 CVSS scores: * CVE-2023-3609 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3609 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3776 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3776 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4273 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4273 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_12 fixes several issues. The following security issues were fixed: * CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after- free (bsc#1215119). * CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214123). * CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213587). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-3924=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3930=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-3930=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3924=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_74-default-debuginfo-3-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_15-debugsource-3-150400.2.1 * kernel-livepatch-5_14_21-150400_24_74-default-3-150400.2.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_12-default-debuginfo-3-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_2-debugsource-3-150500.2.1 * kernel-livepatch-5_14_21-150500_55_12-default-3-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_12-default-debuginfo-3-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_2-debugsource-3-150500.2.1 * kernel-livepatch-5_14_21-150500_55_12-default-3-150500.2.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_74-default-debuginfo-3-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_15-debugsource-3-150400.2.1 * kernel-livepatch-5_14_21-150400_24_74-default-3-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3609.html * https://www.suse.com/security/cve/CVE-2023-3776.html * https://www.suse.com/security/cve/CVE-2023-4273.html * https://bugzilla.suse.com/show_bug.cgi?id=1213587 * https://bugzilla.suse.com/show_bug.cgi?id=1214123 * https://bugzilla.suse.com/show_bug.cgi?id=1215119 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 2 08:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 02 Oct 2023 08:30:08 -0000 Subject: SUSE-SU-2023:3923-1: important: Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP5) Message-ID: <169623540827.15232.2644190979886147345@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP5) Announcement ID: SUSE-SU-2023:3923-1 Rating: important References: * #1213064 * #1213587 * #1214123 * #1215119 Cross-References: * CVE-2023-31248 * CVE-2023-3609 * CVE-2023-3776 * CVE-2023-4273 CVSS scores: * CVE-2023-31248 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31248 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3609 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3609 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3776 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3776 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4273 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4273 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_7 fixes several issues. The following security issues were fixed: * CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after- free (bsc#1215119). * CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214123). * CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213587). * CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213064). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3923=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-3923=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3926=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-3926=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_69-default-3-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_14-debugsource-3-150400.2.1 * kernel-livepatch-5_14_21-150400_24_69-default-debuginfo-3-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_69-default-3-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_14-debugsource-3-150400.2.1 * kernel-livepatch-5_14_21-150400_24_69-default-debuginfo-3-150400.2.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_7-default-debuginfo-3-150500.2.1 * kernel-livepatch-5_14_21-150500_55_7-default-3-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_1-debugsource-3-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_7-default-debuginfo-3-150500.2.1 * kernel-livepatch-5_14_21-150500_55_7-default-3-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_1-debugsource-3-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-31248.html * https://www.suse.com/security/cve/CVE-2023-3609.html * https://www.suse.com/security/cve/CVE-2023-3776.html * https://www.suse.com/security/cve/CVE-2023-4273.html * https://bugzilla.suse.com/show_bug.cgi?id=1213064 * https://bugzilla.suse.com/show_bug.cgi?id=1213587 * https://bugzilla.suse.com/show_bug.cgi?id=1214123 * https://bugzilla.suse.com/show_bug.cgi?id=1215119 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 2 08:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 02 Oct 2023 08:30:11 -0000 Subject: SUSE-SU-2023:3922-1: important: Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP4) Message-ID: <169623541165.15232.17292658674785676791@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:3922-1 Rating: important References: * #1210619 * #1213064 * #1213587 * #1214123 * #1215119 Cross-References: * CVE-2023-1829 * CVE-2023-31248 * CVE-2023-3609 * CVE-2023-3776 * CVE-2023-4273 CVSS scores: * CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31248 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31248 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3609 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3609 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3776 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3776 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4273 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4273 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_66 fixes several issues. The following security issues were fixed: * CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after- free (bsc#1215119). * CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210619). * CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214123). * CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213587). * CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213064). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3922=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-3922=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_66-default-debuginfo-4-150400.2.1 * kernel-livepatch-5_14_21-150400_24_66-default-4-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_13-debugsource-4-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_66-default-debuginfo-4-150400.2.1 * kernel-livepatch-5_14_21-150400_24_66-default-4-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_13-debugsource-4-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1829.html * https://www.suse.com/security/cve/CVE-2023-31248.html * https://www.suse.com/security/cve/CVE-2023-3609.html * https://www.suse.com/security/cve/CVE-2023-3776.html * https://www.suse.com/security/cve/CVE-2023-4273.html * https://bugzilla.suse.com/show_bug.cgi?id=1210619 * https://bugzilla.suse.com/show_bug.cgi?id=1213064 * https://bugzilla.suse.com/show_bug.cgi?id=1213587 * https://bugzilla.suse.com/show_bug.cgi?id=1214123 * https://bugzilla.suse.com/show_bug.cgi?id=1215119 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 2 08:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 02 Oct 2023 08:30:14 -0000 Subject: SUSE-SU-2023:3912-1: important: Security update for the Linux Kernel (Live Patch 35 for SLE 15 SP3) Message-ID: <169623541422.15232.3629449657641836848@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 35 for SLE 15 SP3) Announcement ID: SUSE-SU-2023:3912-1 Rating: important References: * #1210619 * #1214123 Cross-References: * CVE-2023-1829 * CVE-2023-4273 CVSS scores: * CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4273 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4273 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_130 fixes several issues. The following security issues were fixed: * CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210619). * CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214123). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-3912=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_130-default-2-150300.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1829.html * https://www.suse.com/security/cve/CVE-2023-4273.html * https://bugzilla.suse.com/show_bug.cgi?id=1210619 * https://bugzilla.suse.com/show_bug.cgi?id=1214123 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 2 08:30:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 02 Oct 2023 08:30:17 -0000 Subject: SUSE-SU-2023:3928-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP3) Message-ID: <169623541742.15232.16464243738212248021@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP3) Announcement ID: SUSE-SU-2023:3928-1 Rating: important References: * #1210619 * #1213064 * #1213587 * #1213706 * #1214123 * #1215119 Cross-References: * CVE-2023-1829 * CVE-2023-31248 * CVE-2023-3609 * CVE-2023-3776 * CVE-2023-3812 * CVE-2023-4273 CVSS scores: * CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31248 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31248 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3609 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3609 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3776 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3776 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3812 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3812 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4273 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4273 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves six vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_101 fixes several issues. The following security issues were fixed: * CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after- free (bsc#1215119). * CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210619). * CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214123). * CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213587). * CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213706). * CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213064). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-3908=1 SUSE-SLE- Module-Live-Patching-15-SP3-2023-3905=1 SUSE-SLE-Module-Live- Patching-15-SP3-2023-3927=1 SUSE-SLE-Module-Live-Patching-15-SP3-2023-3909=1 SUSE-SLE-Module-Live-Patching-15-SP3-2023-3910=1 SUSE-SLE-Module-Live- Patching-15-SP3-2023-3911=1 SUSE-SLE-Module-Live-Patching-15-SP3-2023-3928=1 SUSE-SLE-Module-Live-Patching-15-SP3-2023-3904=1 SUSE-SLE-Module-Live- Patching-15-SP3-2023-3931=1 SUSE-SLE-Module-Live-Patching-15-SP3-2023-3906=1 SUSE-SLE-Module-Live-Patching-15-SP3-2023-3907=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3913=1 SUSE-2023-3914=1 SUSE-2023-3915=1 SUSE-2023-3916=1 SUSE-2023-3917=1 SUSE-2023-3918=1 SUSE-2023-3919=1 SUSE-2023-3920=1 SUSE-2023-3921=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-3913=1 SUSE-SLE- Module-Live-Patching-15-SP4-2023-3914=1 SUSE-SLE-Module-Live- Patching-15-SP4-2023-3915=1 SUSE-SLE-Module-Live-Patching-15-SP4-2023-3916=1 SUSE-SLE-Module-Live-Patching-15-SP4-2023-3917=1 SUSE-SLE-Module-Live- Patching-15-SP4-2023-3918=1 SUSE-SLE-Module-Live-Patching-15-SP4-2023-3919=1 SUSE-SLE-Module-Live-Patching-15-SP4-2023-3920=1 SUSE-SLE-Module-Live- Patching-15-SP4-2023-3921=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3925=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-3925=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_106-default-9-150300.2.2 * kernel-livepatch-5_3_18-150300_59_112-default-8-150300.2.2 * kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1 * kernel-livepatch-5_3_18-150300_59_118-default-6-150300.2.1 * kernel-livepatch-5_3_18-150300_59_109-default-9-150300.2.2 * kernel-livepatch-5_3_18-150300_59_127-default-3-150300.2.1 * kernel-livepatch-5_3_18-150300_59_124-default-4-150300.2.1 * kernel-livepatch-5_3_18-150300_59_121-default-6-150300.2.1 * kernel-livepatch-5_3_18-150300_59_101-default-11-150300.2.2 * kernel-livepatch-5_3_18-150300_59_93-default-14-150300.2.2 * kernel-livepatch-5_3_18-150300_59_98-default-12-150300.2.2 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_28-default-debuginfo-12-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_3-debugsource-14-150400.2.2 * kernel-livepatch-5_14_21-150400_24_41-default-debuginfo-9-150400.2.2 * kernel-livepatch-5_14_21-150400_24_60-default-debuginfo-6-150400.2.1 * kernel-livepatch-5_14_21-150400_24_55-default-debuginfo-7-150400.2.1 * kernel-livepatch-5_14_21-150400_24_38-default-debuginfo-10-150400.2.2 * kernel-livepatch-5_14_21-150400_24_55-default-7-150400.2.1 * kernel-livepatch-5_14_21-150400_24_21-default-debuginfo-14-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_11-debugsource-6-150400.2.1 * kernel-livepatch-5_14_21-150400_24_63-default-6-150400.2.1 * kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2 * kernel-livepatch-5_14_21-150400_24_60-default-6-150400.2.1 * kernel-livepatch-5_14_21-150400_24_46-default-debuginfo-8-150400.2.2 * kernel-livepatch-5_14_21-150400_24_46-default-8-150400.2.2 * kernel-livepatch-5_14_21-150400_24_63-default-debuginfo-6-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_10-debugsource-7-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_12-debugsource-6-150400.2.1 * kernel-livepatch-5_14_21-150400_24_33-default-11-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_7-debugsource-9-150400.2.2 * kernel-livepatch-5_14_21-150400_24_41-default-9-150400.2.2 * kernel-livepatch-5_14_21-150400_24_28-default-12-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_8-debugsource-8-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_6-debugsource-10-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_4-debugsource-12-150400.2.2 * kernel-livepatch-5_14_21-150400_24_33-default-debuginfo-11-150400.2.2 * kernel-livepatch-5_14_21-150400_24_38-default-10-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_5-debugsource-11-150400.2.2 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_28-default-debuginfo-12-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_3-debugsource-14-150400.2.2 * kernel-livepatch-5_14_21-150400_24_41-default-debuginfo-9-150400.2.2 * kernel-livepatch-5_14_21-150400_24_60-default-debuginfo-6-150400.2.1 * kernel-livepatch-5_14_21-150400_24_55-default-debuginfo-7-150400.2.1 * kernel-livepatch-5_14_21-150400_24_38-default-debuginfo-10-150400.2.2 * kernel-livepatch-5_14_21-150400_24_55-default-7-150400.2.1 * kernel-livepatch-5_14_21-150400_24_21-default-debuginfo-14-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_11-debugsource-6-150400.2.1 * kernel-livepatch-5_14_21-150400_24_63-default-6-150400.2.1 * kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2 * kernel-livepatch-5_14_21-150400_24_60-default-6-150400.2.1 * kernel-livepatch-5_14_21-150400_24_46-default-debuginfo-8-150400.2.2 * kernel-livepatch-5_14_21-150400_24_46-default-8-150400.2.2 * kernel-livepatch-5_14_21-150400_24_63-default-debuginfo-6-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_10-debugsource-7-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_12-debugsource-6-150400.2.1 * kernel-livepatch-5_14_21-150400_24_33-default-11-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_7-debugsource-9-150400.2.2 * kernel-livepatch-5_14_21-150400_24_41-default-9-150400.2.2 * kernel-livepatch-5_14_21-150400_24_28-default-12-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_8-debugsource-8-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_6-debugsource-10-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_4-debugsource-12-150400.2.2 * kernel-livepatch-5_14_21-150400_24_33-default-debuginfo-11-150400.2.2 * kernel-livepatch-5_14_21-150400_24_38-default-10-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_5-debugsource-11-150400.2.2 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2 * kernel-livepatch-SLE15-SP5_Update_0-debugsource-4-150500.9.2 * kernel-livepatch-5_14_21-150500_53-default-debuginfo-4-150500.9.2 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2 * kernel-livepatch-SLE15-SP5_Update_0-debugsource-4-150500.9.2 * kernel-livepatch-5_14_21-150500_53-default-debuginfo-4-150500.9.2 ## References: * https://www.suse.com/security/cve/CVE-2023-1829.html * https://www.suse.com/security/cve/CVE-2023-31248.html * https://www.suse.com/security/cve/CVE-2023-3609.html * https://www.suse.com/security/cve/CVE-2023-3776.html * https://www.suse.com/security/cve/CVE-2023-3812.html * https://www.suse.com/security/cve/CVE-2023-4273.html * https://bugzilla.suse.com/show_bug.cgi?id=1210619 * https://bugzilla.suse.com/show_bug.cgi?id=1213064 * https://bugzilla.suse.com/show_bug.cgi?id=1213587 * https://bugzilla.suse.com/show_bug.cgi?id=1213706 * https://bugzilla.suse.com/show_bug.cgi?id=1214123 * https://bugzilla.suse.com/show_bug.cgi?id=1215119 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 2 08:30:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 02 Oct 2023 08:30:20 -0000 Subject: SUSE-SU-2023:3933-1: important: Security update for python Message-ID: <169623542013.15232.13745144098620611123@smelt2.prg2.suse.org> # Security update for python Announcement ID: SUSE-SU-2023:3933-1 Rating: important References: * #1214692 Cross-References: * CVE-2023-40217 CVSS scores: * CVE-2023-40217 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2023-40217 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for python fixes the following issues: * CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3933=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3933=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3933=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3933=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3933=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3933=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3933=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3933=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3933=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3933=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3933=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3933=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3933=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3933=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3933=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3933=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3933=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3933=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * python-base-2.7.18-150000.54.1 * python-debugsource-2.7.18-150000.54.1 * python-devel-2.7.18-150000.54.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.54.1 * python-curses-debuginfo-2.7.18-150000.54.1 * python-2.7.18-150000.54.1 * libpython2_7-1_0-2.7.18-150000.54.1 * python-base-debuginfo-2.7.18-150000.54.1 * python-curses-2.7.18-150000.54.1 * python-idle-2.7.18-150000.54.1 * python-demo-2.7.18-150000.54.1 * python-gdbm-debuginfo-2.7.18-150000.54.1 * python-debuginfo-2.7.18-150000.54.1 * python-xml-2.7.18-150000.54.1 * python-tk-debuginfo-2.7.18-150000.54.1 * python-xml-debuginfo-2.7.18-150000.54.1 * python-base-debugsource-2.7.18-150000.54.1 * python-gdbm-2.7.18-150000.54.1 * python-tk-2.7.18-150000.54.1 * openSUSE Leap 15.4 (x86_64) * python-32bit-debuginfo-2.7.18-150000.54.1 * python-base-32bit-debuginfo-2.7.18-150000.54.1 * libpython2_7-1_0-32bit-debuginfo-2.7.18-150000.54.1 * libpython2_7-1_0-32bit-2.7.18-150000.54.1 * python-base-32bit-2.7.18-150000.54.1 * python-32bit-2.7.18-150000.54.1 * openSUSE Leap 15.4 (noarch) * python-doc-2.7.18-150000.54.1 * python-doc-pdf-2.7.18-150000.54.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * python-base-2.7.18-150000.54.1 * python-debugsource-2.7.18-150000.54.1 * python-devel-2.7.18-150000.54.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.54.1 * python-curses-debuginfo-2.7.18-150000.54.1 * python-2.7.18-150000.54.1 * libpython2_7-1_0-2.7.18-150000.54.1 * python-base-debuginfo-2.7.18-150000.54.1 * python-curses-2.7.18-150000.54.1 * python-idle-2.7.18-150000.54.1 * python-demo-2.7.18-150000.54.1 * python-gdbm-debuginfo-2.7.18-150000.54.1 * python-debuginfo-2.7.18-150000.54.1 * python-xml-2.7.18-150000.54.1 * python-tk-debuginfo-2.7.18-150000.54.1 * python-xml-debuginfo-2.7.18-150000.54.1 * python-base-debugsource-2.7.18-150000.54.1 * python-gdbm-2.7.18-150000.54.1 * python-tk-2.7.18-150000.54.1 * openSUSE Leap 15.5 (x86_64) * python-32bit-debuginfo-2.7.18-150000.54.1 * python-base-32bit-debuginfo-2.7.18-150000.54.1 * libpython2_7-1_0-32bit-debuginfo-2.7.18-150000.54.1 * libpython2_7-1_0-32bit-2.7.18-150000.54.1 * python-base-32bit-2.7.18-150000.54.1 * python-32bit-2.7.18-150000.54.1 * openSUSE Leap 15.5 (noarch) * python-doc-2.7.18-150000.54.1 * python-doc-pdf-2.7.18-150000.54.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * python-base-debuginfo-2.7.18-150000.54.1 * python-base-debugsource-2.7.18-150000.54.1 * python-devel-2.7.18-150000.54.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * python-base-2.7.18-150000.54.1 * python-debugsource-2.7.18-150000.54.1 * python-devel-2.7.18-150000.54.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.54.1 * python-curses-debuginfo-2.7.18-150000.54.1 * python-2.7.18-150000.54.1 * libpython2_7-1_0-2.7.18-150000.54.1 * python-base-debuginfo-2.7.18-150000.54.1 * python-curses-2.7.18-150000.54.1 * python-xml-debuginfo-2.7.18-150000.54.1 * python-gdbm-debuginfo-2.7.18-150000.54.1 * python-debuginfo-2.7.18-150000.54.1 * python-base-debugsource-2.7.18-150000.54.1 * python-gdbm-2.7.18-150000.54.1 * python-xml-2.7.18-150000.54.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * python-base-2.7.18-150000.54.1 * python-debugsource-2.7.18-150000.54.1 * python-devel-2.7.18-150000.54.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.54.1 * python-curses-debuginfo-2.7.18-150000.54.1 * python-2.7.18-150000.54.1 * libpython2_7-1_0-2.7.18-150000.54.1 * python-base-debuginfo-2.7.18-150000.54.1 * python-curses-2.7.18-150000.54.1 * python-xml-2.7.18-150000.54.1 * python-xml-debuginfo-2.7.18-150000.54.1 * python-gdbm-debuginfo-2.7.18-150000.54.1 * python-debuginfo-2.7.18-150000.54.1 * python-tk-debuginfo-2.7.18-150000.54.1 * python-base-debugsource-2.7.18-150000.54.1 * python-gdbm-2.7.18-150000.54.1 * python-tk-2.7.18-150000.54.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * python-base-2.7.18-150000.54.1 * python-debugsource-2.7.18-150000.54.1 * python-devel-2.7.18-150000.54.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.54.1 * python-curses-debuginfo-2.7.18-150000.54.1 * python-2.7.18-150000.54.1 * libpython2_7-1_0-2.7.18-150000.54.1 * python-base-debuginfo-2.7.18-150000.54.1 * python-curses-2.7.18-150000.54.1 * python-xml-2.7.18-150000.54.1 * python-xml-debuginfo-2.7.18-150000.54.1 * python-gdbm-debuginfo-2.7.18-150000.54.1 * python-debuginfo-2.7.18-150000.54.1 * python-tk-debuginfo-2.7.18-150000.54.1 * python-base-debugsource-2.7.18-150000.54.1 * python-gdbm-2.7.18-150000.54.1 * python-tk-2.7.18-150000.54.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * python-base-2.7.18-150000.54.1 * python-debugsource-2.7.18-150000.54.1 * python-devel-2.7.18-150000.54.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.54.1 * python-2.7.18-150000.54.1 * libpython2_7-1_0-2.7.18-150000.54.1 * python-base-debuginfo-2.7.18-150000.54.1 * python-xml-2.7.18-150000.54.1 * python-xml-debuginfo-2.7.18-150000.54.1 * python-debuginfo-2.7.18-150000.54.1 * python-tk-debuginfo-2.7.18-150000.54.1 * python-base-debugsource-2.7.18-150000.54.1 * python-tk-2.7.18-150000.54.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * python-base-2.7.18-150000.54.1 * python-debugsource-2.7.18-150000.54.1 * python-devel-2.7.18-150000.54.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.54.1 * python-2.7.18-150000.54.1 * libpython2_7-1_0-2.7.18-150000.54.1 * python-base-debuginfo-2.7.18-150000.54.1 * python-xml-2.7.18-150000.54.1 * python-xml-debuginfo-2.7.18-150000.54.1 * python-debuginfo-2.7.18-150000.54.1 * python-tk-debuginfo-2.7.18-150000.54.1 * python-base-debugsource-2.7.18-150000.54.1 * python-tk-2.7.18-150000.54.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * python-base-2.7.18-150000.54.1 * python-debugsource-2.7.18-150000.54.1 * python-devel-2.7.18-150000.54.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.54.1 * python-curses-debuginfo-2.7.18-150000.54.1 * python-2.7.18-150000.54.1 * libpython2_7-1_0-2.7.18-150000.54.1 * python-base-debuginfo-2.7.18-150000.54.1 * python-curses-2.7.18-150000.54.1 * python-xml-2.7.18-150000.54.1 * python-xml-debuginfo-2.7.18-150000.54.1 * python-gdbm-debuginfo-2.7.18-150000.54.1 * python-debuginfo-2.7.18-150000.54.1 * python-tk-debuginfo-2.7.18-150000.54.1 * python-base-debugsource-2.7.18-150000.54.1 * python-gdbm-2.7.18-150000.54.1 * python-tk-2.7.18-150000.54.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * python-base-2.7.18-150000.54.1 * python-debugsource-2.7.18-150000.54.1 * python-devel-2.7.18-150000.54.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.54.1 * python-curses-debuginfo-2.7.18-150000.54.1 * python-2.7.18-150000.54.1 * libpython2_7-1_0-2.7.18-150000.54.1 * python-base-debuginfo-2.7.18-150000.54.1 * python-curses-2.7.18-150000.54.1 * python-xml-2.7.18-150000.54.1 * python-xml-debuginfo-2.7.18-150000.54.1 * python-gdbm-debuginfo-2.7.18-150000.54.1 * python-debuginfo-2.7.18-150000.54.1 * python-tk-debuginfo-2.7.18-150000.54.1 * python-base-debugsource-2.7.18-150000.54.1 * python-gdbm-2.7.18-150000.54.1 * python-tk-2.7.18-150000.54.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * python-base-2.7.18-150000.54.1 * python-debugsource-2.7.18-150000.54.1 * python-devel-2.7.18-150000.54.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.54.1 * python-2.7.18-150000.54.1 * libpython2_7-1_0-2.7.18-150000.54.1 * python-base-debuginfo-2.7.18-150000.54.1 * python-xml-2.7.18-150000.54.1 * python-xml-debuginfo-2.7.18-150000.54.1 * python-debuginfo-2.7.18-150000.54.1 * python-tk-debuginfo-2.7.18-150000.54.1 * python-base-debugsource-2.7.18-150000.54.1 * python-tk-2.7.18-150000.54.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * python-base-2.7.18-150000.54.1 * python-debugsource-2.7.18-150000.54.1 * python-devel-2.7.18-150000.54.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.54.1 * python-curses-debuginfo-2.7.18-150000.54.1 * python-2.7.18-150000.54.1 * libpython2_7-1_0-2.7.18-150000.54.1 * python-base-debuginfo-2.7.18-150000.54.1 * python-curses-2.7.18-150000.54.1 * python-xml-2.7.18-150000.54.1 * python-xml-debuginfo-2.7.18-150000.54.1 * python-gdbm-debuginfo-2.7.18-150000.54.1 * python-debuginfo-2.7.18-150000.54.1 * python-tk-debuginfo-2.7.18-150000.54.1 * python-base-debugsource-2.7.18-150000.54.1 * python-gdbm-2.7.18-150000.54.1 * python-tk-2.7.18-150000.54.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * python-base-2.7.18-150000.54.1 * python-debugsource-2.7.18-150000.54.1 * python-devel-2.7.18-150000.54.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.54.1 * python-curses-debuginfo-2.7.18-150000.54.1 * python-2.7.18-150000.54.1 * libpython2_7-1_0-2.7.18-150000.54.1 * python-base-debuginfo-2.7.18-150000.54.1 * python-curses-2.7.18-150000.54.1 * python-xml-2.7.18-150000.54.1 * python-xml-debuginfo-2.7.18-150000.54.1 * python-gdbm-debuginfo-2.7.18-150000.54.1 * python-debuginfo-2.7.18-150000.54.1 * python-tk-debuginfo-2.7.18-150000.54.1 * python-base-debugsource-2.7.18-150000.54.1 * python-gdbm-2.7.18-150000.54.1 * python-tk-2.7.18-150000.54.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * python-base-2.7.18-150000.54.1 * python-debugsource-2.7.18-150000.54.1 * python-devel-2.7.18-150000.54.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.54.1 * python-2.7.18-150000.54.1 * libpython2_7-1_0-2.7.18-150000.54.1 * python-base-debuginfo-2.7.18-150000.54.1 * python-xml-2.7.18-150000.54.1 * python-xml-debuginfo-2.7.18-150000.54.1 * python-debuginfo-2.7.18-150000.54.1 * python-tk-debuginfo-2.7.18-150000.54.1 * python-base-debugsource-2.7.18-150000.54.1 * python-tk-2.7.18-150000.54.1 * SUSE Manager Proxy 4.2 (x86_64) * python-base-2.7.18-150000.54.1 * python-debugsource-2.7.18-150000.54.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.54.1 * python-2.7.18-150000.54.1 * libpython2_7-1_0-2.7.18-150000.54.1 * python-base-debuginfo-2.7.18-150000.54.1 * python-debuginfo-2.7.18-150000.54.1 * python-base-debugsource-2.7.18-150000.54.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * python-base-2.7.18-150000.54.1 * python-debugsource-2.7.18-150000.54.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.54.1 * python-2.7.18-150000.54.1 * libpython2_7-1_0-2.7.18-150000.54.1 * python-base-debuginfo-2.7.18-150000.54.1 * python-debuginfo-2.7.18-150000.54.1 * python-base-debugsource-2.7.18-150000.54.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * python-base-2.7.18-150000.54.1 * python-debugsource-2.7.18-150000.54.1 * python-devel-2.7.18-150000.54.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.54.1 * python-curses-debuginfo-2.7.18-150000.54.1 * python-2.7.18-150000.54.1 * libpython2_7-1_0-2.7.18-150000.54.1 * python-base-debuginfo-2.7.18-150000.54.1 * python-curses-2.7.18-150000.54.1 * python-xml-debuginfo-2.7.18-150000.54.1 * python-gdbm-debuginfo-2.7.18-150000.54.1 * python-debuginfo-2.7.18-150000.54.1 * python-base-debugsource-2.7.18-150000.54.1 * python-gdbm-2.7.18-150000.54.1 * python-xml-2.7.18-150000.54.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * python-base-2.7.18-150000.54.1 * python-debugsource-2.7.18-150000.54.1 * python-devel-2.7.18-150000.54.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.54.1 * python-2.7.18-150000.54.1 * libpython2_7-1_0-2.7.18-150000.54.1 * python-base-debuginfo-2.7.18-150000.54.1 * python-xml-2.7.18-150000.54.1 * python-xml-debuginfo-2.7.18-150000.54.1 * python-debuginfo-2.7.18-150000.54.1 * python-tk-debuginfo-2.7.18-150000.54.1 * python-base-debugsource-2.7.18-150000.54.1 * python-tk-2.7.18-150000.54.1 * SUSE CaaS Platform 4.0 (x86_64) * python-base-2.7.18-150000.54.1 * python-debugsource-2.7.18-150000.54.1 * python-devel-2.7.18-150000.54.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.54.1 * python-curses-debuginfo-2.7.18-150000.54.1 * python-2.7.18-150000.54.1 * libpython2_7-1_0-2.7.18-150000.54.1 * python-base-debuginfo-2.7.18-150000.54.1 * python-curses-2.7.18-150000.54.1 * python-xml-2.7.18-150000.54.1 * python-xml-debuginfo-2.7.18-150000.54.1 * python-gdbm-debuginfo-2.7.18-150000.54.1 * python-debuginfo-2.7.18-150000.54.1 * python-tk-debuginfo-2.7.18-150000.54.1 * python-base-debugsource-2.7.18-150000.54.1 * python-gdbm-2.7.18-150000.54.1 * python-tk-2.7.18-150000.54.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40217.html * https://bugzilla.suse.com/show_bug.cgi?id=1214692 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 2 12:30:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 02 Oct 2023 12:30:42 -0000 Subject: SUSE-SU-2023:3934-1: important: Security update for bind Message-ID: <169624984246.4983.11216196650065931525@smelt2.prg2.suse.org> # Security update for bind Announcement ID: SUSE-SU-2023:3934-1 Rating: important References: * #1213748 * #1215472 * PED-4852 * PED-4853 Cross-References: * CVE-2023-3341 CVSS scores: * CVE-2023-3341 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3341 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves one vulnerability, contains two features and has one security fix can now be installed. ## Description: This update for bind fixes the following issues: Security fixes: * CVE-2023-3341: Fixed stack exhaustion flaw in control channel code may cause named to terminate unexpectedly (bsc#1215472). Other fixes: * Add `dnstap` support (jsc#PED-4853, jsc#PED-4852, bsc#1213748) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3934=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3934=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3934=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3934=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3934=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3934=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3934=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3934=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libisccfg1600-debuginfo-9.16.6-150300.22.41.1 * libirs-devel-9.16.6-150300.22.41.1 * libirs1601-debuginfo-9.16.6-150300.22.41.1 * libisc1606-9.16.6-150300.22.41.1 * bind-debugsource-9.16.6-150300.22.41.1 * libisccc1600-9.16.6-150300.22.41.1 * bind-debuginfo-9.16.6-150300.22.41.1 * libns1604-debuginfo-9.16.6-150300.22.41.1 * libdns1605-debuginfo-9.16.6-150300.22.41.1 * libbind9-1600-9.16.6-150300.22.41.1 * libbind9-1600-debuginfo-9.16.6-150300.22.41.1 * libns1604-9.16.6-150300.22.41.1 * bind-9.16.6-150300.22.41.1 * libirs1601-9.16.6-150300.22.41.1 * bind-utils-debuginfo-9.16.6-150300.22.41.1 * libdns1605-9.16.6-150300.22.41.1 * bind-utils-9.16.6-150300.22.41.1 * libisccfg1600-9.16.6-150300.22.41.1 * libisc1606-debuginfo-9.16.6-150300.22.41.1 * libisccc1600-debuginfo-9.16.6-150300.22.41.1 * bind-chrootenv-9.16.6-150300.22.41.1 * bind-devel-9.16.6-150300.22.41.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * python3-bind-9.16.6-150300.22.41.1 * bind-doc-9.16.6-150300.22.41.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libisccfg1600-debuginfo-9.16.6-150300.22.41.1 * libirs-devel-9.16.6-150300.22.41.1 * libirs1601-debuginfo-9.16.6-150300.22.41.1 * libisc1606-9.16.6-150300.22.41.1 * bind-debugsource-9.16.6-150300.22.41.1 * libisccc1600-9.16.6-150300.22.41.1 * bind-debuginfo-9.16.6-150300.22.41.1 * libns1604-debuginfo-9.16.6-150300.22.41.1 * libdns1605-debuginfo-9.16.6-150300.22.41.1 * libbind9-1600-9.16.6-150300.22.41.1 * libbind9-1600-debuginfo-9.16.6-150300.22.41.1 * libns1604-9.16.6-150300.22.41.1 * bind-9.16.6-150300.22.41.1 * libirs1601-9.16.6-150300.22.41.1 * bind-utils-debuginfo-9.16.6-150300.22.41.1 * libdns1605-9.16.6-150300.22.41.1 * bind-utils-9.16.6-150300.22.41.1 * libisccfg1600-9.16.6-150300.22.41.1 * libisc1606-debuginfo-9.16.6-150300.22.41.1 * libisccc1600-debuginfo-9.16.6-150300.22.41.1 * bind-chrootenv-9.16.6-150300.22.41.1 * bind-devel-9.16.6-150300.22.41.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * python3-bind-9.16.6-150300.22.41.1 * bind-doc-9.16.6-150300.22.41.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libisccfg1600-debuginfo-9.16.6-150300.22.41.1 * libirs-devel-9.16.6-150300.22.41.1 * libirs1601-debuginfo-9.16.6-150300.22.41.1 * libisc1606-9.16.6-150300.22.41.1 * bind-debugsource-9.16.6-150300.22.41.1 * libisccc1600-9.16.6-150300.22.41.1 * bind-debuginfo-9.16.6-150300.22.41.1 * libns1604-debuginfo-9.16.6-150300.22.41.1 * libdns1605-debuginfo-9.16.6-150300.22.41.1 * libbind9-1600-9.16.6-150300.22.41.1 * libbind9-1600-debuginfo-9.16.6-150300.22.41.1 * libns1604-9.16.6-150300.22.41.1 * bind-9.16.6-150300.22.41.1 * libirs1601-9.16.6-150300.22.41.1 * bind-utils-debuginfo-9.16.6-150300.22.41.1 * libdns1605-9.16.6-150300.22.41.1 * bind-utils-9.16.6-150300.22.41.1 * libisccfg1600-9.16.6-150300.22.41.1 * libisc1606-debuginfo-9.16.6-150300.22.41.1 * libisccc1600-debuginfo-9.16.6-150300.22.41.1 * bind-chrootenv-9.16.6-150300.22.41.1 * bind-devel-9.16.6-150300.22.41.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * python3-bind-9.16.6-150300.22.41.1 * bind-doc-9.16.6-150300.22.41.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libisccfg1600-debuginfo-9.16.6-150300.22.41.1 * libirs-devel-9.16.6-150300.22.41.1 * libirs1601-debuginfo-9.16.6-150300.22.41.1 * libisc1606-9.16.6-150300.22.41.1 * bind-debugsource-9.16.6-150300.22.41.1 * libisccc1600-9.16.6-150300.22.41.1 * bind-debuginfo-9.16.6-150300.22.41.1 * libns1604-debuginfo-9.16.6-150300.22.41.1 * libdns1605-debuginfo-9.16.6-150300.22.41.1 * libbind9-1600-9.16.6-150300.22.41.1 * libbind9-1600-debuginfo-9.16.6-150300.22.41.1 * libns1604-9.16.6-150300.22.41.1 * bind-9.16.6-150300.22.41.1 * libirs1601-9.16.6-150300.22.41.1 * bind-utils-debuginfo-9.16.6-150300.22.41.1 * libdns1605-9.16.6-150300.22.41.1 * bind-utils-9.16.6-150300.22.41.1 * libisccfg1600-9.16.6-150300.22.41.1 * libisc1606-debuginfo-9.16.6-150300.22.41.1 * libisccc1600-debuginfo-9.16.6-150300.22.41.1 * bind-chrootenv-9.16.6-150300.22.41.1 * bind-devel-9.16.6-150300.22.41.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * python3-bind-9.16.6-150300.22.41.1 * bind-doc-9.16.6-150300.22.41.1 * SUSE Manager Proxy 4.2 (x86_64) * libisccfg1600-debuginfo-9.16.6-150300.22.41.1 * libirs-devel-9.16.6-150300.22.41.1 * libirs1601-debuginfo-9.16.6-150300.22.41.1 * libisc1606-9.16.6-150300.22.41.1 * bind-debugsource-9.16.6-150300.22.41.1 * libisccc1600-9.16.6-150300.22.41.1 * bind-debuginfo-9.16.6-150300.22.41.1 * libns1604-debuginfo-9.16.6-150300.22.41.1 * libdns1605-debuginfo-9.16.6-150300.22.41.1 * libbind9-1600-9.16.6-150300.22.41.1 * libbind9-1600-debuginfo-9.16.6-150300.22.41.1 * libns1604-9.16.6-150300.22.41.1 * bind-9.16.6-150300.22.41.1 * libirs1601-9.16.6-150300.22.41.1 * bind-utils-debuginfo-9.16.6-150300.22.41.1 * libdns1605-9.16.6-150300.22.41.1 * bind-utils-9.16.6-150300.22.41.1 * libisccfg1600-9.16.6-150300.22.41.1 * libisc1606-debuginfo-9.16.6-150300.22.41.1 * libisccc1600-debuginfo-9.16.6-150300.22.41.1 * bind-chrootenv-9.16.6-150300.22.41.1 * bind-devel-9.16.6-150300.22.41.1 * SUSE Manager Proxy 4.2 (noarch) * python3-bind-9.16.6-150300.22.41.1 * bind-doc-9.16.6-150300.22.41.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libisccfg1600-debuginfo-9.16.6-150300.22.41.1 * libirs-devel-9.16.6-150300.22.41.1 * libirs1601-debuginfo-9.16.6-150300.22.41.1 * libisc1606-9.16.6-150300.22.41.1 * bind-debugsource-9.16.6-150300.22.41.1 * libisccc1600-9.16.6-150300.22.41.1 * bind-debuginfo-9.16.6-150300.22.41.1 * libns1604-debuginfo-9.16.6-150300.22.41.1 * libdns1605-debuginfo-9.16.6-150300.22.41.1 * libbind9-1600-9.16.6-150300.22.41.1 * libbind9-1600-debuginfo-9.16.6-150300.22.41.1 * libns1604-9.16.6-150300.22.41.1 * bind-9.16.6-150300.22.41.1 * libirs1601-9.16.6-150300.22.41.1 * bind-utils-debuginfo-9.16.6-150300.22.41.1 * libdns1605-9.16.6-150300.22.41.1 * bind-utils-9.16.6-150300.22.41.1 * libisccfg1600-9.16.6-150300.22.41.1 * libisc1606-debuginfo-9.16.6-150300.22.41.1 * libisccc1600-debuginfo-9.16.6-150300.22.41.1 * bind-chrootenv-9.16.6-150300.22.41.1 * bind-devel-9.16.6-150300.22.41.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * python3-bind-9.16.6-150300.22.41.1 * bind-doc-9.16.6-150300.22.41.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libisccfg1600-debuginfo-9.16.6-150300.22.41.1 * libirs-devel-9.16.6-150300.22.41.1 * libirs1601-debuginfo-9.16.6-150300.22.41.1 * libisc1606-9.16.6-150300.22.41.1 * bind-debugsource-9.16.6-150300.22.41.1 * libisccc1600-9.16.6-150300.22.41.1 * bind-debuginfo-9.16.6-150300.22.41.1 * libns1604-debuginfo-9.16.6-150300.22.41.1 * libdns1605-debuginfo-9.16.6-150300.22.41.1 * libbind9-1600-9.16.6-150300.22.41.1 * libbind9-1600-debuginfo-9.16.6-150300.22.41.1 * libns1604-9.16.6-150300.22.41.1 * bind-9.16.6-150300.22.41.1 * libirs1601-9.16.6-150300.22.41.1 * bind-utils-debuginfo-9.16.6-150300.22.41.1 * libdns1605-9.16.6-150300.22.41.1 * bind-utils-9.16.6-150300.22.41.1 * libisccfg1600-9.16.6-150300.22.41.1 * libisc1606-debuginfo-9.16.6-150300.22.41.1 * libisccc1600-debuginfo-9.16.6-150300.22.41.1 * bind-chrootenv-9.16.6-150300.22.41.1 * bind-devel-9.16.6-150300.22.41.1 * SUSE Manager Server 4.2 (noarch) * python3-bind-9.16.6-150300.22.41.1 * bind-doc-9.16.6-150300.22.41.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libisccfg1600-debuginfo-9.16.6-150300.22.41.1 * libirs-devel-9.16.6-150300.22.41.1 * libirs1601-debuginfo-9.16.6-150300.22.41.1 * libisc1606-9.16.6-150300.22.41.1 * bind-debugsource-9.16.6-150300.22.41.1 * libisccc1600-9.16.6-150300.22.41.1 * bind-debuginfo-9.16.6-150300.22.41.1 * libns1604-debuginfo-9.16.6-150300.22.41.1 * libdns1605-debuginfo-9.16.6-150300.22.41.1 * libbind9-1600-9.16.6-150300.22.41.1 * libbind9-1600-debuginfo-9.16.6-150300.22.41.1 * libns1604-9.16.6-150300.22.41.1 * bind-9.16.6-150300.22.41.1 * libirs1601-9.16.6-150300.22.41.1 * bind-utils-debuginfo-9.16.6-150300.22.41.1 * libdns1605-9.16.6-150300.22.41.1 * bind-utils-9.16.6-150300.22.41.1 * libisccfg1600-9.16.6-150300.22.41.1 * libisc1606-debuginfo-9.16.6-150300.22.41.1 * libisccc1600-debuginfo-9.16.6-150300.22.41.1 * bind-chrootenv-9.16.6-150300.22.41.1 * bind-devel-9.16.6-150300.22.41.1 * SUSE Enterprise Storage 7.1 (noarch) * python3-bind-9.16.6-150300.22.41.1 * bind-doc-9.16.6-150300.22.41.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3341.html * https://bugzilla.suse.com/show_bug.cgi?id=1213748 * https://bugzilla.suse.com/show_bug.cgi?id=1215472 * https://jira.suse.com/browse/PED-4852 * https://jira.suse.com/browse/PED-4853 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 3 07:02:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Oct 2023 09:02:09 +0200 (CEST) Subject: SUSE-IU-2023:704-1: Security update of suse-sles-15-sp4-chost-byos-v20230928-x86_64-gen2 Message-ID: <20231003070209.5DED0F46C@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20230928-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:704-1 Image Tags : suse-sles-15-sp4-chost-byos-v20230928-x86_64-gen2:20230928 Image Release : Severity : important Type : security References : 1181477 1195391 1196933 1204942 1205161 1205533 1206402 1206608 1207543 1207598 1207778 1208928 1209979 1209998 1210015 1210797 1210950 1211598 1211599 1211829 1212368 1212475 1212819 1212910 1213120 1213127 1213229 1213240 1213500 1213582 1214006 1214052 1214081 1214107 1214108 1214109 1214140 1214254 1214458 1214535 1214692 1214768 1215026 1215064 1215145 1215204 1215472 1215474 CVE-2022-45154 CVE-2023-20588 CVE-2023-28840 CVE-2023-28841 CVE-2023-28842 CVE-2023-32360 CVE-2023-3341 CVE-2023-34322 CVE-2023-38039 CVE-2023-39615 CVE-2023-40217 CVE-2023-4039 CVE-2023-4504 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20230928-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3521-1 Released: Tue Sep 5 08:56:45 2023 Summary: Recommended update for python-iniconfig Type: recommended Severity: moderate References: 1213582 This update for python-iniconfig provides python3-iniconfig to SUSE Linux Enterprise Micro 5.2. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3536-1 Released: Tue Sep 5 15:00:27 2023 Summary: Security update for docker Type: security Severity: moderate References: 1210797,1212368,1213120,1213229,1213500,1214107,1214108,1214109,CVE-2023-28840,CVE-2023-28841,CVE-2023-28842 This update for docker fixes the following issues: - Update to Docker 24.0.5-ce. See upstream changelong online at bsc#1213229 - Update to Docker 24.0.4-ce. See upstream changelog online at . bsc#1213500 - Update to Docker 24.0.3-ce. See upstream changelog online at . bsc#1213120 - Recommend docker-rootless-extras instead of Require(ing) it, given it's an additional functionality and not inherently required for docker to function. - Add docker-rootless-extras subpackage (https://docs.docker.com/engine/security/rootless) - Update to Docker 24.0.2-ce. See upstream changelog online at . bsc#1212368 * Includes the upstreamed fix for the mount table pollution issue. bsc#1210797 - Add Recommends for docker-buildx, and add /usr/lib/docker/cli-plugins as being provided by this package. - was rebuilt against current GO compiler. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3538-1 Released: Tue Sep 5 16:37:14 2023 Summary: Recommended update for dracut Type: recommended Severity: important References: 1214081 This update for dracut fixes the following issues: - Protect against broken links pointing to themselves - Exit if resolving executable dependencies fails (bsc#1214081) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3543-1 Released: Wed Sep 6 08:27:22 2023 Summary: Recommended update for protobuf-c Type: recommended Severity: moderate References: 1214006 This update for protobuf-c fixes the following issues: - Add missing Provides/Obsoletes after package merge (bsc#1214006) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3577-1 Released: Mon Sep 11 15:04:01 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: low References: 1209998 This update for crypto-policies fixes the following issues: - Update update-crypto-policies(8) man pages and README.SUSE to mention the supported back-end policies. (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3663-1 Released: Mon Sep 18 21:49:09 2023 Summary: Recommended update for perl-Bootloader Type: recommended Severity: important References: 1215064 This update for perl-Bootloader fixes the following issues: - bootloader_entry script can have an optional 'force-default' argument (bsc#1215064) - skip warning about unsupported options when in compat mode ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3699-1 Released: Wed Sep 20 11:02:50 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3707-1 Released: Wed Sep 20 17:12:03 2023 Summary: Security update for cups Type: security Severity: important References: 1214254,1215204,CVE-2023-32360,CVE-2023-4504 This update for cups fixes the following issues: - CVE-2023-4504: Fixed heap overflow in OpenPrinting CUPS Postscript Parsing (bsc#1215204). - CVE-2023-32360: Fixed Information leak through Cups-Get-Document operation (bsc#1214254). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3737-1 Released: Fri Sep 22 20:31:25 2023 Summary: Security update for bind Type: security Severity: important References: 1215472,CVE-2023-3341 This update for bind fixes the following issues: Update to release 9.16.44: - CVE-2023-3341: Fixed stack exhaustion flaw in control channel code may cause named to terminate unexpectedly (bsc#1215472). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3780-1 Released: Tue Sep 26 10:58:21 2023 Summary: Recommended update hidapi Type: recommended Severity: moderate References: 1214535 This update for hidapi ships the missing libhidapi-raw0 library to SLE and Leap Micro 5.3 and 5.4. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3814-1 Released: Wed Sep 27 18:08:17 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1211829,1212819,1212910 This update for glibc fixes the following issues: - nscd: Fix netlink cache invalidation if epoll is used (bsc#1212910, BZ #29415) - Restore lookup of IPv4 mapped addresses in files database (bsc#1212819, BZ #25457) - elf: Remove excessive p_align check on PT_LOAD segments (bsc#1211829, BZ #28688) - elf: Properly align PT_LOAD segments (bsc#1211829, BZ #28676) - ld.so: Always use MAP_COPY to map the first segment (BZ #30452) - add GB18030-2022 charmap (jsc#PED-4908, BZ #30243) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3817-1 Released: Wed Sep 27 18:31:14 2023 Summary: Security update for containerd Type: security Severity: important References: 1212475 This update of containerd fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3822-1 Released: Wed Sep 27 18:40:14 2023 Summary: Security update for supportutils Type: security Severity: moderate References: 1181477,1196933,1204942,1205533,1206402,1206608,1207543,1207598,1208928,1209979,1210015,1210950,1211598,1211599,1213127,CVE-2022-45154 This update for supportutils fixes the following issues: Security fixes: - CVE-2022-45154: Removed iSCSI passwords (bsc#1207598). Other Fixes: - Changes in version 3.1.26 + powerpc plugin to collect the slots and active memory (bsc#1210950) + A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154 + supportconfig: collect BPF information (pr#154) + Added additional iscsi information (pr#155) - Added run time detection (bsc#1213127) - Changes for supportutils version 3.1.25 + Removed iSCSI passwords CVE-2022-45154 (bsc#1207598) + powerpc: Collect lsslot,amsstat, and opal elogs (pr#149) + powerpc: collect invscout logs (pr#150) + powerpc: collect RMC status logs (pr#151) + Added missing nvme nbft commands (bsc#1211599) + Fixed invalid nvme commands (bsc#1211598) + Added missing podman information (PED-1703, bsc#1181477) + Removed dependency on sysfstools + Check for systool use (bsc#1210015) + Added selinux checking (bsc#1209979) + Updated SLES_VER matrix - Fixed missing status detail for apparmor (bsc#1196933) - Corrected invalid argument list in docker.txt (bsc#1206608) - Applies limit equally to sar data and text files (bsc#1207543) - Collects hwinfo hardware logs (bsc#1208928) - Collects lparnumascore logs (issue#148) - Add dependency to `numactl` on ppc64le and `s390x`, this enforces that `numactl --hardware` data is provided in supportconfigs - Changes to supportconfig.rc version 3.1.11-35 + Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402) - Changes to supportconfig version 3.1.11-46.4 + Added plymouth_info - Changes to getappcore version 1.53.02 + The location of chkbin was updated earlier. This documents that change (bsc#1205533, bsc#1204942) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3823-1 Released: Wed Sep 27 18:42:38 2023 Summary: Security update for curl Type: security Severity: important References: 1215026,CVE-2023-38039 This update for curl fixes the following issues: - CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. (bsc#1215026) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3828-1 Released: Wed Sep 27 19:07:38 2023 Summary: Security update for python3 Type: security Severity: important References: 1214692,CVE-2023-40217 This update for python3 fixes the following issues: - CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3832-1 Released: Wed Sep 27 19:15:53 2023 Summary: Security update for xen Type: security Severity: important References: 1215145,1215474,CVE-2023-20588,CVE-2023-34322 This update for xen fixes the following issues: - CVE-2023-20588: Fixed AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474). - CVE-2023-34322: Fixed top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3843-1 Released: Wed Sep 27 20:18:06 2023 Summary: Recommended update for suse-build-key Type: recommended Severity: important References: This update for suse-build-key fixes the following issues: This update adds and runs a import-suse-build-key script. It is run after installation with libzypp based installers. (jsc#PED-2777) It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3856-1 Released: Thu Sep 28 09:42:16 2023 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1214458 This update for apparmor fixes the following issues: - Update zgrep profile to allow egrep helper use (bsc#1214458) The following package changes have been done: - apparmor-abstractions-3.0.4-150400.5.9.1 updated - apparmor-parser-3.0.4-150400.5.9.1 updated - bind-utils-9.16.44-150400.5.37.2 updated - containerd-ctr-1.6.21-150000.95.1 updated - containerd-1.6.21-150000.95.1 updated - crypto-policies-20210917.c9d86d1-150400.3.3.1 updated - cups-config-2.2.7-150000.3.51.2 updated - curl-8.0.1-150400.5.29.1 updated - docker-24.0.5_ce-150000.185.1 updated - dracut-055+suse.347.gdcb9bdbf-150400.3.28.1 updated - glibc-locale-base-2.31-150300.58.1 updated - glibc-locale-2.31-150300.58.1 updated - glibc-2.31-150300.58.1 updated - kernel-default-5.14.21-150400.24.84.1 updated - libapparmor1-3.0.4-150400.5.9.1 updated - libcups2-2.2.7-150000.3.51.2 updated - libcurl4-8.0.1-150400.5.29.1 updated - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libhidapi-hidraw0-0.10.1-150300.3.2.1 updated - libprotobuf-c1-1.3.2-150200.3.9.1 updated - libpython3_6m1_0-3.6.15-150300.10.51.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - libxml2-2-2.9.14-150400.5.22.1 updated - perl-Bootloader-0.945-150400.3.9.1 updated - python3-base-3.6.15-150300.10.51.1 updated - python3-bind-9.16.44-150400.5.37.2 updated - python3-iniconfig-1.1.1-150000.1.11.1 updated - python3-3.6.15-150300.10.51.1 updated - supportutils-3.1.26-150300.7.35.21.1 updated - suse-build-key-12.0-150000.8.34.1 updated - sysuser-shadow-3.2-150400.3.5.3 updated - xen-libs-4.16.5_04-150400.4.34.1 updated - sysfsutils-2.1.0-3.3.1 removed From sle-updates at lists.suse.com Tue Oct 3 07:02:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Oct 2023 09:02:23 +0200 (CEST) Subject: SUSE-IU-2023:705-1: Security update of suse-sles-15-sp4-chost-byos-v20230928-hvm-ssd-x86_64 Message-ID: <20231003070223.6967CF46C@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20230928-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:705-1 Image Tags : suse-sles-15-sp4-chost-byos-v20230928-hvm-ssd-x86_64:20230928 Image Release : Severity : important Type : security References : 1181477 1195391 1196933 1204942 1205161 1205533 1206402 1206608 1207543 1207598 1207778 1208928 1209979 1209998 1210015 1210797 1210950 1211598 1211599 1211829 1212368 1212475 1212819 1212910 1213120 1213127 1213229 1213240 1213500 1213582 1214006 1214052 1214081 1214107 1214108 1214109 1214140 1214254 1214458 1214535 1214692 1214768 1215026 1215064 1215145 1215204 1215472 1215474 CVE-2022-45154 CVE-2023-20588 CVE-2023-28840 CVE-2023-28841 CVE-2023-28842 CVE-2023-32360 CVE-2023-3341 CVE-2023-34322 CVE-2023-38039 CVE-2023-39615 CVE-2023-40217 CVE-2023-4039 CVE-2023-4504 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20230928-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3521-1 Released: Tue Sep 5 08:56:45 2023 Summary: Recommended update for python-iniconfig Type: recommended Severity: moderate References: 1213582 This update for python-iniconfig provides python3-iniconfig to SUSE Linux Enterprise Micro 5.2. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3536-1 Released: Tue Sep 5 15:00:27 2023 Summary: Security update for docker Type: security Severity: moderate References: 1210797,1212368,1213120,1213229,1213500,1214107,1214108,1214109,CVE-2023-28840,CVE-2023-28841,CVE-2023-28842 This update for docker fixes the following issues: - Update to Docker 24.0.5-ce. See upstream changelong online at bsc#1213229 - Update to Docker 24.0.4-ce. See upstream changelog online at . bsc#1213500 - Update to Docker 24.0.3-ce. See upstream changelog online at . bsc#1213120 - Recommend docker-rootless-extras instead of Require(ing) it, given it's an additional functionality and not inherently required for docker to function. - Add docker-rootless-extras subpackage (https://docs.docker.com/engine/security/rootless) - Update to Docker 24.0.2-ce. See upstream changelog online at . bsc#1212368 * Includes the upstreamed fix for the mount table pollution issue. bsc#1210797 - Add Recommends for docker-buildx, and add /usr/lib/docker/cli-plugins as being provided by this package. - was rebuilt against current GO compiler. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3538-1 Released: Tue Sep 5 16:37:14 2023 Summary: Recommended update for dracut Type: recommended Severity: important References: 1214081 This update for dracut fixes the following issues: - Protect against broken links pointing to themselves - Exit if resolving executable dependencies fails (bsc#1214081) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3543-1 Released: Wed Sep 6 08:27:22 2023 Summary: Recommended update for protobuf-c Type: recommended Severity: moderate References: 1214006 This update for protobuf-c fixes the following issues: - Add missing Provides/Obsoletes after package merge (bsc#1214006) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3577-1 Released: Mon Sep 11 15:04:01 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: low References: 1209998 This update for crypto-policies fixes the following issues: - Update update-crypto-policies(8) man pages and README.SUSE to mention the supported back-end policies. (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3663-1 Released: Mon Sep 18 21:49:09 2023 Summary: Recommended update for perl-Bootloader Type: recommended Severity: important References: 1215064 This update for perl-Bootloader fixes the following issues: - bootloader_entry script can have an optional 'force-default' argument (bsc#1215064) - skip warning about unsupported options when in compat mode ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3699-1 Released: Wed Sep 20 11:02:50 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3707-1 Released: Wed Sep 20 17:12:03 2023 Summary: Security update for cups Type: security Severity: important References: 1214254,1215204,CVE-2023-32360,CVE-2023-4504 This update for cups fixes the following issues: - CVE-2023-4504: Fixed heap overflow in OpenPrinting CUPS Postscript Parsing (bsc#1215204). - CVE-2023-32360: Fixed Information leak through Cups-Get-Document operation (bsc#1214254). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3737-1 Released: Fri Sep 22 20:31:25 2023 Summary: Security update for bind Type: security Severity: important References: 1215472,CVE-2023-3341 This update for bind fixes the following issues: Update to release 9.16.44: - CVE-2023-3341: Fixed stack exhaustion flaw in control channel code may cause named to terminate unexpectedly (bsc#1215472). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3780-1 Released: Tue Sep 26 10:58:21 2023 Summary: Recommended update hidapi Type: recommended Severity: moderate References: 1214535 This update for hidapi ships the missing libhidapi-raw0 library to SLE and Leap Micro 5.3 and 5.4. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3814-1 Released: Wed Sep 27 18:08:17 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1211829,1212819,1212910 This update for glibc fixes the following issues: - nscd: Fix netlink cache invalidation if epoll is used (bsc#1212910, BZ #29415) - Restore lookup of IPv4 mapped addresses in files database (bsc#1212819, BZ #25457) - elf: Remove excessive p_align check on PT_LOAD segments (bsc#1211829, BZ #28688) - elf: Properly align PT_LOAD segments (bsc#1211829, BZ #28676) - ld.so: Always use MAP_COPY to map the first segment (BZ #30452) - add GB18030-2022 charmap (jsc#PED-4908, BZ #30243) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3817-1 Released: Wed Sep 27 18:31:14 2023 Summary: Security update for containerd Type: security Severity: important References: 1212475 This update of containerd fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3822-1 Released: Wed Sep 27 18:40:14 2023 Summary: Security update for supportutils Type: security Severity: moderate References: 1181477,1196933,1204942,1205533,1206402,1206608,1207543,1207598,1208928,1209979,1210015,1210950,1211598,1211599,1213127,CVE-2022-45154 This update for supportutils fixes the following issues: Security fixes: - CVE-2022-45154: Removed iSCSI passwords (bsc#1207598). Other Fixes: - Changes in version 3.1.26 + powerpc plugin to collect the slots and active memory (bsc#1210950) + A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154 + supportconfig: collect BPF information (pr#154) + Added additional iscsi information (pr#155) - Added run time detection (bsc#1213127) - Changes for supportutils version 3.1.25 + Removed iSCSI passwords CVE-2022-45154 (bsc#1207598) + powerpc: Collect lsslot,amsstat, and opal elogs (pr#149) + powerpc: collect invscout logs (pr#150) + powerpc: collect RMC status logs (pr#151) + Added missing nvme nbft commands (bsc#1211599) + Fixed invalid nvme commands (bsc#1211598) + Added missing podman information (PED-1703, bsc#1181477) + Removed dependency on sysfstools + Check for systool use (bsc#1210015) + Added selinux checking (bsc#1209979) + Updated SLES_VER matrix - Fixed missing status detail for apparmor (bsc#1196933) - Corrected invalid argument list in docker.txt (bsc#1206608) - Applies limit equally to sar data and text files (bsc#1207543) - Collects hwinfo hardware logs (bsc#1208928) - Collects lparnumascore logs (issue#148) - Add dependency to `numactl` on ppc64le and `s390x`, this enforces that `numactl --hardware` data is provided in supportconfigs - Changes to supportconfig.rc version 3.1.11-35 + Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402) - Changes to supportconfig version 3.1.11-46.4 + Added plymouth_info - Changes to getappcore version 1.53.02 + The location of chkbin was updated earlier. This documents that change (bsc#1205533, bsc#1204942) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3823-1 Released: Wed Sep 27 18:42:38 2023 Summary: Security update for curl Type: security Severity: important References: 1215026,CVE-2023-38039 This update for curl fixes the following issues: - CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. (bsc#1215026) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3828-1 Released: Wed Sep 27 19:07:38 2023 Summary: Security update for python3 Type: security Severity: important References: 1214692,CVE-2023-40217 This update for python3 fixes the following issues: - CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3832-1 Released: Wed Sep 27 19:15:53 2023 Summary: Security update for xen Type: security Severity: important References: 1215145,1215474,CVE-2023-20588,CVE-2023-34322 This update for xen fixes the following issues: - CVE-2023-20588: Fixed AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474). - CVE-2023-34322: Fixed top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3843-1 Released: Wed Sep 27 20:18:06 2023 Summary: Recommended update for suse-build-key Type: recommended Severity: important References: This update for suse-build-key fixes the following issues: This update adds and runs a import-suse-build-key script. It is run after installation with libzypp based installers. (jsc#PED-2777) It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3856-1 Released: Thu Sep 28 09:42:16 2023 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1214458 This update for apparmor fixes the following issues: - Update zgrep profile to allow egrep helper use (bsc#1214458) The following package changes have been done: - apparmor-abstractions-3.0.4-150400.5.9.1 updated - apparmor-parser-3.0.4-150400.5.9.1 updated - bind-utils-9.16.44-150400.5.37.2 updated - containerd-ctr-1.6.21-150000.95.1 updated - containerd-1.6.21-150000.95.1 updated - crypto-policies-20210917.c9d86d1-150400.3.3.1 updated - cups-config-2.2.7-150000.3.51.2 updated - curl-8.0.1-150400.5.29.1 updated - docker-24.0.5_ce-150000.185.1 updated - dracut-055+suse.347.gdcb9bdbf-150400.3.28.1 updated - glibc-locale-base-2.31-150300.58.1 updated - glibc-locale-2.31-150300.58.1 updated - glibc-2.31-150300.58.1 updated - kernel-default-5.14.21-150400.24.84.1 updated - libapparmor1-3.0.4-150400.5.9.1 updated - libcups2-2.2.7-150000.3.51.2 updated - libcurl4-8.0.1-150400.5.29.1 updated - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libhidapi-hidraw0-0.10.1-150300.3.2.1 updated - libprotobuf-c1-1.3.2-150200.3.9.1 updated - libpython3_6m1_0-3.6.15-150300.10.51.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - libxml2-2-2.9.14-150400.5.22.1 updated - perl-Bootloader-0.945-150400.3.9.1 updated - python3-base-3.6.15-150300.10.51.1 updated - python3-bind-9.16.44-150400.5.37.2 updated - python3-iniconfig-1.1.1-150000.1.11.1 updated - python3-3.6.15-150300.10.51.1 updated - supportutils-3.1.26-150300.7.35.21.1 updated - suse-build-key-12.0-150000.8.34.1 updated - sysuser-shadow-3.2-150400.3.5.3 updated - xen-libs-4.16.5_04-150400.4.34.1 updated - xen-tools-domU-4.16.5_04-150400.4.34.1 updated - sysfsutils-2.1.0-3.3.1 removed From sle-updates at lists.suse.com Tue Oct 3 07:02:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Oct 2023 09:02:42 +0200 (CEST) Subject: SUSE-IU-2023:706-1: Security update of sles-15-sp4-chost-byos-v20230928-arm64 Message-ID: <20231003070242.31B3AF46C@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp4-chost-byos-v20230928-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:706-1 Image Tags : sles-15-sp4-chost-byos-v20230928-arm64:20230928 Image Release : Severity : important Type : security References : 1181477 1195391 1196933 1204942 1205161 1205533 1206402 1206608 1207543 1207598 1207778 1208928 1209979 1209998 1210015 1210797 1210950 1211598 1211599 1211829 1212368 1212475 1212819 1212910 1213120 1213127 1213229 1213240 1213500 1213582 1213762 1214006 1214052 1214081 1214107 1214108 1214109 1214140 1214254 1214458 1214535 1214692 1214768 1215026 1215064 1215145 1215204 1215472 1215474 CVE-2022-45154 CVE-2023-20588 CVE-2023-28840 CVE-2023-28841 CVE-2023-28842 CVE-2023-32360 CVE-2023-3341 CVE-2023-34322 CVE-2023-38039 CVE-2023-39615 CVE-2023-40217 CVE-2023-4039 CVE-2023-4504 ----------------------------------------------------------------- The container sles-15-sp4-chost-byos-v20230928-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3521-1 Released: Tue Sep 5 08:56:45 2023 Summary: Recommended update for python-iniconfig Type: recommended Severity: moderate References: 1213582 This update for python-iniconfig provides python3-iniconfig to SUSE Linux Enterprise Micro 5.2. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3536-1 Released: Tue Sep 5 15:00:27 2023 Summary: Security update for docker Type: security Severity: moderate References: 1210797,1212368,1213120,1213229,1213500,1214107,1214108,1214109,CVE-2023-28840,CVE-2023-28841,CVE-2023-28842 This update for docker fixes the following issues: - Update to Docker 24.0.5-ce. See upstream changelong online at bsc#1213229 - Update to Docker 24.0.4-ce. See upstream changelog online at . bsc#1213500 - Update to Docker 24.0.3-ce. See upstream changelog online at . bsc#1213120 - Recommend docker-rootless-extras instead of Require(ing) it, given it's an additional functionality and not inherently required for docker to function. - Add docker-rootless-extras subpackage (https://docs.docker.com/engine/security/rootless) - Update to Docker 24.0.2-ce. See upstream changelog online at . bsc#1212368 * Includes the upstreamed fix for the mount table pollution issue. bsc#1210797 - Add Recommends for docker-buildx, and add /usr/lib/docker/cli-plugins as being provided by this package. - was rebuilt against current GO compiler. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3538-1 Released: Tue Sep 5 16:37:14 2023 Summary: Recommended update for dracut Type: recommended Severity: important References: 1214081 This update for dracut fixes the following issues: - Protect against broken links pointing to themselves - Exit if resolving executable dependencies fails (bsc#1214081) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3543-1 Released: Wed Sep 6 08:27:22 2023 Summary: Recommended update for protobuf-c Type: recommended Severity: moderate References: 1214006 This update for protobuf-c fixes the following issues: - Add missing Provides/Obsoletes after package merge (bsc#1214006) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3577-1 Released: Mon Sep 11 15:04:01 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: low References: 1209998 This update for crypto-policies fixes the following issues: - Update update-crypto-policies(8) man pages and README.SUSE to mention the supported back-end policies. (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3663-1 Released: Mon Sep 18 21:49:09 2023 Summary: Recommended update for perl-Bootloader Type: recommended Severity: important References: 1215064 This update for perl-Bootloader fixes the following issues: - bootloader_entry script can have an optional 'force-default' argument (bsc#1215064) - skip warning about unsupported options when in compat mode ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3699-1 Released: Wed Sep 20 11:02:50 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3707-1 Released: Wed Sep 20 17:12:03 2023 Summary: Security update for cups Type: security Severity: important References: 1214254,1215204,CVE-2023-32360,CVE-2023-4504 This update for cups fixes the following issues: - CVE-2023-4504: Fixed heap overflow in OpenPrinting CUPS Postscript Parsing (bsc#1215204). - CVE-2023-32360: Fixed Information leak through Cups-Get-Document operation (bsc#1214254). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3737-1 Released: Fri Sep 22 20:31:25 2023 Summary: Security update for bind Type: security Severity: important References: 1215472,CVE-2023-3341 This update for bind fixes the following issues: Update to release 9.16.44: - CVE-2023-3341: Fixed stack exhaustion flaw in control channel code may cause named to terminate unexpectedly (bsc#1215472). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3780-1 Released: Tue Sep 26 10:58:21 2023 Summary: Recommended update hidapi Type: recommended Severity: moderate References: 1214535 This update for hidapi ships the missing libhidapi-raw0 library to SLE and Leap Micro 5.3 and 5.4. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3814-1 Released: Wed Sep 27 18:08:17 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1211829,1212819,1212910 This update for glibc fixes the following issues: - nscd: Fix netlink cache invalidation if epoll is used (bsc#1212910, BZ #29415) - Restore lookup of IPv4 mapped addresses in files database (bsc#1212819, BZ #25457) - elf: Remove excessive p_align check on PT_LOAD segments (bsc#1211829, BZ #28688) - elf: Properly align PT_LOAD segments (bsc#1211829, BZ #28676) - ld.so: Always use MAP_COPY to map the first segment (BZ #30452) - add GB18030-2022 charmap (jsc#PED-4908, BZ #30243) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3817-1 Released: Wed Sep 27 18:31:14 2023 Summary: Security update for containerd Type: security Severity: important References: 1212475 This update of containerd fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3822-1 Released: Wed Sep 27 18:40:14 2023 Summary: Security update for supportutils Type: security Severity: moderate References: 1181477,1196933,1204942,1205533,1206402,1206608,1207543,1207598,1208928,1209979,1210015,1210950,1211598,1211599,1213127,CVE-2022-45154 This update for supportutils fixes the following issues: Security fixes: - CVE-2022-45154: Removed iSCSI passwords (bsc#1207598). Other Fixes: - Changes in version 3.1.26 + powerpc plugin to collect the slots and active memory (bsc#1210950) + A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154 + supportconfig: collect BPF information (pr#154) + Added additional iscsi information (pr#155) - Added run time detection (bsc#1213127) - Changes for supportutils version 3.1.25 + Removed iSCSI passwords CVE-2022-45154 (bsc#1207598) + powerpc: Collect lsslot,amsstat, and opal elogs (pr#149) + powerpc: collect invscout logs (pr#150) + powerpc: collect RMC status logs (pr#151) + Added missing nvme nbft commands (bsc#1211599) + Fixed invalid nvme commands (bsc#1211598) + Added missing podman information (PED-1703, bsc#1181477) + Removed dependency on sysfstools + Check for systool use (bsc#1210015) + Added selinux checking (bsc#1209979) + Updated SLES_VER matrix - Fixed missing status detail for apparmor (bsc#1196933) - Corrected invalid argument list in docker.txt (bsc#1206608) - Applies limit equally to sar data and text files (bsc#1207543) - Collects hwinfo hardware logs (bsc#1208928) - Collects lparnumascore logs (issue#148) - Add dependency to `numactl` on ppc64le and `s390x`, this enforces that `numactl --hardware` data is provided in supportconfigs - Changes to supportconfig.rc version 3.1.11-35 + Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402) - Changes to supportconfig version 3.1.11-46.4 + Added plymouth_info - Changes to getappcore version 1.53.02 + The location of chkbin was updated earlier. This documents that change (bsc#1205533, bsc#1204942) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3823-1 Released: Wed Sep 27 18:42:38 2023 Summary: Security update for curl Type: security Severity: important References: 1215026,CVE-2023-38039 This update for curl fixes the following issues: - CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. (bsc#1215026) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3828-1 Released: Wed Sep 27 19:07:38 2023 Summary: Security update for python3 Type: security Severity: important References: 1214692,CVE-2023-40217 This update for python3 fixes the following issues: - CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3832-1 Released: Wed Sep 27 19:15:53 2023 Summary: Security update for xen Type: security Severity: important References: 1215145,1215474,CVE-2023-20588,CVE-2023-34322 This update for xen fixes the following issues: - CVE-2023-20588: Fixed AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474). - CVE-2023-34322: Fixed top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3843-1 Released: Wed Sep 27 20:18:06 2023 Summary: Recommended update for suse-build-key Type: recommended Severity: important References: This update for suse-build-key fixes the following issues: This update adds and runs a import-suse-build-key script. It is run after installation with libzypp based installers. (jsc#PED-2777) It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3855-1 Released: Thu Sep 28 09:39:21 2023 Summary: Recommended update for nvme-cli Type: recommended Severity: moderate References: 1213762 This update for nvme-cli fixes the following issues: - Update to version 2.0+48.gbd004e - Fix segfault converting NULL to JSON string (bsc#1213762) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3856-1 Released: Thu Sep 28 09:42:16 2023 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1214458 This update for apparmor fixes the following issues: - Update zgrep profile to allow egrep helper use (bsc#1214458) The following package changes have been done: - apparmor-abstractions-3.0.4-150400.5.9.1 updated - apparmor-parser-3.0.4-150400.5.9.1 updated - bind-utils-9.16.44-150400.5.37.2 updated - containerd-ctr-1.6.21-150000.95.1 updated - containerd-1.6.21-150000.95.1 updated - crypto-policies-20210917.c9d86d1-150400.3.3.1 updated - cups-config-2.2.7-150000.3.51.2 updated - curl-8.0.1-150400.5.29.1 updated - docker-24.0.5_ce-150000.185.1 updated - dracut-055+suse.347.gdcb9bdbf-150400.3.28.1 updated - glibc-locale-base-2.31-150300.58.1 updated - glibc-locale-2.31-150300.58.1 updated - glibc-2.31-150300.58.1 updated - kernel-default-5.14.21-150400.24.84.1 updated - libapparmor1-3.0.4-150400.5.9.1 updated - libcups2-2.2.7-150000.3.51.2 updated - libcurl4-8.0.1-150400.5.29.1 updated - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libhidapi-hidraw0-0.10.1-150300.3.2.1 updated - libprotobuf-c1-1.3.2-150200.3.9.1 updated - libpython3_6m1_0-3.6.15-150300.10.51.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - libxml2-2-2.9.14-150400.5.22.1 updated - nvme-cli-2.0+48.gbd004e-150400.3.24.1 updated - perl-Bootloader-0.945-150400.3.9.1 updated - python3-base-3.6.15-150300.10.51.1 updated - python3-bind-9.16.44-150400.5.37.2 updated - python3-iniconfig-1.1.1-150000.1.11.1 updated - python3-3.6.15-150300.10.51.1 updated - supportutils-3.1.26-150300.7.35.21.1 updated - suse-build-key-12.0-150000.8.34.1 updated - sysuser-shadow-3.2-150400.3.5.3 updated - xen-libs-4.16.5_04-150400.4.34.1 updated - sysfsutils-2.1.0-3.3.1 removed From sle-updates at lists.suse.com Tue Oct 3 07:06:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Oct 2023 09:06:31 +0200 (CEST) Subject: SUSE-CU-2023:3220-1: Recommended update of bci/golang Message-ID: <20231003070631.0B10BF46C@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3220-1 Container Tags : bci/golang:1.19-openssl , bci/golang:1.19-openssl-7.2 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-7.2 Container Release : 7.2 Severity : moderate Type : recommended References : 1173407 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1906-1 Released: Tue Jul 14 15:58:16 2020 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: 1173407 This update for lifecycle-data-sle-module-development-tools fixes the following issue: - Ensure package is installed with its corresponding module when lifecycle package is installed. (bsc#1173407) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3603-1 Released: Wed Dec 2 15:11:46 2020 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Added expiration data for the GCC 9 yearly update for the Toolchain/Development modules. (jsc#ECO-2373, jsc#SLE-10950, jsc#SLE-10951) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2245-1 Released: Mon Jul 5 12:14:52 2021 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - mark go1.14 as 'end of life' as go1.16 was released and we only support 2 go versions parallel (jsc#ECO-1484) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:950-1 Released: Fri Mar 25 12:47:04 2022 Summary: Feature update for lifecycle-data-sle-module-development-tools Type: feature Severity: moderate References: This feature update for lifecycle-data-sle-module-development-tools fixes the following issues: - Added expiration data for GCC 10 yearly update for the Toolchain/Development modules (jsc#ECO-2373, jsc#SLE-16821, jsc#SLE-16822) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:2523-1 Released: Fri Jun 16 11:15:25 2023 Summary: Feature update for lifecycle-data-sle-module-development-tools Type: feature Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Added expiration data for GCC 11 yearly update for the Toolchain/Development modules (jsc#SLE-25046, jsc#SLE-25045, jsc#SLE-25044, jsc#PED-2030, jsc#PED-2033, jsc#PED-2035) The following package changes have been done: - lifecycle-data-sle-module-development-tools-1-150200.3.16.1 added From sle-updates at lists.suse.com Tue Oct 3 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 03 Oct 2023 12:30:02 -0000 Subject: SUSE-SU-2023:3939-1: important: Security update for python3 Message-ID: <169633620242.7406.13235691578561295342@smelt2.prg2.suse.org> # Security update for python3 Announcement ID: SUSE-SU-2023:3939-1 Rating: important References: * #1214692 * #1214693 Cross-References: * CVE-2023-40217 * CVE-2023-41105 CVSS scores: * CVE-2023-40217 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2023-40217 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-41105 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2023-41105 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * Web and Scripting Module 12 An update that solves two vulnerabilities can now be installed. ## Description: This update for python3 fixes the following issues: * CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692). * CVE-2023-41105: Fixed input truncation on null bytes in os.path.normpath (bsc#1214693). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Web and Scripting Module 12 zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2023-3939=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3939=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3939=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3939=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3939=1 ## Package List: * Web and Scripting Module 12 (aarch64 ppc64le s390x x86_64) * python3-debugsource-3.4.10-25.116.1 * libpython3_4m1_0-3.4.10-25.116.1 * python3-debuginfo-3.4.10-25.116.1 * python3-base-debugsource-3.4.10-25.116.1 * python3-base-debuginfo-3.4.10-25.116.1 * python3-curses-3.4.10-25.116.1 * python3-3.4.10-25.116.1 * python3-base-3.4.10-25.116.1 * libpython3_4m1_0-debuginfo-3.4.10-25.116.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * python3-dbm-3.4.10-25.116.1 * python3-debugsource-3.4.10-25.116.1 * python3-debuginfo-3.4.10-25.116.1 * python3-base-debugsource-3.4.10-25.116.1 * python3-base-debuginfo-3.4.10-25.116.1 * python3-devel-3.4.10-25.116.1 * python3-dbm-debuginfo-3.4.10-25.116.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (ppc64le s390x x86_64) * python3-devel-debuginfo-3.4.10-25.116.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * python3-debugsource-3.4.10-25.116.1 * libpython3_4m1_0-3.4.10-25.116.1 * python3-debuginfo-3.4.10-25.116.1 * python3-base-debugsource-3.4.10-25.116.1 * python3-base-debuginfo-3.4.10-25.116.1 * python3-curses-3.4.10-25.116.1 * python3-devel-3.4.10-25.116.1 * python3-tk-3.4.10-25.116.1 * python3-3.4.10-25.116.1 * python3-base-3.4.10-25.116.1 * python3-tk-debuginfo-3.4.10-25.116.1 * python3-curses-debuginfo-3.4.10-25.116.1 * libpython3_4m1_0-debuginfo-3.4.10-25.116.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * python3-devel-debuginfo-3.4.10-25.116.1 * python3-base-debuginfo-32bit-3.4.10-25.116.1 * libpython3_4m1_0-debuginfo-32bit-3.4.10-25.116.1 * libpython3_4m1_0-32bit-3.4.10-25.116.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * python3-debugsource-3.4.10-25.116.1 * libpython3_4m1_0-3.4.10-25.116.1 * python3-debuginfo-3.4.10-25.116.1 * python3-base-debugsource-3.4.10-25.116.1 * python3-base-debuginfo-3.4.10-25.116.1 * python3-curses-3.4.10-25.116.1 * python3-devel-3.4.10-25.116.1 * python3-tk-3.4.10-25.116.1 * python3-3.4.10-25.116.1 * python3-base-3.4.10-25.116.1 * python3-tk-debuginfo-3.4.10-25.116.1 * python3-curses-debuginfo-3.4.10-25.116.1 * libpython3_4m1_0-debuginfo-3.4.10-25.116.1 * SUSE Linux Enterprise Server 12 SP5 (ppc64le s390x x86_64) * python3-devel-debuginfo-3.4.10-25.116.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * python3-base-debuginfo-32bit-3.4.10-25.116.1 * libpython3_4m1_0-debuginfo-32bit-3.4.10-25.116.1 * libpython3_4m1_0-32bit-3.4.10-25.116.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * python3-debugsource-3.4.10-25.116.1 * libpython3_4m1_0-3.4.10-25.116.1 * python3-debuginfo-3.4.10-25.116.1 * python3-base-debugsource-3.4.10-25.116.1 * python3-base-debuginfo-3.4.10-25.116.1 * python3-curses-3.4.10-25.116.1 * python3-devel-3.4.10-25.116.1 * python3-devel-debuginfo-3.4.10-25.116.1 * python3-tk-3.4.10-25.116.1 * python3-3.4.10-25.116.1 * python3-base-3.4.10-25.116.1 * python3-tk-debuginfo-3.4.10-25.116.1 * python3-curses-debuginfo-3.4.10-25.116.1 * libpython3_4m1_0-debuginfo-3.4.10-25.116.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * python3-base-debuginfo-32bit-3.4.10-25.116.1 * libpython3_4m1_0-debuginfo-32bit-3.4.10-25.116.1 * libpython3_4m1_0-32bit-3.4.10-25.116.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40217.html * https://www.suse.com/security/cve/CVE-2023-41105.html * https://bugzilla.suse.com/show_bug.cgi?id=1214692 * https://bugzilla.suse.com/show_bug.cgi?id=1214693 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 3 12:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 03 Oct 2023 12:30:04 -0000 Subject: SUSE-SU-2023:3938-1: important: Security update for ghostscript Message-ID: <169633620448.7406.3461321390082016325@smelt2.prg2.suse.org> # Security update for ghostscript Announcement ID: SUSE-SU-2023:3938-1 Rating: important References: * #1215466 Cross-References: * CVE-2023-43115 CVSS scores: * CVE-2023-43115 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-43115 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for ghostscript fixes the following issues: * CVE-2023-43115: Fixed remote code execution via crafted PostScript documents in gdevijs.c (b sc#1215466). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3938=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3938=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3938=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3938=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * ghostscript-debuginfo-9.52-23.60.1 * ghostscript-x11-9.52-23.60.1 * ghostscript-9.52-23.60.1 * ghostscript-devel-9.52-23.60.1 * ghostscript-debugsource-9.52-23.60.1 * ghostscript-x11-debuginfo-9.52-23.60.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * ghostscript-debuginfo-9.52-23.60.1 * ghostscript-x11-9.52-23.60.1 * ghostscript-9.52-23.60.1 * ghostscript-devel-9.52-23.60.1 * ghostscript-debugsource-9.52-23.60.1 * ghostscript-x11-debuginfo-9.52-23.60.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * ghostscript-debuginfo-9.52-23.60.1 * ghostscript-x11-9.52-23.60.1 * ghostscript-9.52-23.60.1 * ghostscript-devel-9.52-23.60.1 * ghostscript-debugsource-9.52-23.60.1 * ghostscript-x11-debuginfo-9.52-23.60.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * ghostscript-debugsource-9.52-23.60.1 * ghostscript-devel-9.52-23.60.1 * ghostscript-debuginfo-9.52-23.60.1 ## References: * https://www.suse.com/security/cve/CVE-2023-43115.html * https://bugzilla.suse.com/show_bug.cgi?id=1215466 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 3 12:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 03 Oct 2023 12:30:07 -0000 Subject: SUSE-RU-2023:3937-1: moderate: Recommended update for zypper Message-ID: <169633620704.7406.3492423408817648225@smelt2.prg2.suse.org> # Recommended update for zypper Announcement ID: SUSE-RU-2023:3937-1 Rating: moderate References: * #1213854 * #1214292 * #1214395 * #1215007 Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that has four fixes can now be installed. ## Description: This update for zypper fixes the following issues: * Fix name of the bash completion script (bsc#1215007) * Update notes about failing signature checks (bsc#1214395) * Improve the SIGINT handler to be signal safe (bsc#1214292) * Update to version 1.14.64 * Changed location of bash completion script (bsc#1213854). ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3937=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3937=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3937=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * zypper-debugsource-1.14.64-150100.3.87.1 * zypper-1.14.64-150100.3.87.1 * zypper-debuginfo-1.14.64-150100.3.87.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * zypper-needs-restarting-1.14.64-150100.3.87.1 * zypper-log-1.14.64-150100.3.87.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * zypper-debugsource-1.14.64-150100.3.87.1 * zypper-1.14.64-150100.3.87.1 * zypper-debuginfo-1.14.64-150100.3.87.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * zypper-needs-restarting-1.14.64-150100.3.87.1 * zypper-log-1.14.64-150100.3.87.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * zypper-debugsource-1.14.64-150100.3.87.1 * zypper-1.14.64-150100.3.87.1 * zypper-debuginfo-1.14.64-150100.3.87.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * zypper-needs-restarting-1.14.64-150100.3.87.1 * zypper-log-1.14.64-150100.3.87.1 * SUSE CaaS Platform 4.0 (x86_64) * zypper-debugsource-1.14.64-150100.3.87.1 * zypper-1.14.64-150100.3.87.1 * zypper-debuginfo-1.14.64-150100.3.87.1 * SUSE CaaS Platform 4.0 (noarch) * zypper-needs-restarting-1.14.64-150100.3.87.1 * zypper-log-1.14.64-150100.3.87.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213854 * https://bugzilla.suse.com/show_bug.cgi?id=1214292 * https://bugzilla.suse.com/show_bug.cgi?id=1214395 * https://bugzilla.suse.com/show_bug.cgi?id=1215007 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 3 12:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 03 Oct 2023 12:30:08 -0000 Subject: SUSE-RU-2023:3936-1: moderate: Recommended update for mlocate Message-ID: <169633620881.7406.14708519399082548214@smelt2.prg2.suse.org> # Recommended update for mlocate Announcement ID: SUSE-RU-2023:3936-1 Rating: moderate References: * #1209409 * PED-1717 Affected Products: * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that contains one feature and has one fix can now be installed. ## Description: This update for mlocate fixes the following issues: * Set umask 0022 before running /usr/bin/updatedb to avoid permission denied error (bsc#1209409) * Avoid using "/bin/false" when running "updatedb" by passing "\--shell=/bin/sh" to "su" (jsc#PED-1717) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3936=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3936=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3936=1 ## Package List: * SUSE Manager Proxy 4.2 (x86_64) * mlocate-debugsource-0.26-150100.7.6.1 * mlocate-debuginfo-0.26-150100.7.6.1 * mlocate-0.26-150100.7.6.1 * SUSE Manager Proxy 4.2 (noarch) * mlocate-lang-0.26-150100.7.6.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * mlocate-debugsource-0.26-150100.7.6.1 * mlocate-debuginfo-0.26-150100.7.6.1 * mlocate-0.26-150100.7.6.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * mlocate-lang-0.26-150100.7.6.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * mlocate-debugsource-0.26-150100.7.6.1 * mlocate-debuginfo-0.26-150100.7.6.1 * mlocate-0.26-150100.7.6.1 * SUSE Manager Server 4.2 (noarch) * mlocate-lang-0.26-150100.7.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209409 * https://jira.suse.com/browse/PED-1717 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 3 16:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 03 Oct 2023 16:30:03 -0000 Subject: SUSE-SU-2023:3942-1: important: Security update for vim Message-ID: <169635060336.1481.6397621356773306054@smelt2.prg2.suse.org> # Security update for vim Announcement ID: SUSE-SU-2023:3942-1 Rating: important References: * #1210738 * #1211461 * #1214922 * #1214924 * #1214925 * #1215004 * #1215006 * #1215033 Cross-References: * CVE-2023-4733 * CVE-2023-4734 * CVE-2023-4735 * CVE-2023-4738 * CVE-2023-4752 * CVE-2023-4781 CVSS scores: * CVE-2023-4733 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H * CVE-2023-4733 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4733 ( NVD ): 7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4734 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-4734 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4734 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4735 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2023-4735 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4735 ( NVD ): 4.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2023-4738 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4738 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4738 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4752 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4781 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4781 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4781 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves six vulnerabilities and has two security fixes can now be installed. ## Description: This update for vim fixes the following issues: Security fixes: * CVE-2023-4733: Fixed use-after-free in function buflist_altfpos (bsc#1215004). * CVE-2023-4734: Fixed segmentation fault in function f_fullcommand (bsc#1214925). * CVE-2023-4735: Fixed out of bounds write in ops.c (bsc#1214924). * CVE-2023-4738: Fixed heap buffer overflow in vim_regsub_both (bsc#1214922). * CVE-2023-4752: Fixed heap use-after-free in function ins_compl_get_exp (bsc#1215006). * CVE-2023-4781: Fixed heap buffer overflow in function vim_regsub_both (bsc#1215033). Other fixes: * Calling vim on xterm leads to missing first character of the command prompt (bsc#1211461) * Rendering corruption in gvim with all 9.x versions (bsc#1210738) * Updated to version 9.0 with patch level 1894 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3942=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3942=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3942=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * vim-9.0.1894-17.23.2 * gvim-debuginfo-9.0.1894-17.23.2 * vim-debuginfo-9.0.1894-17.23.2 * gvim-9.0.1894-17.23.2 * vim-debugsource-9.0.1894-17.23.2 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * vim-data-9.0.1894-17.23.2 * vim-data-common-9.0.1894-17.23.2 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * vim-9.0.1894-17.23.2 * gvim-debuginfo-9.0.1894-17.23.2 * vim-debuginfo-9.0.1894-17.23.2 * gvim-9.0.1894-17.23.2 * vim-debugsource-9.0.1894-17.23.2 * SUSE Linux Enterprise Server 12 SP5 (noarch) * vim-data-9.0.1894-17.23.2 * vim-data-common-9.0.1894-17.23.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * vim-9.0.1894-17.23.2 * gvim-debuginfo-9.0.1894-17.23.2 * vim-debuginfo-9.0.1894-17.23.2 * gvim-9.0.1894-17.23.2 * vim-debugsource-9.0.1894-17.23.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * vim-data-9.0.1894-17.23.2 * vim-data-common-9.0.1894-17.23.2 ## References: * https://www.suse.com/security/cve/CVE-2023-4733.html * https://www.suse.com/security/cve/CVE-2023-4734.html * https://www.suse.com/security/cve/CVE-2023-4735.html * https://www.suse.com/security/cve/CVE-2023-4738.html * https://www.suse.com/security/cve/CVE-2023-4752.html * https://www.suse.com/security/cve/CVE-2023-4781.html * https://bugzilla.suse.com/show_bug.cgi?id=1210738 * https://bugzilla.suse.com/show_bug.cgi?id=1211461 * https://bugzilla.suse.com/show_bug.cgi?id=1214922 * https://bugzilla.suse.com/show_bug.cgi?id=1214924 * https://bugzilla.suse.com/show_bug.cgi?id=1214925 * https://bugzilla.suse.com/show_bug.cgi?id=1215004 * https://bugzilla.suse.com/show_bug.cgi?id=1215006 * https://bugzilla.suse.com/show_bug.cgi?id=1215033 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 3 16:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 03 Oct 2023 16:30:05 -0000 Subject: SUSE-SU-2023:3941-1: important: Security update for MozillaFirefox Message-ID: <169635060542.1481.4981803274480029036@smelt2.prg2.suse.org> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2023:3941-1 Rating: important References: * #1215814 Cross-References: * CVE-2023-5217 CVSS scores: * CVE-2023-5217 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5217 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: Mozilla Firefox ESR 115.3.1 ESR was released to fix a security issue: * MFSA 2023-44 (bsc#1215814) * CVE-2023-5217: Fixed a heap buffer overflow in libvpx ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3941=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3941=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3941=1 ## Package List: * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-common-115.3.1-150000.150.110.1 * MozillaFirefox-debugsource-115.3.1-150000.150.110.1 * MozillaFirefox-debuginfo-115.3.1-150000.150.110.1 * MozillaFirefox-115.3.1-150000.150.110.1 * MozillaFirefox-translations-other-115.3.1-150000.150.110.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * MozillaFirefox-devel-115.3.1-150000.150.110.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * MozillaFirefox-translations-common-115.3.1-150000.150.110.1 * MozillaFirefox-debugsource-115.3.1-150000.150.110.1 * MozillaFirefox-debuginfo-115.3.1-150000.150.110.1 * MozillaFirefox-115.3.1-150000.150.110.1 * MozillaFirefox-translations-other-115.3.1-150000.150.110.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * MozillaFirefox-devel-115.3.1-150000.150.110.1 * SUSE CaaS Platform 4.0 (x86_64) * MozillaFirefox-translations-common-115.3.1-150000.150.110.1 * MozillaFirefox-debugsource-115.3.1-150000.150.110.1 * MozillaFirefox-debuginfo-115.3.1-150000.150.110.1 * MozillaFirefox-115.3.1-150000.150.110.1 * MozillaFirefox-translations-other-115.3.1-150000.150.110.1 * SUSE CaaS Platform 4.0 (noarch) * MozillaFirefox-devel-115.3.1-150000.150.110.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * MozillaFirefox-translations-common-115.3.1-150000.150.110.1 * MozillaFirefox-debugsource-115.3.1-150000.150.110.1 * MozillaFirefox-debuginfo-115.3.1-150000.150.110.1 * MozillaFirefox-115.3.1-150000.150.110.1 * MozillaFirefox-translations-other-115.3.1-150000.150.110.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * MozillaFirefox-devel-115.3.1-150000.150.110.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5217.html * https://bugzilla.suse.com/show_bug.cgi?id=1215814 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 3 16:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 03 Oct 2023 16:30:07 -0000 Subject: SUSE-SU-2023:3940-1: important: Security update for libvpx Message-ID: <169635060749.1481.14449907472368507483@smelt2.prg2.suse.org> # Security update for libvpx Announcement ID: SUSE-SU-2023:3940-1 Rating: important References: * #1215778 Cross-References: * CVE-2023-5217 CVSS scores: * CVE-2023-5217 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5217 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for libvpx fixes the following issues: * CVE-2023-5217: Fixed a heap buffer overflow (bsc#1215778). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3940=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3940=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3940=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3940=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-3940=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libvpx-devel-1.3.0-3.12.1 * libvpx-debugsource-1.3.0-3.12.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libvpx1-1.3.0-3.12.1 * libvpx1-debuginfo-1.3.0-3.12.1 * libvpx-debugsource-1.3.0-3.12.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libvpx1-1.3.0-3.12.1 * libvpx1-debuginfo-1.3.0-3.12.1 * libvpx-debugsource-1.3.0-3.12.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libvpx1-1.3.0-3.12.1 * libvpx1-debuginfo-1.3.0-3.12.1 * libvpx-debugsource-1.3.0-3.12.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * libvpx1-debuginfo-32bit-1.3.0-3.12.1 * vpx-tools-debuginfo-1.3.0-3.12.1 * libvpx1-32bit-1.3.0-3.12.1 * vpx-tools-1.3.0-3.12.1 * libvpx-debugsource-1.3.0-3.12.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5217.html * https://bugzilla.suse.com/show_bug.cgi?id=1215778 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 3 20:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 03 Oct 2023 20:30:03 -0000 Subject: SUSE-SU-2023:3955-1: important: Security update for vim Message-ID: <169636500300.16865.6126264058254403584@smelt2.prg2.suse.org> # Security update for vim Announcement ID: SUSE-SU-2023:3955-1 Rating: important References: * #1214922 * #1214924 * #1214925 * #1215004 * #1215006 * #1215033 Cross-References: * CVE-2023-4733 * CVE-2023-4734 * CVE-2023-4735 * CVE-2023-4738 * CVE-2023-4752 * CVE-2023-4781 CVSS scores: * CVE-2023-4733 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H * CVE-2023-4733 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4733 ( NVD ): 7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4734 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-4734 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4734 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4735 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2023-4735 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4735 ( NVD ): 4.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2023-4738 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4738 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4738 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4752 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4781 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4781 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4781 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves six vulnerabilities can now be installed. ## Description: This update for vim fixes the following issues: Security fixes: * CVE-2023-4733: Fixed use-after-free in function buflist_altfpos (bsc#1215004). * CVE-2023-4734: Fixed segmentation fault in function f_fullcommand (bsc#1214925). * CVE-2023-4735: Fixed out of bounds write in ops.c (bsc#1214924). * CVE-2023-4738: Fixed heap buffer overflow in vim_regsub_both (bsc#1214922). * CVE-2023-4752: Fixed heap use-after-free in function ins_compl_get_exp (bsc#1215006). * CVE-2023-4781: Fixed heap buffer overflow in function vim_regsub_both (bsc#1215033). Other fixes: * Update to version 9.0 with patch level 1894, for the complete list of changes see https://github.com/vim/vim/compare/v9.0.1443...v9.0.1894 * Use app icons generated from vimlogo.eps in the source tarball; add higher resolution icons of sizes 128x128, 256x256, and 512x512 as png sources ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3955=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3955=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3955=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3955=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3955=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3955=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-3955=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3955=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3955=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3955=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3955=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3955=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3955=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3955=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3955=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3955=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3955=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3955=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3955=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3955=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3955=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3955=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3955=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3955=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * vim-debuginfo-9.0.1894-150000.5.54.1 * gvim-9.0.1894-150000.5.54.1 * vim-debugsource-9.0.1894-150000.5.54.1 * vim-small-9.0.1894-150000.5.54.1 * gvim-debuginfo-9.0.1894-150000.5.54.1 * vim-9.0.1894-150000.5.54.1 * vim-small-debuginfo-9.0.1894-150000.5.54.1 * openSUSE Leap 15.4 (noarch) * vim-data-common-9.0.1894-150000.5.54.1 * vim-data-9.0.1894-150000.5.54.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * vim-data-common-9.0.1894-150000.5.54.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * vim-debuginfo-9.0.1894-150000.5.54.1 * vim-debugsource-9.0.1894-150000.5.54.1 * vim-small-9.0.1894-150000.5.54.1 * vim-small-debuginfo-9.0.1894-150000.5.54.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * vim-data-common-9.0.1894-150000.5.54.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * vim-debuginfo-9.0.1894-150000.5.54.1 * vim-debugsource-9.0.1894-150000.5.54.1 * vim-small-9.0.1894-150000.5.54.1 * vim-small-debuginfo-9.0.1894-150000.5.54.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * vim-data-common-9.0.1894-150000.5.54.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * vim-debuginfo-9.0.1894-150000.5.54.1 * vim-debugsource-9.0.1894-150000.5.54.1 * vim-small-9.0.1894-150000.5.54.1 * vim-small-debuginfo-9.0.1894-150000.5.54.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * vim-data-common-9.0.1894-150000.5.54.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * vim-debuginfo-9.0.1894-150000.5.54.1 * vim-debugsource-9.0.1894-150000.5.54.1 * vim-small-9.0.1894-150000.5.54.1 * vim-small-debuginfo-9.0.1894-150000.5.54.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * vim-debuginfo-9.0.1894-150000.5.54.1 * vim-debugsource-9.0.1894-150000.5.54.1 * vim-small-9.0.1894-150000.5.54.1 * vim-9.0.1894-150000.5.54.1 * vim-small-debuginfo-9.0.1894-150000.5.54.1 * Basesystem Module 15-SP4 (noarch) * vim-data-common-9.0.1894-150000.5.54.1 * vim-data-9.0.1894-150000.5.54.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * vim-debuginfo-9.0.1894-150000.5.54.1 * gvim-9.0.1894-150000.5.54.1 * vim-debugsource-9.0.1894-150000.5.54.1 * gvim-debuginfo-9.0.1894-150000.5.54.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * vim-debuginfo-9.0.1894-150000.5.54.1 * gvim-9.0.1894-150000.5.54.1 * vim-debugsource-9.0.1894-150000.5.54.1 * gvim-debuginfo-9.0.1894-150000.5.54.1 * vim-9.0.1894-150000.5.54.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * vim-data-common-9.0.1894-150000.5.54.1 * vim-data-9.0.1894-150000.5.54.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * vim-debuginfo-9.0.1894-150000.5.54.1 * gvim-9.0.1894-150000.5.54.1 * vim-debugsource-9.0.1894-150000.5.54.1 * gvim-debuginfo-9.0.1894-150000.5.54.1 * vim-9.0.1894-150000.5.54.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * vim-data-common-9.0.1894-150000.5.54.1 * vim-data-9.0.1894-150000.5.54.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * vim-debuginfo-9.0.1894-150000.5.54.1 * gvim-9.0.1894-150000.5.54.1 * vim-debugsource-9.0.1894-150000.5.54.1 * vim-small-9.0.1894-150000.5.54.1 * gvim-debuginfo-9.0.1894-150000.5.54.1 * vim-9.0.1894-150000.5.54.1 * vim-small-debuginfo-9.0.1894-150000.5.54.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * vim-data-common-9.0.1894-150000.5.54.1 * vim-data-9.0.1894-150000.5.54.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * vim-debuginfo-9.0.1894-150000.5.54.1 * gvim-9.0.1894-150000.5.54.1 * vim-debugsource-9.0.1894-150000.5.54.1 * vim-small-9.0.1894-150000.5.54.1 * gvim-debuginfo-9.0.1894-150000.5.54.1 * vim-9.0.1894-150000.5.54.1 * vim-small-debuginfo-9.0.1894-150000.5.54.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * vim-data-common-9.0.1894-150000.5.54.1 * vim-data-9.0.1894-150000.5.54.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * vim-debuginfo-9.0.1894-150000.5.54.1 * gvim-9.0.1894-150000.5.54.1 * vim-debugsource-9.0.1894-150000.5.54.1 * gvim-debuginfo-9.0.1894-150000.5.54.1 * vim-9.0.1894-150000.5.54.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * vim-data-common-9.0.1894-150000.5.54.1 * vim-data-9.0.1894-150000.5.54.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * vim-debuginfo-9.0.1894-150000.5.54.1 * gvim-9.0.1894-150000.5.54.1 * vim-debugsource-9.0.1894-150000.5.54.1 * gvim-debuginfo-9.0.1894-150000.5.54.1 * vim-9.0.1894-150000.5.54.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * vim-data-common-9.0.1894-150000.5.54.1 * vim-data-9.0.1894-150000.5.54.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * vim-debuginfo-9.0.1894-150000.5.54.1 * gvim-9.0.1894-150000.5.54.1 * vim-debugsource-9.0.1894-150000.5.54.1 * vim-small-9.0.1894-150000.5.54.1 * gvim-debuginfo-9.0.1894-150000.5.54.1 * vim-9.0.1894-150000.5.54.1 * vim-small-debuginfo-9.0.1894-150000.5.54.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * vim-data-common-9.0.1894-150000.5.54.1 * vim-data-9.0.1894-150000.5.54.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * vim-debuginfo-9.0.1894-150000.5.54.1 * gvim-9.0.1894-150000.5.54.1 * vim-debugsource-9.0.1894-150000.5.54.1 * gvim-debuginfo-9.0.1894-150000.5.54.1 * vim-9.0.1894-150000.5.54.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * vim-data-common-9.0.1894-150000.5.54.1 * vim-data-9.0.1894-150000.5.54.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * vim-debuginfo-9.0.1894-150000.5.54.1 * gvim-9.0.1894-150000.5.54.1 * vim-debugsource-9.0.1894-150000.5.54.1 * gvim-debuginfo-9.0.1894-150000.5.54.1 * vim-9.0.1894-150000.5.54.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * vim-data-common-9.0.1894-150000.5.54.1 * vim-data-9.0.1894-150000.5.54.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * vim-debuginfo-9.0.1894-150000.5.54.1 * gvim-9.0.1894-150000.5.54.1 * vim-debugsource-9.0.1894-150000.5.54.1 * vim-small-9.0.1894-150000.5.54.1 * gvim-debuginfo-9.0.1894-150000.5.54.1 * vim-9.0.1894-150000.5.54.1 * vim-small-debuginfo-9.0.1894-150000.5.54.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * vim-data-common-9.0.1894-150000.5.54.1 * vim-data-9.0.1894-150000.5.54.1 * SUSE Manager Proxy 4.2 (x86_64) * vim-debuginfo-9.0.1894-150000.5.54.1 * vim-debugsource-9.0.1894-150000.5.54.1 * vim-small-9.0.1894-150000.5.54.1 * vim-9.0.1894-150000.5.54.1 * vim-small-debuginfo-9.0.1894-150000.5.54.1 * SUSE Manager Proxy 4.2 (noarch) * vim-data-common-9.0.1894-150000.5.54.1 * vim-data-9.0.1894-150000.5.54.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * vim-debuginfo-9.0.1894-150000.5.54.1 * vim-debugsource-9.0.1894-150000.5.54.1 * vim-small-9.0.1894-150000.5.54.1 * vim-9.0.1894-150000.5.54.1 * vim-small-debuginfo-9.0.1894-150000.5.54.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * vim-data-common-9.0.1894-150000.5.54.1 * vim-data-9.0.1894-150000.5.54.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * vim-debuginfo-9.0.1894-150000.5.54.1 * vim-debugsource-9.0.1894-150000.5.54.1 * vim-small-9.0.1894-150000.5.54.1 * vim-9.0.1894-150000.5.54.1 * vim-small-debuginfo-9.0.1894-150000.5.54.1 * SUSE Manager Server 4.2 (noarch) * vim-data-common-9.0.1894-150000.5.54.1 * vim-data-9.0.1894-150000.5.54.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * vim-debuginfo-9.0.1894-150000.5.54.1 * gvim-9.0.1894-150000.5.54.1 * vim-debugsource-9.0.1894-150000.5.54.1 * vim-small-9.0.1894-150000.5.54.1 * gvim-debuginfo-9.0.1894-150000.5.54.1 * vim-9.0.1894-150000.5.54.1 * vim-small-debuginfo-9.0.1894-150000.5.54.1 * SUSE Enterprise Storage 7.1 (noarch) * vim-data-common-9.0.1894-150000.5.54.1 * vim-data-9.0.1894-150000.5.54.1 * SUSE CaaS Platform 4.0 (x86_64) * vim-debuginfo-9.0.1894-150000.5.54.1 * gvim-9.0.1894-150000.5.54.1 * vim-debugsource-9.0.1894-150000.5.54.1 * gvim-debuginfo-9.0.1894-150000.5.54.1 * vim-9.0.1894-150000.5.54.1 * SUSE CaaS Platform 4.0 (noarch) * vim-data-common-9.0.1894-150000.5.54.1 * vim-data-9.0.1894-150000.5.54.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * vim-data-common-9.0.1894-150000.5.54.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * vim-debuginfo-9.0.1894-150000.5.54.1 * vim-debugsource-9.0.1894-150000.5.54.1 * vim-small-9.0.1894-150000.5.54.1 * vim-small-debuginfo-9.0.1894-150000.5.54.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * vim-data-common-9.0.1894-150000.5.54.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * vim-debuginfo-9.0.1894-150000.5.54.1 * vim-debugsource-9.0.1894-150000.5.54.1 * vim-small-9.0.1894-150000.5.54.1 * vim-small-debuginfo-9.0.1894-150000.5.54.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * vim-data-common-9.0.1894-150000.5.54.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * vim-debuginfo-9.0.1894-150000.5.54.1 * vim-debugsource-9.0.1894-150000.5.54.1 * vim-small-9.0.1894-150000.5.54.1 * vim-small-debuginfo-9.0.1894-150000.5.54.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4733.html * https://www.suse.com/security/cve/CVE-2023-4734.html * https://www.suse.com/security/cve/CVE-2023-4735.html * https://www.suse.com/security/cve/CVE-2023-4738.html * https://www.suse.com/security/cve/CVE-2023-4752.html * https://www.suse.com/security/cve/CVE-2023-4781.html * https://bugzilla.suse.com/show_bug.cgi?id=1214922 * https://bugzilla.suse.com/show_bug.cgi?id=1214924 * https://bugzilla.suse.com/show_bug.cgi?id=1214925 * https://bugzilla.suse.com/show_bug.cgi?id=1215004 * https://bugzilla.suse.com/show_bug.cgi?id=1215006 * https://bugzilla.suse.com/show_bug.cgi?id=1215033 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 3 20:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 03 Oct 2023 20:30:06 -0000 Subject: SUSE-SU-2023:3954-1: important: Security update for libeconf Message-ID: <169636500651.16865.12444991167492046999@smelt2.prg2.suse.org> # Security update for libeconf Announcement ID: SUSE-SU-2023:3954-1 Rating: important References: * #1211078 Cross-References: * CVE-2023-22652 * CVE-2023-30078 * CVE-2023-30079 * CVE-2023-32181 CVSS scores: * CVE-2023-22652 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-22652 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-30078 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-30078 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-30079 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-30079 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-32181 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-32181 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves four vulnerabilities can now be installed. ## Description: This update for libeconf fixes the following issues: Update to version 0.5.2. * CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in "econf_writeFile" function (bsc#1211078). * CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in "read_file" function. (bsc#1211078) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3954=1 openSUSE-SLE-15.4-2023-3954=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3954=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3954=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3954=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3954=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3954=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3954=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3954=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libeconf-devel-0.5.2-150400.3.6.1 * libeconf-utils-0.5.2-150400.3.6.1 * libeconf-utils-debuginfo-0.5.2-150400.3.6.1 * libeconf-debugsource-0.5.2-150400.3.6.1 * libeconf0-debuginfo-0.5.2-150400.3.6.1 * libeconf0-0.5.2-150400.3.6.1 * openSUSE Leap 15.4 (x86_64) * libeconf0-32bit-0.5.2-150400.3.6.1 * libeconf0-32bit-debuginfo-0.5.2-150400.3.6.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libeconf0-64bit-0.5.2-150400.3.6.1 * libeconf0-64bit-debuginfo-0.5.2-150400.3.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libeconf-devel-0.5.2-150400.3.6.1 * libeconf-utils-0.5.2-150400.3.6.1 * libeconf-utils-debuginfo-0.5.2-150400.3.6.1 * libeconf-debugsource-0.5.2-150400.3.6.1 * libeconf0-debuginfo-0.5.2-150400.3.6.1 * libeconf0-0.5.2-150400.3.6.1 * openSUSE Leap 15.5 (x86_64) * libeconf0-32bit-0.5.2-150400.3.6.1 * libeconf0-32bit-debuginfo-0.5.2-150400.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libeconf0-0.5.2-150400.3.6.1 * libeconf0-debuginfo-0.5.2-150400.3.6.1 * libeconf-debugsource-0.5.2-150400.3.6.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libeconf0-0.5.2-150400.3.6.1 * libeconf0-debuginfo-0.5.2-150400.3.6.1 * libeconf-debugsource-0.5.2-150400.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libeconf0-0.5.2-150400.3.6.1 * libeconf0-debuginfo-0.5.2-150400.3.6.1 * libeconf-debugsource-0.5.2-150400.3.6.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libeconf0-0.5.2-150400.3.6.1 * libeconf0-debuginfo-0.5.2-150400.3.6.1 * libeconf-debugsource-0.5.2-150400.3.6.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libeconf0-0.5.2-150400.3.6.1 * libeconf0-debuginfo-0.5.2-150400.3.6.1 * libeconf-debugsource-0.5.2-150400.3.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libeconf0-0.5.2-150400.3.6.1 * libeconf0-debuginfo-0.5.2-150400.3.6.1 * libeconf-debugsource-0.5.2-150400.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-22652.html * https://www.suse.com/security/cve/CVE-2023-30078.html * https://www.suse.com/security/cve/CVE-2023-30079.html * https://www.suse.com/security/cve/CVE-2023-32181.html * https://bugzilla.suse.com/show_bug.cgi?id=1211078 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 3 20:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 03 Oct 2023 20:30:09 -0000 Subject: SUSE-SU-2023:3953-1: moderate: Security update for mdadm Message-ID: <169636500944.16865.8505922079791480042@smelt2.prg2.suse.org> # Security update for mdadm Announcement ID: SUSE-SU-2023:3953-1 Rating: moderate References: * #1214244 * #1214245 Cross-References: * CVE-2023-28736 * CVE-2023-28938 CVSS scores: * CVE-2023-28736 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L * CVE-2023-28736 ( NVD ): 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L * CVE-2023-28938 ( SUSE ): 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L * CVE-2023-28938 ( NVD ): 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for mdadm fixes the following issues: * CVE-2023-28736: Fixed a buffer overflow (bsc#1214244). * CVE-2023-28938: Fixed uncontrolled resource consumption (bsc#1214245). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3953=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3953=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3953=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3953=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3953=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3953=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3953=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3953=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3953=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3953=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3953=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3953=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * mdadm-4.1-150300.24.33.1 * mdadm-debugsource-4.1-150300.24.33.1 * mdadm-debuginfo-4.1-150300.24.33.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * mdadm-4.1-150300.24.33.1 * mdadm-debugsource-4.1-150300.24.33.1 * mdadm-debuginfo-4.1-150300.24.33.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * mdadm-4.1-150300.24.33.1 * mdadm-debugsource-4.1-150300.24.33.1 * mdadm-debuginfo-4.1-150300.24.33.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * mdadm-4.1-150300.24.33.1 * mdadm-debugsource-4.1-150300.24.33.1 * mdadm-debuginfo-4.1-150300.24.33.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * mdadm-4.1-150300.24.33.1 * mdadm-debugsource-4.1-150300.24.33.1 * mdadm-debuginfo-4.1-150300.24.33.1 * SUSE Manager Proxy 4.2 (x86_64) * mdadm-4.1-150300.24.33.1 * mdadm-debugsource-4.1-150300.24.33.1 * mdadm-debuginfo-4.1-150300.24.33.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * mdadm-4.1-150300.24.33.1 * mdadm-debugsource-4.1-150300.24.33.1 * mdadm-debuginfo-4.1-150300.24.33.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * mdadm-4.1-150300.24.33.1 * mdadm-debugsource-4.1-150300.24.33.1 * mdadm-debuginfo-4.1-150300.24.33.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * mdadm-4.1-150300.24.33.1 * mdadm-debugsource-4.1-150300.24.33.1 * mdadm-debuginfo-4.1-150300.24.33.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * mdadm-4.1-150300.24.33.1 * mdadm-debugsource-4.1-150300.24.33.1 * mdadm-debuginfo-4.1-150300.24.33.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * mdadm-4.1-150300.24.33.1 * mdadm-debugsource-4.1-150300.24.33.1 * mdadm-debuginfo-4.1-150300.24.33.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * mdadm-4.1-150300.24.33.1 * mdadm-debugsource-4.1-150300.24.33.1 * mdadm-debuginfo-4.1-150300.24.33.1 ## References: * https://www.suse.com/security/cve/CVE-2023-28736.html * https://www.suse.com/security/cve/CVE-2023-28938.html * https://bugzilla.suse.com/show_bug.cgi?id=1214244 * https://bugzilla.suse.com/show_bug.cgi?id=1214245 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 3 20:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 03 Oct 2023 20:30:12 -0000 Subject: SUSE-SU-2023:3952-1: important: Security update for runc Message-ID: <169636501238.16865.17782126500094802284@smelt2.prg2.suse.org> # Security update for runc Announcement ID: SUSE-SU-2023:3952-1 Rating: important References: * #1212475 Affected Products: * Containers Module 15-SP4 * Containers Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one security fix can now be installed. ## Description: This update of runc fixes the following issues: * Update to runc v1.1.8. Upstream changelog is available from . * rebuild the package with the go 1.21 security release (bsc#1212475). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3952=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3952=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3952=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3952=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3952=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3952=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-3952=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-3952=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3952=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3952=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3952=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3952=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3952=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3952=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3952=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3952=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3952=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3952=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3952=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-3952=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3952=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3952=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3952=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * runc-1.1.8-150000.49.1 * runc-debuginfo-1.1.8-150000.49.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * runc-1.1.8-150000.49.1 * runc-debuginfo-1.1.8-150000.49.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * runc-1.1.8-150000.49.1 * runc-debuginfo-1.1.8-150000.49.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * runc-1.1.8-150000.49.1 * runc-debuginfo-1.1.8-150000.49.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * runc-1.1.8-150000.49.1 * runc-debuginfo-1.1.8-150000.49.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * runc-1.1.8-150000.49.1 * runc-debuginfo-1.1.8-150000.49.1 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * runc-1.1.8-150000.49.1 * runc-debuginfo-1.1.8-150000.49.1 * Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64) * runc-1.1.8-150000.49.1 * runc-debuginfo-1.1.8-150000.49.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * runc-1.1.8-150000.49.1 * runc-debuginfo-1.1.8-150000.49.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * runc-1.1.8-150000.49.1 * runc-debuginfo-1.1.8-150000.49.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * runc-1.1.8-150000.49.1 * runc-debuginfo-1.1.8-150000.49.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * runc-1.1.8-150000.49.1 * runc-debuginfo-1.1.8-150000.49.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * runc-1.1.8-150000.49.1 * runc-debuginfo-1.1.8-150000.49.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * runc-1.1.8-150000.49.1 * runc-debuginfo-1.1.8-150000.49.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * runc-1.1.8-150000.49.1 * runc-debuginfo-1.1.8-150000.49.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * runc-1.1.8-150000.49.1 * runc-debuginfo-1.1.8-150000.49.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * runc-1.1.8-150000.49.1 * runc-debuginfo-1.1.8-150000.49.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * runc-1.1.8-150000.49.1 * runc-debuginfo-1.1.8-150000.49.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * runc-1.1.8-150000.49.1 * runc-debuginfo-1.1.8-150000.49.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * runc-1.1.8-150000.49.1 * runc-debuginfo-1.1.8-150000.49.1 * SUSE CaaS Platform 4.0 (x86_64) * runc-1.1.8-150000.49.1 * runc-debuginfo-1.1.8-150000.49.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * runc-1.1.8-150000.49.1 * runc-debuginfo-1.1.8-150000.49.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * runc-1.1.8-150000.49.1 * runc-debuginfo-1.1.8-150000.49.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * runc-1.1.8-150000.49.1 * runc-debuginfo-1.1.8-150000.49.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212475 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 3 20:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 03 Oct 2023 20:30:14 -0000 Subject: SUSE-RU-2023:3459-2: moderate: Recommended update for scap-security-guide Message-ID: <169636501480.16865.16364755456461732862@smelt2.prg2.suse.org> # Recommended update for scap-security-guide Announcement ID: SUSE-RU-2023:3459-2 Rating: moderate References: * ECO-3319 Affected Products: * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that contains one feature can now be installed. ## Description: This update for scap-security-guide fixes the following issues: * scap-security-guide was updated to 0.1.69 (jsc#ECO-3319) * Introduce a JSON build manifest * Introduce a script to compare ComplianceAsCode versions * Introduce CCN profiles for RHEL9 * Map rules to components * products/anolis23: supports Anolis OS 23 * Render components to HTML * Store rendered control files * Test and use rules to components mapping * Use distributed product properties ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3459=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3459=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3459=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3459=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3459=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3459=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3459=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3459=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3459=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3459=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3459=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * scap-security-guide-0.1.69-150000.1.65.1 * scap-security-guide-debian-0.1.69-150000.1.65.1 * scap-security-guide-ubuntu-0.1.69-150000.1.65.1 * scap-security-guide-redhat-0.1.69-150000.1.65.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * scap-security-guide-0.1.69-150000.1.65.1 * scap-security-guide-debian-0.1.69-150000.1.65.1 * scap-security-guide-ubuntu-0.1.69-150000.1.65.1 * scap-security-guide-redhat-0.1.69-150000.1.65.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * scap-security-guide-0.1.69-150000.1.65.1 * scap-security-guide-debian-0.1.69-150000.1.65.1 * scap-security-guide-ubuntu-0.1.69-150000.1.65.1 * scap-security-guide-redhat-0.1.69-150000.1.65.1 * SUSE Enterprise Storage 7.1 (noarch) * scap-security-guide-0.1.69-150000.1.65.1 * scap-security-guide-debian-0.1.69-150000.1.65.1 * scap-security-guide-ubuntu-0.1.69-150000.1.65.1 * scap-security-guide-redhat-0.1.69-150000.1.65.1 * SUSE CaaS Platform 4.0 (noarch) * scap-security-guide-0.1.69-150000.1.65.1 * scap-security-guide-debian-0.1.69-150000.1.65.1 * scap-security-guide-ubuntu-0.1.69-150000.1.65.1 * scap-security-guide-redhat-0.1.69-150000.1.65.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * scap-security-guide-0.1.69-150000.1.65.1 * scap-security-guide-debian-0.1.69-150000.1.65.1 * scap-security-guide-ubuntu-0.1.69-150000.1.65.1 * scap-security-guide-redhat-0.1.69-150000.1.65.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * scap-security-guide-0.1.69-150000.1.65.1 * scap-security-guide-debian-0.1.69-150000.1.65.1 * scap-security-guide-ubuntu-0.1.69-150000.1.65.1 * scap-security-guide-redhat-0.1.69-150000.1.65.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * scap-security-guide-0.1.69-150000.1.65.1 * scap-security-guide-debian-0.1.69-150000.1.65.1 * scap-security-guide-ubuntu-0.1.69-150000.1.65.1 * scap-security-guide-redhat-0.1.69-150000.1.65.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * scap-security-guide-0.1.69-150000.1.65.1 * scap-security-guide-debian-0.1.69-150000.1.65.1 * scap-security-guide-ubuntu-0.1.69-150000.1.65.1 * scap-security-guide-redhat-0.1.69-150000.1.65.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * scap-security-guide-0.1.69-150000.1.65.1 * scap-security-guide-debian-0.1.69-150000.1.65.1 * scap-security-guide-ubuntu-0.1.69-150000.1.65.1 * scap-security-guide-redhat-0.1.69-150000.1.65.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * scap-security-guide-0.1.69-150000.1.65.1 * scap-security-guide-debian-0.1.69-150000.1.65.1 * scap-security-guide-ubuntu-0.1.69-150000.1.65.1 * scap-security-guide-redhat-0.1.69-150000.1.65.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * scap-security-guide-0.1.69-150000.1.65.1 * scap-security-guide-debian-0.1.69-150000.1.65.1 * scap-security-guide-ubuntu-0.1.69-150000.1.65.1 * scap-security-guide-redhat-0.1.69-150000.1.65.1 ## References: * https://jira.suse.com/browse/ECO-3319 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 3 20:30:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 03 Oct 2023 20:30:24 -0000 Subject: SUSE-RU-2023:3951-1: moderate: Recommended update for python3-jmespath, python3-ply Message-ID: <169636502457.16865.3443649803053280166@smelt2.prg2.suse.org> # Recommended update for python3-jmespath, python3-ply Announcement ID: SUSE-RU-2023:3951-1 Rating: moderate References: * #1209233 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that has one fix can now be installed. ## Description: This update for python3-jmespath and python3-ply fixes the following issue: * the packages are required as dependencies for python3-salt, and were missing on aarch64 based SLE Micro flavors so far. There are no functional changes. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3951=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3951=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3951=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3951=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3951=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3951=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-3951=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3951=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3951=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3951=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3951=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3951=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3951=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3951=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3951=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3951=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3951=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python3-ply-3.10-150000.3.5.1 * python-ply-doc-3.10-150000.3.5.1 * python3-jmespath-0.9.3-150000.3.5.1 * openSUSE Leap 15.5 (noarch) * python3-ply-3.10-150000.3.5.1 * python-ply-doc-3.10-150000.3.5.1 * python3-jmespath-0.9.3-150000.3.5.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * python3-ply-3.10-150000.3.5.1 * python3-jmespath-0.9.3-150000.3.5.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * python3-ply-3.10-150000.3.5.1 * python3-jmespath-0.9.3-150000.3.5.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * python3-ply-3.10-150000.3.5.1 * python3-jmespath-0.9.3-150000.3.5.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * python3-ply-3.10-150000.3.5.1 * python3-jmespath-0.9.3-150000.3.5.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * python3-ply-3.10-150000.3.5.1 * python3-jmespath-0.9.3-150000.3.5.1 * Basesystem Module 15-SP4 (noarch) * python3-ply-3.10-150000.3.5.1 * python3-jmespath-0.9.3-150000.3.5.1 * Basesystem Module 15-SP5 (noarch) * python3-ply-3.10-150000.3.5.1 * python3-jmespath-0.9.3-150000.3.5.1 * SUSE Package Hub 15 15-SP4 (noarch) * python2-jmespath-0.9.3-150000.3.5.1 * SUSE Package Hub 15 15-SP5 (noarch) * python2-jmespath-0.9.3-150000.3.5.1 * SUSE Manager Proxy 4.2 (noarch) * python3-ply-3.10-150000.3.5.1 * python3-jmespath-0.9.3-150000.3.5.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * python3-ply-3.10-150000.3.5.1 * python3-jmespath-0.9.3-150000.3.5.1 * SUSE Manager Server 4.2 (noarch) * python2-ply-3.10-150000.3.5.1 * python3-ply-3.10-150000.3.5.1 * python3-jmespath-0.9.3-150000.3.5.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * python3-ply-3.10-150000.3.5.1 * python3-jmespath-0.9.3-150000.3.5.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * python3-ply-3.10-150000.3.5.1 * python3-jmespath-0.9.3-150000.3.5.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * python3-ply-3.10-150000.3.5.1 * python3-jmespath-0.9.3-150000.3.5.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209233 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 3 20:30:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 03 Oct 2023 20:30:26 -0000 Subject: SUSE-SU-2023:3950-1: important: Security update for MozillaFirefox Message-ID: <169636502661.16865.9169518902486426226@smelt2.prg2.suse.org> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2023:3950-1 Rating: important References: * #1215814 Cross-References: * CVE-2023-5217 CVSS scores: * CVE-2023-5217 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5217 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: Mozilla Firefox was updated to 115.3.1 ESR, fixing a security issue: MFSA 2023-44 (bsc#1215814) * CVE-2023-5217: Fixed heap buffer overflow in libvpx ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3950=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3950=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3950=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3950=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * MozillaFirefox-115.3.1-112.185.1 * MozillaFirefox-debugsource-115.3.1-112.185.1 * MozillaFirefox-translations-common-115.3.1-112.185.1 * MozillaFirefox-debuginfo-115.3.1-112.185.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * MozillaFirefox-devel-115.3.1-112.185.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-115.3.1-112.185.1 * MozillaFirefox-debugsource-115.3.1-112.185.1 * MozillaFirefox-translations-common-115.3.1-112.185.1 * MozillaFirefox-debuginfo-115.3.1-112.185.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * MozillaFirefox-devel-115.3.1-112.185.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * MozillaFirefox-115.3.1-112.185.1 * MozillaFirefox-debugsource-115.3.1-112.185.1 * MozillaFirefox-translations-common-115.3.1-112.185.1 * MozillaFirefox-debuginfo-115.3.1-112.185.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * MozillaFirefox-devel-115.3.1-112.185.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debugsource-115.3.1-112.185.1 * MozillaFirefox-debuginfo-115.3.1-112.185.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch) * MozillaFirefox-devel-115.3.1-112.185.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5217.html * https://bugzilla.suse.com/show_bug.cgi?id=1215814 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 3 20:30:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 03 Oct 2023 20:30:28 -0000 Subject: SUSE-SU-2023:3949-1: important: Security update for MozillaFirefox Message-ID: <169636502866.16865.13294024604631023651@smelt2.prg2.suse.org> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2023:3949-1 Rating: important References: * #1215814 Cross-References: * CVE-2023-5217 CVSS scores: * CVE-2023-5217 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5217 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: Mozilla Firefox was updated to 115.3.1 ESR, fixing a security issue: MFSA 2023-44 (bsc#1215814) * CVE-2023-5217: Fixed a heap buffer overflow in libvpx ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3949=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3949=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3949=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3949=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3949=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3949=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3949=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3949=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3949=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-3949=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-3949=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3949=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * MozillaFirefox-debugsource-115.3.1-150200.152.111.1 * MozillaFirefox-translations-other-115.3.1-150200.152.111.1 * MozillaFirefox-115.3.1-150200.152.111.1 * MozillaFirefox-debuginfo-115.3.1-150200.152.111.1 * MozillaFirefox-translations-common-115.3.1-150200.152.111.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * MozillaFirefox-devel-115.3.1-150200.152.111.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * MozillaFirefox-debugsource-115.3.1-150200.152.111.1 * MozillaFirefox-translations-other-115.3.1-150200.152.111.1 * MozillaFirefox-115.3.1-150200.152.111.1 * MozillaFirefox-debuginfo-115.3.1-150200.152.111.1 * MozillaFirefox-translations-common-115.3.1-150200.152.111.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * MozillaFirefox-devel-115.3.1-150200.152.111.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debugsource-115.3.1-150200.152.111.1 * MozillaFirefox-translations-other-115.3.1-150200.152.111.1 * MozillaFirefox-115.3.1-150200.152.111.1 * MozillaFirefox-debuginfo-115.3.1-150200.152.111.1 * MozillaFirefox-translations-common-115.3.1-150200.152.111.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * MozillaFirefox-devel-115.3.1-150200.152.111.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debugsource-115.3.1-150200.152.111.1 * MozillaFirefox-translations-other-115.3.1-150200.152.111.1 * MozillaFirefox-115.3.1-150200.152.111.1 * MozillaFirefox-debuginfo-115.3.1-150200.152.111.1 * MozillaFirefox-translations-common-115.3.1-150200.152.111.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * MozillaFirefox-devel-115.3.1-150200.152.111.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * MozillaFirefox-debugsource-115.3.1-150200.152.111.1 * MozillaFirefox-translations-other-115.3.1-150200.152.111.1 * MozillaFirefox-115.3.1-150200.152.111.1 * MozillaFirefox-debuginfo-115.3.1-150200.152.111.1 * MozillaFirefox-translations-common-115.3.1-150200.152.111.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * MozillaFirefox-devel-115.3.1-150200.152.111.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * MozillaFirefox-debugsource-115.3.1-150200.152.111.1 * MozillaFirefox-translations-other-115.3.1-150200.152.111.1 * MozillaFirefox-115.3.1-150200.152.111.1 * MozillaFirefox-debuginfo-115.3.1-150200.152.111.1 * MozillaFirefox-translations-common-115.3.1-150200.152.111.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * MozillaFirefox-devel-115.3.1-150200.152.111.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * MozillaFirefox-debugsource-115.3.1-150200.152.111.1 * MozillaFirefox-translations-other-115.3.1-150200.152.111.1 * MozillaFirefox-115.3.1-150200.152.111.1 * MozillaFirefox-debuginfo-115.3.1-150200.152.111.1 * MozillaFirefox-translations-common-115.3.1-150200.152.111.1 * SUSE Enterprise Storage 7.1 (noarch) * MozillaFirefox-devel-115.3.1-150200.152.111.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debugsource-115.3.1-150200.152.111.1 * MozillaFirefox-translations-other-115.3.1-150200.152.111.1 * MozillaFirefox-115.3.1-150200.152.111.1 * MozillaFirefox-branding-upstream-115.3.1-150200.152.111.1 * MozillaFirefox-debuginfo-115.3.1-150200.152.111.1 * MozillaFirefox-translations-common-115.3.1-150200.152.111.1 * openSUSE Leap 15.4 (noarch) * MozillaFirefox-devel-115.3.1-150200.152.111.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debugsource-115.3.1-150200.152.111.1 * MozillaFirefox-translations-other-115.3.1-150200.152.111.1 * MozillaFirefox-115.3.1-150200.152.111.1 * MozillaFirefox-branding-upstream-115.3.1-150200.152.111.1 * MozillaFirefox-debuginfo-115.3.1-150200.152.111.1 * MozillaFirefox-translations-common-115.3.1-150200.152.111.1 * openSUSE Leap 15.5 (noarch) * MozillaFirefox-devel-115.3.1-150200.152.111.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debugsource-115.3.1-150200.152.111.1 * MozillaFirefox-translations-other-115.3.1-150200.152.111.1 * MozillaFirefox-115.3.1-150200.152.111.1 * MozillaFirefox-debuginfo-115.3.1-150200.152.111.1 * MozillaFirefox-translations-common-115.3.1-150200.152.111.1 * Desktop Applications Module 15-SP4 (noarch) * MozillaFirefox-devel-115.3.1-150200.152.111.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debugsource-115.3.1-150200.152.111.1 * MozillaFirefox-translations-other-115.3.1-150200.152.111.1 * MozillaFirefox-115.3.1-150200.152.111.1 * MozillaFirefox-debuginfo-115.3.1-150200.152.111.1 * MozillaFirefox-translations-common-115.3.1-150200.152.111.1 * Desktop Applications Module 15-SP5 (noarch) * MozillaFirefox-devel-115.3.1-150200.152.111.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * MozillaFirefox-debugsource-115.3.1-150200.152.111.1 * MozillaFirefox-translations-other-115.3.1-150200.152.111.1 * MozillaFirefox-115.3.1-150200.152.111.1 * MozillaFirefox-debuginfo-115.3.1-150200.152.111.1 * MozillaFirefox-translations-common-115.3.1-150200.152.111.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * MozillaFirefox-devel-115.3.1-150200.152.111.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5217.html * https://bugzilla.suse.com/show_bug.cgi?id=1215814 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 3 20:30:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 03 Oct 2023 20:30:31 -0000 Subject: SUSE-SU-2023:3948-1: important: Security update for libvpx Message-ID: <169636503121.16865.2703921133240688295@smelt2.prg2.suse.org> # Security update for libvpx Announcement ID: SUSE-SU-2023:3948-1 Rating: important References: * #1215778 Cross-References: * CVE-2023-5217 CVSS scores: * CVE-2023-5217 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5217 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for libvpx fixes the following issues: * CVE-2023-5217: Fixed a heap buffer overflow (bsc#1215778). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3948=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-3948=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-3948=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3948=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3948=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3948=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3948=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3948=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3948=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3948=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3948=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3948=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3948=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3948=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3948=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3948=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3948=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libvpx4-debuginfo-1.6.1-150000.6.11.1 * libvpx4-1.6.1-150000.6.11.1 * openSUSE Leap 15.4 (x86_64) * libvpx4-32bit-debuginfo-1.6.1-150000.6.11.1 * libvpx4-32bit-1.6.1-150000.6.11.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libvpx-debugsource-1.6.1-150000.6.11.1 * libvpx4-debuginfo-1.6.1-150000.6.11.1 * libvpx4-1.6.1-150000.6.11.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libvpx-debugsource-1.6.1-150000.6.11.1 * libvpx4-debuginfo-1.6.1-150000.6.11.1 * libvpx4-1.6.1-150000.6.11.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libvpx-debugsource-1.6.1-150000.6.11.1 * libvpx4-debuginfo-1.6.1-150000.6.11.1 * libvpx4-1.6.1-150000.6.11.1 * libvpx-devel-1.6.1-150000.6.11.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libvpx4-32bit-debuginfo-1.6.1-150000.6.11.1 * libvpx4-32bit-1.6.1-150000.6.11.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libvpx-debugsource-1.6.1-150000.6.11.1 * libvpx4-debuginfo-1.6.1-150000.6.11.1 * libvpx4-1.6.1-150000.6.11.1 * libvpx-devel-1.6.1-150000.6.11.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libvpx-debugsource-1.6.1-150000.6.11.1 * libvpx4-debuginfo-1.6.1-150000.6.11.1 * libvpx4-1.6.1-150000.6.11.1 * libvpx-devel-1.6.1-150000.6.11.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libvpx-debugsource-1.6.1-150000.6.11.1 * libvpx4-debuginfo-1.6.1-150000.6.11.1 * libvpx4-1.6.1-150000.6.11.1 * libvpx-devel-1.6.1-150000.6.11.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libvpx-debugsource-1.6.1-150000.6.11.1 * libvpx4-debuginfo-1.6.1-150000.6.11.1 * libvpx4-1.6.1-150000.6.11.1 * libvpx-devel-1.6.1-150000.6.11.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libvpx4-32bit-debuginfo-1.6.1-150000.6.11.1 * libvpx4-32bit-1.6.1-150000.6.11.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libvpx-debugsource-1.6.1-150000.6.11.1 * libvpx4-debuginfo-1.6.1-150000.6.11.1 * libvpx4-1.6.1-150000.6.11.1 * libvpx-devel-1.6.1-150000.6.11.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libvpx-debugsource-1.6.1-150000.6.11.1 * libvpx4-debuginfo-1.6.1-150000.6.11.1 * libvpx4-1.6.1-150000.6.11.1 * libvpx-devel-1.6.1-150000.6.11.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libvpx-debugsource-1.6.1-150000.6.11.1 * libvpx4-debuginfo-1.6.1-150000.6.11.1 * libvpx4-1.6.1-150000.6.11.1 * libvpx-devel-1.6.1-150000.6.11.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libvpx4-32bit-debuginfo-1.6.1-150000.6.11.1 * libvpx4-32bit-1.6.1-150000.6.11.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libvpx-debugsource-1.6.1-150000.6.11.1 * libvpx4-debuginfo-1.6.1-150000.6.11.1 * libvpx4-1.6.1-150000.6.11.1 * libvpx-devel-1.6.1-150000.6.11.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libvpx-debugsource-1.6.1-150000.6.11.1 * libvpx4-debuginfo-1.6.1-150000.6.11.1 * libvpx4-1.6.1-150000.6.11.1 * libvpx-devel-1.6.1-150000.6.11.1 * SUSE Manager Proxy 4.2 (x86_64) * libvpx-debugsource-1.6.1-150000.6.11.1 * libvpx4-debuginfo-1.6.1-150000.6.11.1 * libvpx4-1.6.1-150000.6.11.1 * libvpx-devel-1.6.1-150000.6.11.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libvpx-debugsource-1.6.1-150000.6.11.1 * libvpx4-debuginfo-1.6.1-150000.6.11.1 * libvpx4-1.6.1-150000.6.11.1 * libvpx-devel-1.6.1-150000.6.11.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libvpx-debugsource-1.6.1-150000.6.11.1 * libvpx4-debuginfo-1.6.1-150000.6.11.1 * libvpx4-1.6.1-150000.6.11.1 * libvpx-devel-1.6.1-150000.6.11.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libvpx-debugsource-1.6.1-150000.6.11.1 * libvpx4-debuginfo-1.6.1-150000.6.11.1 * libvpx4-1.6.1-150000.6.11.1 * libvpx-devel-1.6.1-150000.6.11.1 * SUSE CaaS Platform 4.0 (x86_64) * libvpx4-32bit-1.6.1-150000.6.11.1 * libvpx4-1.6.1-150000.6.11.1 * libvpx-debugsource-1.6.1-150000.6.11.1 * libvpx4-debuginfo-1.6.1-150000.6.11.1 * libvpx4-32bit-debuginfo-1.6.1-150000.6.11.1 * libvpx-devel-1.6.1-150000.6.11.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5217.html * https://bugzilla.suse.com/show_bug.cgi?id=1215778 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 3 20:30:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 03 Oct 2023 20:30:34 -0000 Subject: SUSE-SU-2023:3947-1: moderate: Security update for poppler Message-ID: <169636503452.16865.13321928198334717955@smelt2.prg2.suse.org> # Security update for poppler Announcement ID: SUSE-SU-2023:3947-1 Rating: moderate References: * #1214618 * #1214621 * #1214622 Cross-References: * CVE-2022-37050 * CVE-2022-37051 * CVE-2022-38349 CVSS scores: * CVE-2022-37050 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-37050 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-37051 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-37051 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-38349 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2022-38349 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that solves three vulnerabilities can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2022-37050: Fixed denial-of-service via savePageAs in PDFDoc.c (bsc#1214622). * CVE-2022-37051: Fixed abort in main() in pdfunite.cc (bsc#1214621). * CVE-2022-38349: Fixed reachable assertion in Object.h that will lead to denial of service (bsc#1214618). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3947=1 openSUSE-SLE-15.4-2023-3947=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3947=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3947=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-3947=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * poppler-tools-22.01.0-150400.3.11.2 * typelib-1_0-Poppler-0_18-22.01.0-150400.3.11.2 * libpoppler-glib8-22.01.0-150400.3.11.2 * libpoppler-qt6-3-debuginfo-22.01.0-150400.3.11.2 * poppler-tools-debuginfo-22.01.0-150400.3.11.2 * libpoppler-glib-devel-22.01.0-150400.3.11.2 * libpoppler-cpp0-22.01.0-150400.3.11.2 * libpoppler-devel-22.01.0-150400.3.11.2 * libpoppler117-debuginfo-22.01.0-150400.3.11.2 * libpoppler-qt6-3-22.01.0-150400.3.11.2 * libpoppler-cpp0-debuginfo-22.01.0-150400.3.11.2 * libpoppler-qt5-1-debuginfo-22.01.0-150400.3.11.2 * libpoppler-qt6-devel-22.01.0-150400.3.11.2 * libpoppler117-22.01.0-150400.3.11.2 * poppler-qt6-debugsource-22.01.0-150400.3.11.2 * poppler-qt5-debugsource-22.01.0-150400.3.11.2 * libpoppler-glib8-debuginfo-22.01.0-150400.3.11.2 * libpoppler-qt5-devel-22.01.0-150400.3.11.2 * poppler-debugsource-22.01.0-150400.3.11.2 * libpoppler-qt5-1-22.01.0-150400.3.11.2 * openSUSE Leap 15.4 (x86_64) * libpoppler-glib8-32bit-22.01.0-150400.3.11.2 * libpoppler117-32bit-debuginfo-22.01.0-150400.3.11.2 * libpoppler-cpp0-32bit-debuginfo-22.01.0-150400.3.11.2 * libpoppler-qt5-1-32bit-22.01.0-150400.3.11.2 * libpoppler-glib8-32bit-debuginfo-22.01.0-150400.3.11.2 * libpoppler-qt5-1-32bit-debuginfo-22.01.0-150400.3.11.2 * libpoppler-cpp0-32bit-22.01.0-150400.3.11.2 * libpoppler117-32bit-22.01.0-150400.3.11.2 * openSUSE Leap 15.4 (aarch64_ilp32) * libpoppler117-64bit-22.01.0-150400.3.11.2 * libpoppler-glib8-64bit-22.01.0-150400.3.11.2 * libpoppler-cpp0-64bit-debuginfo-22.01.0-150400.3.11.2 * libpoppler117-64bit-debuginfo-22.01.0-150400.3.11.2 * libpoppler-qt5-1-64bit-debuginfo-22.01.0-150400.3.11.2 * libpoppler-qt5-1-64bit-22.01.0-150400.3.11.2 * libpoppler-cpp0-64bit-22.01.0-150400.3.11.2 * libpoppler-glib8-64bit-debuginfo-22.01.0-150400.3.11.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * poppler-tools-22.01.0-150400.3.11.2 * typelib-1_0-Poppler-0_18-22.01.0-150400.3.11.2 * libpoppler-glib8-22.01.0-150400.3.11.2 * poppler-tools-debuginfo-22.01.0-150400.3.11.2 * libpoppler-glib-devel-22.01.0-150400.3.11.2 * libpoppler-cpp0-22.01.0-150400.3.11.2 * libpoppler-devel-22.01.0-150400.3.11.2 * libpoppler117-debuginfo-22.01.0-150400.3.11.2 * libpoppler-cpp0-debuginfo-22.01.0-150400.3.11.2 * libpoppler117-22.01.0-150400.3.11.2 * libpoppler-glib8-debuginfo-22.01.0-150400.3.11.2 * poppler-debugsource-22.01.0-150400.3.11.2 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * libpoppler-cpp0-22.01.0-150400.3.11.2 * libpoppler-devel-22.01.0-150400.3.11.2 * libpoppler-cpp0-debuginfo-22.01.0-150400.3.11.2 * libpoppler-qt5-1-debuginfo-22.01.0-150400.3.11.2 * poppler-qt5-debugsource-22.01.0-150400.3.11.2 * libpoppler-qt5-devel-22.01.0-150400.3.11.2 * poppler-debugsource-22.01.0-150400.3.11.2 * libpoppler-qt5-1-22.01.0-150400.3.11.2 * SUSE Package Hub 15 15-SP4 (x86_64) * libpoppler-glib8-32bit-22.01.0-150400.3.11.2 * libpoppler117-32bit-debuginfo-22.01.0-150400.3.11.2 * libpoppler-glib8-32bit-debuginfo-22.01.0-150400.3.11.2 * libpoppler117-32bit-22.01.0-150400.3.11.2 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * poppler-debugsource-22.01.0-150400.3.11.2 * libpoppler117-22.01.0-150400.3.11.2 * libpoppler117-debuginfo-22.01.0-150400.3.11.2 ## References: * https://www.suse.com/security/cve/CVE-2022-37050.html * https://www.suse.com/security/cve/CVE-2022-37051.html * https://www.suse.com/security/cve/CVE-2022-38349.html * https://bugzilla.suse.com/show_bug.cgi?id=1214618 * https://bugzilla.suse.com/show_bug.cgi?id=1214621 * https://bugzilla.suse.com/show_bug.cgi?id=1214622 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 3 20:30:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 03 Oct 2023 20:30:38 -0000 Subject: SUSE-SU-2023:3946-1: important: Security update for libvpx Message-ID: <169636503801.16865.3868352135582609191@smelt2.prg2.suse.org> # Security update for libvpx Announcement ID: SUSE-SU-2023:3946-1 Rating: important References: * #1215778 Cross-References: * CVE-2023-5217 CVSS scores: * CVE-2023-5217 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5217 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for libvpx fixes the following issues: * CVE-2023-5217: Fixed a heap buffer overflow (bsc#1215778). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3946=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3946=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3946=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3946=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3946=1 openSUSE-SLE-15.4-2023-3946=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3946=1 ## Package List: * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libvpx-devel-1.11.0-150400.3.3.1 * libvpx-debugsource-1.11.0-150400.3.3.1 * libvpx7-debuginfo-1.11.0-150400.3.3.1 * libvpx7-1.11.0-150400.3.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libvpx-devel-1.11.0-150400.3.3.1 * libvpx-debugsource-1.11.0-150400.3.3.1 * libvpx7-debuginfo-1.11.0-150400.3.3.1 * libvpx7-1.11.0-150400.3.3.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * libvpx-debugsource-1.11.0-150400.3.3.1 * vpx-tools-debuginfo-1.11.0-150400.3.3.1 * vpx-tools-1.11.0-150400.3.3.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * libvpx-debugsource-1.11.0-150400.3.3.1 * vpx-tools-debuginfo-1.11.0-150400.3.3.1 * vpx-tools-1.11.0-150400.3.3.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libvpx7-debuginfo-1.11.0-150400.3.3.1 * libvpx-devel-1.11.0-150400.3.3.1 * libvpx-debugsource-1.11.0-150400.3.3.1 * vpx-tools-debuginfo-1.11.0-150400.3.3.1 * vpx-tools-1.11.0-150400.3.3.1 * libvpx7-1.11.0-150400.3.3.1 * openSUSE Leap 15.4 (x86_64) * libvpx7-32bit-debuginfo-1.11.0-150400.3.3.1 * libvpx7-32bit-1.11.0-150400.3.3.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libvpx7-64bit-debuginfo-1.11.0-150400.3.3.1 * libvpx7-64bit-1.11.0-150400.3.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libvpx7-debuginfo-1.11.0-150400.3.3.1 * libvpx-devel-1.11.0-150400.3.3.1 * libvpx-debugsource-1.11.0-150400.3.3.1 * vpx-tools-debuginfo-1.11.0-150400.3.3.1 * vpx-tools-1.11.0-150400.3.3.1 * libvpx7-1.11.0-150400.3.3.1 * openSUSE Leap 15.5 (x86_64) * libvpx7-32bit-debuginfo-1.11.0-150400.3.3.1 * libvpx7-32bit-1.11.0-150400.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5217.html * https://bugzilla.suse.com/show_bug.cgi?id=1215778 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 3 20:30:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 03 Oct 2023 20:30:45 -0000 Subject: SUSE-SU-2023:3945-1: moderate: Security update for postfix Message-ID: <169636504529.16865.16200746689479716802@smelt2.prg2.suse.org> # Security update for postfix Announcement ID: SUSE-SU-2023:3945-1 Rating: moderate References: * #1211196 * #1215372 Cross-References: * CVE-2023-32182 CVSS scores: * CVE-2023-32182 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2023-32182 ( NVD ): 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * Basesystem Module 15-SP4 * Legacy Module 15-SP4 * openSUSE Leap 15.4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for postfix fixes the following issues: Security fixes: * CVE-2023-32182: Fixed config_postfix SUSE specific script using potentially bad /tmp file (bsc#1211196). Other fixes: * postfix: config.postfix causes too tight permission on main.cf (bsc#1215372). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3945=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3945=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-3945=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-3945=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3945=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3945=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3945=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * postfix-ldap-debuginfo-3.5.9-150300.5.12.2 * postfix-bdb-lmdb-3.5.9-150300.5.12.2 * postfix-bdb-debugsource-3.5.9-150300.5.12.2 * postfix-3.5.9-150300.5.12.2 * postfix-postgresql-debuginfo-3.5.9-150300.5.12.2 * postfix-ldap-3.5.9-150300.5.12.2 * postfix-debuginfo-3.5.9-150300.5.12.2 * postfix-mysql-debuginfo-3.5.9-150300.5.12.2 * postfix-postgresql-3.5.9-150300.5.12.2 * postfix-bdb-3.5.9-150300.5.12.2 * postfix-bdb-debuginfo-3.5.9-150300.5.12.2 * postfix-debugsource-3.5.9-150300.5.12.2 * postfix-devel-3.5.9-150300.5.12.2 * postfix-bdb-lmdb-debuginfo-3.5.9-150300.5.12.2 * postfix-mysql-3.5.9-150300.5.12.2 * openSUSE Leap 15.4 (noarch) * postfix-doc-3.5.9-150300.5.12.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * postfix-ldap-debuginfo-3.5.9-150300.5.12.2 * postfix-3.5.9-150300.5.12.2 * postfix-ldap-3.5.9-150300.5.12.2 * postfix-debuginfo-3.5.9-150300.5.12.2 * postfix-devel-3.5.9-150300.5.12.2 * postfix-debugsource-3.5.9-150300.5.12.2 * Basesystem Module 15-SP4 (noarch) * postfix-doc-3.5.9-150300.5.12.2 * Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64) * postfix-bdb-lmdb-3.5.9-150300.5.12.2 * postfix-bdb-debugsource-3.5.9-150300.5.12.2 * postfix-bdb-3.5.9-150300.5.12.2 * postfix-bdb-debuginfo-3.5.9-150300.5.12.2 * postfix-bdb-lmdb-debuginfo-3.5.9-150300.5.12.2 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * postfix-mysql-debuginfo-3.5.9-150300.5.12.2 * postfix-debugsource-3.5.9-150300.5.12.2 * postfix-debuginfo-3.5.9-150300.5.12.2 * postfix-mysql-3.5.9-150300.5.12.2 * SUSE Manager Proxy 4.2 (x86_64) * postfix-ldap-debuginfo-3.5.9-150300.5.12.2 * postfix-3.5.9-150300.5.12.2 * postfix-ldap-3.5.9-150300.5.12.2 * postfix-debuginfo-3.5.9-150300.5.12.2 * postfix-mysql-debuginfo-3.5.9-150300.5.12.2 * postfix-devel-3.5.9-150300.5.12.2 * postfix-debugsource-3.5.9-150300.5.12.2 * postfix-mysql-3.5.9-150300.5.12.2 * SUSE Manager Proxy 4.2 (noarch) * postfix-doc-3.5.9-150300.5.12.2 * SUSE Manager Retail Branch Server 4.2 (x86_64) * postfix-ldap-debuginfo-3.5.9-150300.5.12.2 * postfix-3.5.9-150300.5.12.2 * postfix-ldap-3.5.9-150300.5.12.2 * postfix-debuginfo-3.5.9-150300.5.12.2 * postfix-mysql-debuginfo-3.5.9-150300.5.12.2 * postfix-devel-3.5.9-150300.5.12.2 * postfix-debugsource-3.5.9-150300.5.12.2 * postfix-mysql-3.5.9-150300.5.12.2 * SUSE Manager Retail Branch Server 4.2 (noarch) * postfix-doc-3.5.9-150300.5.12.2 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * postfix-ldap-debuginfo-3.5.9-150300.5.12.2 * postfix-3.5.9-150300.5.12.2 * postfix-ldap-3.5.9-150300.5.12.2 * postfix-debuginfo-3.5.9-150300.5.12.2 * postfix-mysql-debuginfo-3.5.9-150300.5.12.2 * postfix-devel-3.5.9-150300.5.12.2 * postfix-debugsource-3.5.9-150300.5.12.2 * postfix-mysql-3.5.9-150300.5.12.2 * SUSE Manager Server 4.2 (noarch) * postfix-doc-3.5.9-150300.5.12.2 ## References: * https://www.suse.com/security/cve/CVE-2023-32182.html * https://bugzilla.suse.com/show_bug.cgi?id=1211196 * https://bugzilla.suse.com/show_bug.cgi?id=1215372 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 3 20:30:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 03 Oct 2023 20:30:48 -0000 Subject: SUSE-SU-2023:3944-1: moderate: Security update for libqb Message-ID: <169636504814.16865.3368059220745890704@smelt2.prg2.suse.org> # Security update for libqb Announcement ID: SUSE-SU-2023:3944-1 Rating: moderate References: * #1214066 Cross-References: * CVE-2023-39976 CVSS scores: * CVE-2023-39976 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39976 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for libqb fixes the following issues: * CVE-2023-39976: Fixed potential bufferoverflow with long log messages (bsc#1214066). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3944=1 openSUSE-SLE-15.4-2023-3944=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3944=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-3944=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libqb-devel-2.0.4+20211112.a2691b9-150400.4.3.1 * doxygen2man-2.0.4+20211112.a2691b9-150400.4.3.1 * libqb-tools-debuginfo-2.0.4+20211112.a2691b9-150400.4.3.1 * libqb100-2.0.4+20211112.a2691b9-150400.4.3.1 * doxygen2man-debuginfo-2.0.4+20211112.a2691b9-150400.4.3.1 * libqb-debugsource-2.0.4+20211112.a2691b9-150400.4.3.1 * libqb100-debuginfo-2.0.4+20211112.a2691b9-150400.4.3.1 * libqb-tests-debuginfo-2.0.4+20211112.a2691b9-150400.4.3.1 * libqb-tests-2.0.4+20211112.a2691b9-150400.4.3.1 * libqb-tools-2.0.4+20211112.a2691b9-150400.4.3.1 * openSUSE Leap 15.4 (x86_64) * libqb100-32bit-debuginfo-2.0.4+20211112.a2691b9-150400.4.3.1 * libqb100-32bit-2.0.4+20211112.a2691b9-150400.4.3.1 * libqb-devel-32bit-2.0.4+20211112.a2691b9-150400.4.3.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libqb100-64bit-2.0.4+20211112.a2691b9-150400.4.3.1 * libqb100-64bit-debuginfo-2.0.4+20211112.a2691b9-150400.4.3.1 * libqb-devel-64bit-2.0.4+20211112.a2691b9-150400.4.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libqb-debugsource-2.0.4+20211112.a2691b9-150400.4.3.1 * libqb100-debuginfo-2.0.4+20211112.a2691b9-150400.4.3.1 * libqb-devel-2.0.4+20211112.a2691b9-150400.4.3.1 * libqb100-2.0.4+20211112.a2691b9-150400.4.3.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * doxygen2man-2.0.4+20211112.a2691b9-150400.4.3.1 * libqb-tools-debuginfo-2.0.4+20211112.a2691b9-150400.4.3.1 * doxygen2man-debuginfo-2.0.4+20211112.a2691b9-150400.4.3.1 * libqb-debugsource-2.0.4+20211112.a2691b9-150400.4.3.1 * libqb-tests-debuginfo-2.0.4+20211112.a2691b9-150400.4.3.1 * libqb-tests-2.0.4+20211112.a2691b9-150400.4.3.1 * libqb-tools-2.0.4+20211112.a2691b9-150400.4.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39976.html * https://bugzilla.suse.com/show_bug.cgi?id=1214066 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 3 20:30:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 03 Oct 2023 20:30:51 -0000 Subject: SUSE-SU-2023:3943-1: important: Security update for python311 Message-ID: <169636505184.16865.5122012894109087620@smelt2.prg2.suse.org> # Security update for python311 Announcement ID: SUSE-SU-2023:3943-1 Rating: important References: * #1214692 * #1214693 Cross-References: * CVE-2023-40217 * CVE-2023-41105 CVSS scores: * CVE-2023-40217 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2023-40217 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-41105 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2023-41105 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Python 3 Module 15-SP4 * Python 3 Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for python311 fixes the following issues: Update to 3.11.5. * CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692). * CVE-2023-41105: Fixed input truncation on null bytes in os.path.normpath (bsc#1214693). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3943=1 openSUSE-SLE-15.4-2023-3943=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3943=1 * Python 3 Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Python3-15-SP4-2023-3943=1 * Python 3 Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Python3-15-SP5-2023-3943=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * python311-curses-3.11.5-150400.9.20.1 * python311-doc-devhelp-3.11.5-150400.9.20.2 * python311-testsuite-debuginfo-3.11.5-150400.9.20.2 * libpython3_11-1_0-3.11.5-150400.9.20.2 * python311-dbm-debuginfo-3.11.5-150400.9.20.1 * python311-core-debugsource-3.11.5-150400.9.20.2 * python311-tools-3.11.5-150400.9.20.2 * python311-tk-debuginfo-3.11.5-150400.9.20.1 * python311-curses-debuginfo-3.11.5-150400.9.20.1 * python311-doc-3.11.5-150400.9.20.2 * python311-devel-3.11.5-150400.9.20.2 * python311-idle-3.11.5-150400.9.20.1 * python311-base-debuginfo-3.11.5-150400.9.20.2 * python311-tk-3.11.5-150400.9.20.1 * python311-dbm-3.11.5-150400.9.20.1 * python311-3.11.5-150400.9.20.1 * python311-debugsource-3.11.5-150400.9.20.1 * python311-testsuite-3.11.5-150400.9.20.2 * python311-debuginfo-3.11.5-150400.9.20.1 * python311-base-3.11.5-150400.9.20.2 * libpython3_11-1_0-debuginfo-3.11.5-150400.9.20.2 * openSUSE Leap 15.4 (x86_64) * python311-32bit-debuginfo-3.11.5-150400.9.20.1 * python311-32bit-3.11.5-150400.9.20.1 * libpython3_11-1_0-32bit-3.11.5-150400.9.20.2 * libpython3_11-1_0-32bit-debuginfo-3.11.5-150400.9.20.2 * python311-base-32bit-debuginfo-3.11.5-150400.9.20.2 * python311-base-32bit-3.11.5-150400.9.20.2 * openSUSE Leap 15.4 (aarch64_ilp32) * libpython3_11-1_0-64bit-3.11.5-150400.9.20.2 * python311-64bit-debuginfo-3.11.5-150400.9.20.1 * python311-base-64bit-debuginfo-3.11.5-150400.9.20.2 * python311-base-64bit-3.11.5-150400.9.20.2 * libpython3_11-1_0-64bit-debuginfo-3.11.5-150400.9.20.2 * python311-64bit-3.11.5-150400.9.20.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * python311-curses-3.11.5-150400.9.20.1 * python311-doc-devhelp-3.11.5-150400.9.20.2 * python311-testsuite-debuginfo-3.11.5-150400.9.20.2 * libpython3_11-1_0-3.11.5-150400.9.20.2 * python311-dbm-debuginfo-3.11.5-150400.9.20.1 * python311-core-debugsource-3.11.5-150400.9.20.2 * python311-tools-3.11.5-150400.9.20.2 * python311-tk-debuginfo-3.11.5-150400.9.20.1 * python311-curses-debuginfo-3.11.5-150400.9.20.1 * python311-doc-3.11.5-150400.9.20.2 * python311-devel-3.11.5-150400.9.20.2 * python311-idle-3.11.5-150400.9.20.1 * python311-base-debuginfo-3.11.5-150400.9.20.2 * python311-tk-3.11.5-150400.9.20.1 * python311-3.11.5-150400.9.20.1 * python311-dbm-3.11.5-150400.9.20.1 * python311-debugsource-3.11.5-150400.9.20.1 * python311-testsuite-3.11.5-150400.9.20.2 * python311-debuginfo-3.11.5-150400.9.20.1 * python311-base-3.11.5-150400.9.20.2 * libpython3_11-1_0-debuginfo-3.11.5-150400.9.20.2 * openSUSE Leap 15.5 (x86_64) * python311-32bit-debuginfo-3.11.5-150400.9.20.1 * python311-32bit-3.11.5-150400.9.20.1 * libpython3_11-1_0-32bit-3.11.5-150400.9.20.2 * libpython3_11-1_0-32bit-debuginfo-3.11.5-150400.9.20.2 * python311-base-32bit-debuginfo-3.11.5-150400.9.20.2 * python311-base-32bit-3.11.5-150400.9.20.2 * Python 3 Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python311-debuginfo-3.11.5-150400.9.20.1 * python311-curses-3.11.5-150400.9.20.1 * python311-doc-devhelp-3.11.5-150400.9.20.2 * python311-curses-debuginfo-3.11.5-150400.9.20.1 * python311-tk-3.11.5-150400.9.20.1 * libpython3_11-1_0-3.11.5-150400.9.20.2 * python311-idle-3.11.5-150400.9.20.1 * python311-base-3.11.5-150400.9.20.2 * python311-dbm-debuginfo-3.11.5-150400.9.20.1 * python311-3.11.5-150400.9.20.1 * python311-dbm-3.11.5-150400.9.20.1 * python311-doc-3.11.5-150400.9.20.2 * python311-devel-3.11.5-150400.9.20.2 * python311-core-debugsource-3.11.5-150400.9.20.2 * python311-tools-3.11.5-150400.9.20.2 * python311-base-debuginfo-3.11.5-150400.9.20.2 * python311-debugsource-3.11.5-150400.9.20.1 * libpython3_11-1_0-debuginfo-3.11.5-150400.9.20.2 * python311-tk-debuginfo-3.11.5-150400.9.20.1 * Python 3 Module 15-SP5 (aarch64 ppc64le s390x x86_64) * python311-debuginfo-3.11.5-150400.9.20.1 * python311-curses-3.11.5-150400.9.20.1 * python311-doc-devhelp-3.11.5-150400.9.20.2 * python311-curses-debuginfo-3.11.5-150400.9.20.1 * python311-tk-3.11.5-150400.9.20.1 * libpython3_11-1_0-3.11.5-150400.9.20.2 * python311-idle-3.11.5-150400.9.20.1 * python311-base-3.11.5-150400.9.20.2 * python311-dbm-debuginfo-3.11.5-150400.9.20.1 * python311-3.11.5-150400.9.20.1 * python311-dbm-3.11.5-150400.9.20.1 * python311-doc-3.11.5-150400.9.20.2 * python311-devel-3.11.5-150400.9.20.2 * python311-core-debugsource-3.11.5-150400.9.20.2 * python311-tools-3.11.5-150400.9.20.2 * python311-base-debuginfo-3.11.5-150400.9.20.2 * python311-debugsource-3.11.5-150400.9.20.1 * libpython3_11-1_0-debuginfo-3.11.5-150400.9.20.2 * python311-tk-debuginfo-3.11.5-150400.9.20.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40217.html * https://www.suse.com/security/cve/CVE-2023-41105.html * https://bugzilla.suse.com/show_bug.cgi?id=1214692 * https://bugzilla.suse.com/show_bug.cgi?id=1214693 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 4 07:06:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Oct 2023 09:06:00 +0200 (CEST) Subject: SUSE-CU-2023:3228-1: Recommended update of suse/sle15 Message-ID: <20231004070600.1DA9FFC9F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3228-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.824 Container Release : 6.2.824 Severity : moderate Type : recommended References : 1213854 1214292 1214395 1215007 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3937-1 Released: Tue Oct 3 11:33:38 2023 Summary: Recommended update for zypper Type: recommended Severity: moderate References: 1213854,1214292,1214395,1215007 This update for zypper fixes the following issues: - Fix name of the bash completion script (bsc#1215007) - Update notes about failing signature checks (bsc#1214395) - Improve the SIGINT handler to be signal safe (bsc#1214292) - Update to version 1.14.64 - Changed location of bash completion script (bsc#1213854). The following package changes have been done: - zypper-1.14.64-150100.3.87.1 updated From sle-updates at lists.suse.com Wed Oct 4 07:06:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Oct 2023 09:06:31 +0200 (CEST) Subject: SUSE-CU-2023:3229-1: Security update of bci/dotnet-sdk Message-ID: <20231004070631.E54D2FC9F@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3229-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-14.3 , bci/dotnet-sdk:6.0.22 , bci/dotnet-sdk:6.0.22-14.3 Container Release : 14.3 Severity : important Type : security References : 1211078 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) The following package changes have been done: - libeconf0-0.5.2-150400.3.6.1 updated - container:sles15-image-15.0.0-36.5.38 updated From sle-updates at lists.suse.com Wed Oct 4 07:06:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Oct 2023 09:06:54 +0200 (CEST) Subject: SUSE-CU-2023:3230-1: Security update of bci/dotnet-sdk Message-ID: <20231004070654.4A23DFC9F@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3230-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-16.3 , bci/dotnet-sdk:7.0.11 , bci/dotnet-sdk:7.0.11-16.3 , bci/dotnet-sdk:latest Container Release : 16.3 Severity : important Type : security References : 1211078 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) The following package changes have been done: - libeconf0-0.5.2-150400.3.6.1 updated - container:sles15-image-15.0.0-36.5.38 updated From sle-updates at lists.suse.com Wed Oct 4 07:07:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Oct 2023 09:07:09 +0200 (CEST) Subject: SUSE-CU-2023:3231-1: Security update of suse/sle15 Message-ID: <20231004070709.8184BFC9F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3231-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.38 , suse/sle15:15.5 , suse/sle15:15.5.36.5.38 Container Release : 36.5.38 Severity : important Type : security References : 1211078 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) The following package changes have been done: - libeconf0-0.5.2-150400.3.6.1 updated From sle-updates at lists.suse.com Wed Oct 4 08:31:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 04 Oct 2023 08:31:50 -0000 Subject: SUSE-SU-2023:3964-1: important: Security update for the Linux Kernel Message-ID: <169640831046.2567.8403261593233271332@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:3964-1 Rating: important References: * #1023051 * #1120059 * #1177719 * #1188885 * #1193629 * #1194869 * #1205462 * #1208902 * #1208949 * #1209284 * #1209799 * #1210048 * #1210448 * #1212091 * #1212142 * #1212526 * #1212857 * #1212873 * #1213026 * #1213123 * #1213546 * #1213580 * #1213601 * #1213666 * #1213757 * #1213759 * #1213916 * #1213921 * #1213927 * #1213946 * #1213968 * #1213970 * #1213971 * #1214000 * #1214019 * #1214120 * #1214149 * #1214180 * #1214238 * #1214285 * #1214297 * #1214299 * #1214350 * #1214368 * #1214370 * #1214371 * #1214372 * #1214380 * #1214386 * #1214392 * #1214393 * #1214397 * #1214428 * #1214451 * #1214635 * #1214659 * #1214661 * #1214729 * #1214742 * #1214743 * #1214756 * #1215522 * #1215523 * #1215552 * #1215553 * PED-4579 * PED-4759 * PED-4927 * PED-4929 * PED-5738 * PED-6003 * PED-6004 Cross-References: * CVE-2023-2007 * CVE-2023-20588 * CVE-2023-34319 * CVE-2023-3610 * CVE-2023-37453 * CVE-2023-3772 * CVE-2023-3863 * CVE-2023-4128 * CVE-2023-4133 * CVE-2023-4134 * CVE-2023-4147 * CVE-2023-4194 * CVE-2023-4273 * CVE-2023-4387 * CVE-2023-4459 * CVE-2023-4569 CVSS scores: * CVE-2023-2007 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2007 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-20588 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20588 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-34319 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-34319 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3610 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3610 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-37453 ( SUSE ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-37453 ( NVD ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3772 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3772 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3863 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4128 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4128 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4133 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4133 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4134 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4147 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4147 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4194 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-4194 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2023-4273 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4273 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-4387 ( SUSE ): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4387 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-4459 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4569 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-4569 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Real Time Module 15-SP4 An update that solves 16 vulnerabilities, contains seven features and has 49 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448). * CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927). * CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546). * CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580). * CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123). * CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666). * CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). * CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149). * CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970). * CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971). * CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968). * CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019). * CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120). * CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350). * CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451). * CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c (bsc#1214729). The following non-security bugs were fixed: * Drop amdgpu patch causing spamming (bsc#1215523) * acpi: processor: perflib: avoid updating frequency qos unnecessarily (git- fixes). * acpi: processor: perflib: use the "no limit" frequency qos (git-fixes). * acpi: x86: s2idle: fix a logic error parsing amd constraints table (git- fixes). * alsa: ac97: fix possible error value of *rac97 (git-fixes). * alsa: hda/cs8409: support new dell dolphin variants (git-fixes). * alsa: hda/realtek - remodified 3k pull low procedure (git-fixes). * alsa: hda/realtek: add quirk for hp victus 16-d1xxx to enable mute led (git- fixes). * alsa: hda/realtek: add quirk for mute leds on hp envy x360 15-eu0xxx (git- fixes). * alsa: hda/realtek: add quirks for hp g11 laptops (git-fixes). * alsa: hda/realtek: switch dell oasis models to use spi (git-fixes). * alsa: pcm: fix missing fixup call in compat hw_refine ioctl (git-fixes). * alsa: usb-audio: add support for mythware xa001au capture and playback interfaces (git-fixes). * alsa: usb-audio: fix init call orders for uac1 (git-fixes). * alsa: ymfpci: fix the missing snd_card_free() call at probe error (git- fixes). * amba: bus: fix refcount leak (git-fixes). * arm64: dts: imx8mn-var-som: add missing pull-up for onboard phy reset pinmux (git-fixes). * arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (git-fixes). * arm64: dts: rockchip: disable hs400 for emmc on rock pi 4 (git-fixes). * arm: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix usb related warnings (git-fixes). * arm: dts: imx6sll: fixup of operating points (git-fixes). * arm: spear: do not use timer namespace for timer_shutdown() function (bsc#1213970). * asoc: lower "no backend dais enabled for ... port" log severity (git-fixes). * asoc: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes). * asoc: rt5665: add missed regulator_bulk_disable (git-fixes). * asoc: sof: intel: fix soundwire/hdaudio mutual exclusion (git-fixes). * asoc: stac9766: fix build errors with regmap_ac97 (git-fixes). * asoc: tegra: fix sfc conversion for few rates (git-fixes). * audit: fix possible soft lockup in __audit_inode_child() (git-fixes). * backlight/bd6107: compare against struct fb_info.device (git-fixes). * backlight/gpio_backlight: compare against struct fb_info.device (git-fixes). * backlight/lv5207lp: compare against struct fb_info.device (git-fixes). * batman-adv: do not get eth header before batadv_check_management_packet (git-fixes). * batman-adv: do not increase mtu when set by user (git-fixes). * batman-adv: fix batadv_v_ogm_aggr_send memory leak (git-fixes). * batman-adv: fix tt global entry leak when client roamed back (git-fixes). * batman-adv: hold rtnl lock during mtu update via netlink (git-fixes). * batman-adv: trigger events for auto adjusted mtu (git-fixes). * bluetooth: btusb: add mt7922 bluetooth id for the asus ally (git-fixes). * bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git- fixes). * bluetooth: fix potential use-after-free when clear keys (git-fixes). * bluetooth: l2cap: fix use-after-free (git-fixes). * bluetooth: l2cap: fix use-after-free in l2cap_sock_ready_cb (git-fixes). * bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git- fixes). * bluetooth: remove unused declaration amp_read_loc_info() (git-fixes). * bnx2x: fix page fault following eeh recovery (bsc#1214299). * bpf: disable preemption in bpf_event_output (git-fixes). * bus: ti-sysc: fix build warning for 64-bit build (git-fixes). * bus: ti-sysc: fix cast to enum warning (git-fixes). * bus: ti-sysc: flush posted write on enable before reset (git-fixes). * can: gs_usb: gs_usb_receive_bulk_callback(): count rx overflow errors also in case of oom (git-fixes). * ceph: defer stopping mdsc delayed_work (bsc#1214392). * ceph: do not check for quotas on mds stray dirs (bsc#1214238). * ceph: never send metrics if disable_send_metrics is set (bsc#1214180). * check-for-config-changes: ignore builtin_return_address_strips_pac (bsc#1214380). gcc7 on sle 15 does not support this while later gcc does. * cifs: add missing return value check for cifs_sb_tlink (bsc#1193629). * cifs: allow dumping keys for directories too (bsc#1193629). * cifs: fix mid leak during reconnection after timeout threshold (git-fixes). * cifs: if deferred close is disabled then close files immediately (git- fixes). * cifs: is_network_name_deleted should return a bool (bsc#1193629). * cifs: update internal module version number for cifs.ko (bsc#1193629). * clk: fix slab-out-of-bounds error in devm_clk_release() (git-fixes). * clk: fix undefined reference to `clk_rate_exclusive_{get,put}' (git-fixes). * clk: imx8mp: fix sai4 clock (git-fixes). * clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op (git-fixes). * clk: imx: pll14xx: dynamically configure pll for 393216000/361267200hz (git- fixes). * clk: qcom: camcc-sc7180: fix async resume during probe (git-fixes). * clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (git-fixes). * clk: qcom: gcc-sc7180: fix up gcc_sdcc2_apps_clk_src (git-fixes). * clk: qcom: gcc-sm8250: fix gcc_sdcc2_apps_clk_src (git-fixes). * clk: sunxi-ng: modify mismatched function name (git-fixes). * clocksource/drivers/arm_arch_timer: do not use timer namespace for timer_shutdown() function (bsc#1213970). * clocksource/drivers/sp804: do not use timer namespace for timer_shutdown() function (bsc#1213970). * config_nvme_verbose_errors=y gone with a82baa8083b * config_printk_safe_log_buf_shift=13 gone with 7e152d55123 * cpu/smt: allow enabling partial smt states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/smt: create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/smt: move smt prototypes into cpu_smt.h (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/smt: move smt/control simple exit cases earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/smt: remove topology_smt_supported() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/smt: store the current/max number of threads (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpufreq: fix the race condition while updating the transition_task of policy (git-fixes). * cpufreq: intel_pstate: adjust balance_performance epp for sapphire rapids (bsc#1214659). * cpufreq: intel_pstate: enable hwp io boost for all servers (bsc#1208949 jsc#ped-6003 jsc#ped-6004). * cpufreq: intel_pstate: fix scaling for hybrid-capable systems with disabled e-cores (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). * cpufreq: intel_pstate: hybrid: rework hwp calibration (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). * cpufreq: intel_pstate: hybrid: use known scaling factor for p-cores (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). * cpufreq: intel_pstate: read all msrs on the target cpu (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). * created new preempt kernel flavor configs are cloned from the respective $arch/default configs. all changed configs appart from config_preempt->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. tree_rcu has been also changed to preempt_rcu which is the default implementation for preempt kernel. * crypto: caam - fix unchecked return value error (git-fixes). * crypto: stm32 - properly handle pm_runtime_get failing (git-fixes). * dma-buf/sw_sync: avoid recursive lock during fence signal (git-fixes). * dma-buf/sync_file: fix docs syntax (git-fixes). * dmaengine: idxd: modify the dependence of attribute pasid_enabled (git- fixes). * dmaengine: mcf-edma: fix a potential un-allocated memory access (git-fixes). * dmaengine: pl330: return dma_paused when transaction is paused (git-fixes). * dmaengine: ste_dma40: add missing irq check in d40_probe (git-fixes). * docs/process/howto: replace c89 with c11 (bsc#1214756). * docs: kernel-parameters: refer to the correct bitmap function (git-fixes). * docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx (git-fixes). * docs: printk-formats: fix hex printing of signed values (git-fixes). * documentation: devices.txt: fix minors for ttycpm* (git-fixes). * documentation: devices.txt: remove ttyioc* (git-fixes). * documentation: devices.txt: remove ttysioc* (git-fixes). * driver core: test_async: fix an error code (git-fixes). * drivers: clk: keystone: fix parameter judgment in _of_pll_clk_init() (git- fixes). * drivers: usb: smsusb: fix error handling code in smsusb_init_device (git- fixes). * drm/amd/display: check attr flag before set cursor degamma on dcn3+ (git- fixes). * drm/amd/display: check tg is non-null before checking if enabled (git- fixes). * drm/amd/display: do not wait for mpc idle if tg is disabled (git-fixes). * drm/amd/display: fix access hdcp_workqueue assert (git-fixes). * drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes). * drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes). * drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create() (git-fixes). * drm/amd: flush any delayed gfxoff on suspend entry (git-fixes). * drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() (git-fixes). * drm/amdgpu: fix potential fence use-after-free v2 (git-fixes). * drm/amdgpu: install stub fence into potential unused fence pointers (git- fixes). * drm/amdgpu: use rmw accessors for changing lnkctl (git-fixes). * drm/armada: fix off-by-one error in armada_overlay_get_property() (git- fixes). * drm/ast: fix dram init on ast2200 (git-fixes). * drm/atomic-helper: update reference to drm_crtc_force_disable_all() (git- fixes). * drm/bridge: anx7625: drop device lock before drm_helper_hpd_irq_event() (git-fixes). * drm/bridge: fix -wunused-const-variable= warning (git-fixes). * drm/bridge: tc358764: fix debug print parameter order (git-fixes). * drm/etnaviv: fix dumping of active mmu context (git-fixes). * drm/mediatek: fix dereference before null check (git-fixes). * drm/mediatek: fix potential memory leak if vmap() fail (git-fixes). * drm/msm/a2xx: call adreno_gpu_init() earlier (git-fixes). * drm/msm/mdp5: do not leak some plane state (git-fixes). * drm/msm: update dev core dump to not print backwards (git-fixes). * drm/nouveau/disp: revert a null check inside nouveau_connector_get_modes (git-fixes). * drm/nouveau/gr: enable memory loads on helper invocation on all channels (git-fixes). * drm/panel: simple: add missing connector type and pixel format for auo t215hvn01 (git-fixes). * drm/panel: simple: fix auo g121ean01 panel timings according to the docs (git-fixes). * drm/qxl: fix uaf on handle creation (git-fixes). * drm/radeon: use rmw accessors for changing lnkctl (git-fixes). * drm/rockchip: do not spam logs in atomic check (git-fixes). * drm/shmem-helper: reset vma->vm_ops before calling dma_buf_mmap() (git- fixes). * drm/tegra: dpaux: fix incorrect return value of platform_get_irq (git- fixes). * drm/ttm: check null pointer before accessing when swapping (git-fixes). * drm/ttm: never consider pinned bos for eviction&swap (git-fixes). * drm/vmwgfx: fix shader stage validation (git-fixes). * drm: adv7511: fix low refresh rate register for adv7533/5 (git-fixes). * drm: xlnx: zynqmp_dpsub: add missing check for dma_set_mask (git-fixes). * drop cfg80211 lock fix patches that caused a regression (bsc#1213757) * drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428) * dt-bindings: clock: xlnx,versal-clk: drop select:false (git-fixes). * dt-bindings: clocks: imx8mp: make sai4 a dummy clock (git-fixes). * dt-bindings: crypto: ti,sa2ul: make power-domains conditional (git-fixes). * e1000: fix typos in comments (jsc#ped-5738). * e1000: remove unnecessary use of kmap_atomic() (jsc#ped-5738). * e1000: switch to napi_build_skb() (jsc#ped-5738). * e1000: switch to napi_consume_skb() (jsc#ped-5738). * enable analog devices industrial ethernet phy driver (jsc#ped-4759) * exfat: fix unexpected eof while reading dir (bsc#1214000). * exfat: release s_lock before calling dir_emit() (bsc#1214000). * exfat_iterate(): do not open-code file_inode(file) (bsc#1214000). * fbdev/ep93xx-fb: do not assign to struct fb_info.dev (git-fixes). * fbdev: fix potential oob read in fast_imageblit() (git-fixes). * fbdev: fix sys_imageblit() for arbitrary image widths (git-fixes). * fbdev: improve performance of sys_imageblit() (git-fixes). * fbdev: mmp: fix value check in mmphw_probe() (git-fixes). * file: reinstate f_pos locking optimization for regular files (bsc#1213759). * firmware: arm_scmi: drop of node reference in the transport channel setup (git-fixes). * firmware: cs_dsp: fix new control name check (git-fixes). * firmware: meson_sm: fix to avoid potential null pointer dereference (git- fixes). * firmware: stratix10-svc: fix an null vs is_err() bug in probe (git-fixes). * fs/sysv: null check to prevent null-ptr-deref bug (git-fixes). * ftrace: fix possible warning on checking all pages used in ftrace_process_locs() (git-fixes). * gpio: mvebu: fix irq domain leak (git-fixes). * gpio: mvebu: make use of devm_pwmchip_add (git-fixes). * gpio: tps68470: make tps68470_gpio_output() always set the initial value (git-fixes). * hid: add quirk for 03f0:464a hp elite presenter mouse (git-fixes). * hid: logitech-dj: fix error handling in logi_dj_recv_switch_to_dj_mode() (git-fixes). * hid: logitech-hidpp: add usb and bluetooth ids for the logitech g915 tkl keyboard (git-fixes). * hid: multitouch: correct devm device reference for hidinput input_dev name (git-fixes). * hid: wacom: remove the battery when the ekr is off (git-fixes). * hwmon: (pmbus/bel-pfe) enable pmbus_skip_status_check for pfe1100 (git- fixes). * hwmon: (tmp513) fix the channel number in tmp51x_is_visible() (git-fixes). * hwpoison: offline support: fix spelling in documentation/abi/ (git-fixes). * hwrng: iproc-rng200 - implement suspend and resume calls (git-fixes). * hwrng: nomadik - keep clock enabled while hwrng is registered (git-fixes). * hwrng: pic32 - use devm_clk_get_enabled (git-fixes). * i2c: bcm-iproc: fix bcm_iproc_i2c_isr deadlock issue (git-fixes). * i2c: delete error messages for failed memory allocations (git-fixes). * i2c: designware: correct length byte validation logic (git-fixes). * i2c: designware: handle invalid smbus block data response length value (git- fixes). * i2c: hisi: only handle the interrupt of the driver's transfer (git-fixes). * i2c: improve size determinations (git-fixes). * i2c: nomadik: remove a useless call in the remove function (git-fixes). * i2c: nomadik: remove unnecessary goto label (git-fixes). * i2c: nomadik: use devm_clk_get_enabled() (git-fixes). * i40e: fix an null vs is_err() bug for debugfs_create_dir() (git-fixes). * iavf: fix potential races for fdir filters (git-fixes). * ib/hfi1: fix possible panic during hotplug remove (git-fixes) * ib/uverbs: fix an potential error pointer dereference (git-fixes) * ice: fix crash by keep old cfg when update tcs more than queues (git-fixes). * ice: fix max_rate check while configuring tx rate limits (git-fixes). * ice: fix memory management in ice_ethtool_fdir.c (git-fixes). * ice: fix rdma vsi removal during queue rebuild (git-fixes). * iio: adc: ina2xx: avoid null pointer dereference on of device match (git- fixes). * iio: adc: stx104: implement and utilize register structures (git-fixes). * iio: adc: stx104: utilize iomap interface (git-fixes). * iio: cros_ec: fix the allocation size for cros_ec_command (git-fixes). * input: exc3000 - properly stop timer on shutdown (git-fixes). * intel/e1000:fix repeated words in comments (jsc#ped-5738). * intel: remove unused macros (jsc#ped-5738). * iommu/amd: add pci segment support for ivrs_ commands (git-fixes). * iommu/amd: fix compile warning in init code (git-fixes). * iommu/amd: fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (git-fixes). * iommu/amd: fix ivrs_acpihid cmdline parsing code (git-fixes). * iommu/amd: fix pci device refcount leak in ppr_notifier() (git-fixes). * iommu/amd: use full 64-bit value in build_completion_wait() (git-fixes). * iommu/arm-smmu-v3: check return value after calling platform_get_resource() (git-fixes). * iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes). * iommu/arm-smmu-v3: make default domain type of hisilicon ptt device to identity (git-fixes). * iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (git- fixes). * iommu/dart: initialize dart_streams_enable (git-fixes). * iommu/dma: fix incorrect error return on iommu deferred attach (git-fixes). * iommu/dma: fix iova map result check bug (git-fixes). * iommu/dma: return error code from iommu_dma_map_sg() (git-fixes). * iommu/fsl_pamu: fix resource leak in fsl_pamu_probe() (git-fixes). * iommu/io-pgtable-arm-v7s: add a quirk to allow pgtable pa up to 35bit (git- fixes). * iommu/iova: fix module config properly (git-fixes). * iommu/omap: fix buffer overflow in debugfs (git-fixes). * iommu/rockchip: fix permission bits in page table entries v2 (git-fixes). * iommu/sun50i: consider all fault sources for reset (git-fixes). * iommu/sun50i: fix flush size (git-fixes). * iommu/sun50i: fix r/w permission check (git-fixes). * iommu/sun50i: fix reset release (git-fixes). * iommu/sun50i: implement .iotlb_sync_map (git-fixes). * iommu/sun50i: remove iommu_domain_identity (git-fixes). * iommu/vt-d: add rpls to quirk list to skip te disabling (git-fixes). * iommu/vt-d: check correct capability for sagaw determination (git-fixes). * iommu/vt-d: clean up si_domain in the init_dmars() error path (git-fixes). * iommu/vt-d: correctly calculate sagaw value of iommu (git-fixes). * iommu/vt-d: fix kdump kernels boot failure with scalable mode (git-fixes). * iommu/vt-d: fix pci device refcount leak in dmar_dev_scope_init() (git- fixes). * iommu/vt-d: fix pci device refcount leak in has_external_pci() (git-fixes). * iommu/vt-d: preset access bit for iova in fl non-leaf paging entries (git- fixes). * iommu/vt-d: set sre bit only when hardware has srs cap (git-fixes). * ipmi:ssif: add check for kstrdup (git-fixes). * ipmi:ssif: fix a memory leak when scanning for an adapter (git-fixes). * ipmi_si: fix a memleak in try_smi_init() (git-fixes). * jffs2: correct logic when creating a hole in jffs2_write_begin (git-fixes). * kabi/severities: ignore newly added srso mitigation functions * kabi: allow extra bugsints (bsc#1213927). * kbuild: add -wno-shift-negative-value where -wextra is used (bsc#1214756). * kbuild: move to -std=gnu11 (bsc#1214756). * kernel-binary: common dependencies cleanup common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there. * kernel-binary: drop code for kerntypes support kerntypes was a suse-specific feature dropped before sle 12. * kunit: make kunit_test_timeout compatible with comment (git-fixes). * kvm: s390: fix sthyi error handling (git-fixes bsc#1214370). * leds: fix bug_on check for led_color_id_multi that is always false (git- fixes). * leds: multicolor: use rounded division when calculating color components (git-fixes). * leds: pwm: fix error code in led_pwm_create_fwnode() (git-fixes). * leds: trigger: tty: do not use led_on/off constants, use led_blink_set_oneshot instead (git-fixes). * leds: turris-omnia: drop unnecessary mutex locking (git-fixes). * lib/test_meminit: allocate pages up to order max_order (git-fixes). * lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test (git-fixes). * libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393). * md/raid0: factor out helper for mapping and submitting a bio (bsc#1213916). * md/raid0: fix performance regression for large sequential writes (bsc#1213916). * media: ad5820: drop unsupported ad5823 from i2c_ and of_device_id tables (git-fixes). * media: cx24120: add retval check for cx24120_message_send() (git-fixes). * media: dib7000p: fix potential division by zero (git-fixes). * media: dvb-usb: m920x: fix a potential memory leak in m920x_i2c_xfer() (git- fixes). * media: go7007: remove redundant if statement (git-fixes). * media: i2c: ccs: check rules is non-null (git-fixes). * media: i2c: rdacm21: fix uninitialized value (git-fixes). * media: i2c: tvp5150: check return value of devm_kasprintf() (git-fixes). * media: ov2680: add ov2680_fill_format() helper function (git-fixes). * media: ov2680: do not take the lock for try_fmt calls (git-fixes). * media: ov2680: fix ov2680_bayer_order() (git-fixes). * media: ov2680: fix ov2680_set_fmt() which == v4l2_subdev_format_try not working (git-fixes). * media: ov2680: fix regulators being left enabled on ov2680_power_on() errors (git-fixes). * media: ov2680: fix vflip / hflip set functions (git-fixes). * media: ov2680: remove video_v4l2_subdev_api ifdef-s (git-fixes). * media: ov5640: enable mipi interface in ov5640_set_power_mipi() (git-fixes). * media: rkvdec: increase max supported height for h.264 (git-fixes). * media: v4l2-core: fix a potential resource leak in v4l2_fwnode_parse_link() (git-fixes). * media: v4l2-mem2mem: add lock to protect parameter num_rdy (git-fixes). * media: venus: hfi_venus: only consider sys_idle_indicator on v1 (git-fixes). * media: venus: hfi_venus: write to vidc_ctrl_init after unmasking interrupts (git-fixes). * misc: rtsx: judge aspm mode to set petxcfg reg (git-fixes). * mkspec: allow unsupported kmps (bsc#1214386) * mlxsw: pci: add shutdown method in pci driver (git-fixes). * mmc: block: fix in_flight[issue_type] value error (git-fixes). * mmc: moxart: read scr register without changing byte order (git-fixes). * mmc: wbsd: fix double mmc_free_host() in wbsd_init() (git-fixes). * module: avoid allocation if module is already present and ready (bsc#1213921). * module: extract patient module check into helper (bsc#1213921). * module: move check_modinfo() early to early_mod_check() (bsc#1213921). * module: move early sanity checks into a helper (bsc#1213921). * move upstreamed powerpc patches into sorted section * mtd: rawnand: brcmnand: fix crash during the panic_write (git-fixes). * mtd: rawnand: brcmnand: fix mtd oobsize (git-fixes). * mtd: rawnand: brcmnand: fix potential false time out warning (git-fixes). * mtd: rawnand: brcmnand: fix potential out-of-bounds access in oob write (git-fixes). * mtd: rawnand: fsl_upm: fix an off-by one test in fun_exec_op() (git-fixes). * mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() (git- fixes). * mtd: rawnand: omap_elm: fix incorrect type in assignment (git-fixes). * mtd: rawnand: rockchip: align hwecc vs. raw page helper layouts (git-fixes). * mtd: rawnand: rockchip: fix oobfree offset and description (git-fixes). * mtd: spi-nor: check bus width while setting qe bit (git-fixes). * mtd: spinand: toshiba: fix ecc_get_status (git-fixes). * n_tty: rename tail to old_tail in n_tty_read() (git-fixes). * net: hns3: fix wrong bw weight of disabled tc issue (git-fixes). * net: ieee802154: at86rf230: stop leaking skb's (git-fixes). * net: mana: fix mana vf unload when hardware is unresponsive (git-fixes). * net: phy: at803x: remove set/get wol callbacks for ar8032 (git-fixes). * net: phy: broadcom: stub c45 read/write for 54810 (git-fixes). * net: phy: fix irq-based wake-on-lan over hibernate / power off (git-fixes). * net: usb: lan78xx: reorder cleanup operations to avoid uaf bugs (git-fixes). * net: usbnet: fix warning in usbnet_start_xmit/usb_submit_urb (git-fixes). * netfs: fix lockdep warning from taking sb_writers whilst holding mmap_lock (bsc#1214742). * netfs: fix missing xas_retry() calls in xarray iteration (bsc#1213946). * netfs: fix parameter of cleanup() (bsc#1214743). * nfsd: remove incorrect check in nfsd4_validate_stateid (git-fixes). * nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (git- fixes). * nilfs2: fix warning in mark_buffer_dirty due to discarded buffer reuse (git- fixes). * nvme-rdma: fix potential unbalanced freeze & unfreeze (bsc#1208902). * nvme-tcp: fix potential unbalanced freeze & unfreeze (bsc#1208902). * objtool/x86: fix srso mess (git-fixes). * objtool/x86: fixup frame-pointer vs rethunk (git-fixes). * objtool: union instruction::{call_dest,jump_table} (git-fixes). * old-flavors: drop 2.6 kernels. 2.6 based kernels are eol, upgrading from them is no longer suported. * pci/aspm: avoid link retraining race (git-fixes). * pci/aspm: factor out pcie_wait_for_retrain() (git-fixes). * pci/aspm: return 0 or -etimedout from pcie_retrain_link() (git-fixes). * pci: acpiphp: reassign resources on bridge if necessary (git-fixes). * pci: acpiphp: use pci_assign_unassigned_bridge_resources() only for non-root bus (git-fixes). * pci: mark nvidia t4 gpus to avoid bus reset (git-fixes). * pci: meson: remove cast between incompatible function type (git-fixes). * pci: microchip: correct the ded and sec interrupt bit offsets (git-fixes). * pci: microchip: remove cast between incompatible function type (git-fixes). * pci: pciehp: use rmw accessors for changing lnkctl (git-fixes). * pci: rockchip: remove writes to unused registers (git-fixes). * pci: s390: fix use-after-free of pci resources with per-function hotplug (git-fixes). * pci: tegra194: fix possible array out of bounds access (git-fixes). * pcmcia: rsrc_nonstatic: fix memory leak in nonstatic_release_resource_db() (git-fixes). * phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write (git- fixes). * phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate (git- fixes). * phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 (git-fixes). * phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend (git-fixes). * phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes). * phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc (git-fixes). * phy: qcom-snps: use dev_err_probe() to simplify code (git-fixes). * pinctrl: cherryview: fix address_space_handler() argument (git-fixes). * pinctrl: mcp23s08: check return value of devm_kasprintf() (git-fixes). * pinctrl: renesas: rza2: add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function} (git-fixes). * platform/x86: dell-sysman: fix reference leak (git-fixes). * pm / devfreq: fix leak in devfreq_dev_release() (git-fixes). * powerpc/64e: fix kexec build error (bsc#1212091 ltc#199106). * powerpc/iommu: do not set failed sg dma_address to dma_mapping_error (bsc#1212091 ltc#199106). * powerpc/iommu: fix iommu_table_in_use for a small default dma window case (bsc#1212091 ltc#199106). * powerpc/iommu: incorrect ddw table is referenced for sr-iov device (bsc#1212091 ltc#199106). * powerpc/iommu: return error code from .map_sg() ops (bsc#1212091 ltc#199106). * powerpc/iommu: tces are incorrectly manipulated with dlpar add/remove of memory (bsc#1212091 ltc#199106). * powerpc/kernel/iommu: add new iommu_table_in_use() helper (bsc#1212091 ltc#199106). * powerpc/kexec: fix build failure from uninitialised variable (bsc#1212091 ltc#199106). * powerpc/mm/altmap: fix altmap boundary check (bsc#1120059 git-fixes). * powerpc/pseries/ddw: do not try direct mapping with persistent memory and one window (bsc#1212091 ltc#199106). * powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: add ddw_list_new_entry() helper (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: add ddw_property_create() and refactor enable_ddw() (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: add iommu_pseries_alloc_table() helper (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: add of_node_put() before break (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: allow ddw windows starting at 0x00 (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: check if the default window in use before removing it (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: create huge dma window if no mmio32 is present (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: find existing ddw with given property name (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: make use of ddw for indirect mapping (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: print ibm,query-pe-dma-windows parameters (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: rename "direct window" to "dma window" (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: reorganize iommu_table_setparms*() with new helper (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: replace hard-coded page shift (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: update remove_dma_window() to accept property name (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: use correct vfree for it_map (bsc#1212091 ltc#199106). * powerpc/pseries: add __init attribute to eligible functions (bsc#1212091 ltc#199106). * powerpc/pseries: honour current smt state when dlpar onlining cpus (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * powerpc/pseries: initialise cpu hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * powerpc/rtas: block error injection when locked down (bsc#1023051). * powerpc/rtas: enture rtas_call is called with mmu enabled (bsc#1023051). * powerpc/rtas_flash: allow user copy to flash block cache objects (bsc#1194869). * powerpc/security: fix speculation_store_bypass reporting on power10 (bsc#1188885 ltc#193722 git-fixes). * powerpc: add hotplug_smt support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). update config files. * powerpc: fix typos in comments (bsc#1212091 ltc#199106). * powerpc: move dma64_propname define to a header (bsc#1214297 ltc#197503). * pseries/iommu/ddw: fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503). * pstore/ram: check start of empty przs during init (git-fixes). * pwm: add a stub for devm_pwmchip_add() (git-fixes). * pwm: meson: fix handling of period/duty if greater than uint_max (git- fixes). * pwm: meson: simplify duplicated per-channel tracking (git-fixes). * qed: fix scheduling in a tasklet while getting stats (git-fixes). * rdma/bnxt_re: fix error handling in probe failure path (git-fixes) * rdma/bnxt_re: fix max_qp count for virtual functions (git-fixes) * rdma/efa: fix wrong resources deallocation order (git-fixes) * rdma/hns: fix cq and qp cache affinity (git-fixes) * rdma/hns: fix incorrect post-send with direct wqe of wr-list (git-fixes) * rdma/hns: fix port active speed (git-fixes) * rdma/irdma: prevent zero-length stag registration (git-fixes) * rdma/irdma: replace one-element array with flexible-array member (git-fixes) * rdma/mlx5: return the firmware result upon destroying qp/rq (git-fixes) * rdma/qedr: remove a duplicate assignment in irdma_query_ah() (git-fixes) * rdma/siw: balance the reference of cep->kref in the error path (git-fixes) * rdma/siw: correct wrong debug message (git-fixes) * rdma/umem: set iova in odp flow (git-fixes) * readme.branch: add miroslav franc as a sle15-sp4 co-maintainer. * regmap: rbtree: use alloc_flags for memory allocations (git-fixes). * revert "ib/isert: fix incorrect release of isert connection" (git-fixes) * revert "tracing: add "(fault)" name injection to kernel probes" (git-fixes). * ring-buffer: do not swap cpu_buffer during resize process (git-fixes). * ring-buffer: fix deadloop issue on reading trace_pipe (git-fixes). * ring-buffer: fix wrong stat of cpu_buffer->read (git-fixes). * rpmsg: glink: add check for kstrdup (git-fixes). * s390/purgatory: disable branch profiling (git-fixes bsc#1214372). * sched/fair: fix inaccurate tally of ttwu_move_affine (git fixes). * sched/fair: use recent_used_cpu to test p->cpus_ptr (git fixes). * sched/psi: use kernfs polling functions for psi trigger polling (bsc#1209799). * scsi: bsg: increase number of devices (bsc#1210048). * scsi: core: do not wait for quiesce in scsi_device_block() (bsc#1209284). * scsi: core: do not wait for quiesce in scsi_stop_queue() (bsc#1209284). * scsi: core: improve warning message in scsi_device_block() (bsc#1209284). * scsi: core: merge scsi_internal_device_block() and device_block() (bsc#1209284). * scsi: rdma/srp: fix residual handling (git-fixes) * scsi: sg: increase number of devices (bsc#1210048). * scsi: storvsc: always set no_report_opcodes (git-fixes). * scsi: storvsc: fix handling of virtual fibre channel timeouts (git-fixes). * scsi: storvsc: handle srb status value 0x30 (git-fixes). * scsi: storvsc: limit max_sectors for virtual fibre channel devices (git- fixes). * scsi: zfcp: defer fc_rport blocking until after adisc response (git-fixes bsc#1214371). * selftests/futex: order calls to futex_lock_pi (git-fixes). * selftests/harness: actually report skip for signal tests (git-fixes). * selftests/resctrl: close perf value read fd on errors (git-fixes). * selftests/resctrl: do not leak buffer in fill_cache() (git-fixes). * selftests/resctrl: unmount resctrl fs if child fails to run benchmark (git- fixes). * selftests/rseq: check if libc rseq support is registered (git-fixes). * selftests: forwarding: add a helper to skip test when using veth pairs (git- fixes). * selftests: forwarding: ethtool: skip when using veth pairs (git-fixes). * selftests: forwarding: ethtool_extended_state: skip when using veth pairs (git-fixes). * selftests: forwarding: skip test when no interfaces are specified (git- fixes). * selftests: forwarding: switch off timeout (git-fixes). * selftests: forwarding: tc_actions: cleanup temporary files when test is aborted (git-fixes). * selftests: forwarding: tc_actions: use ncat instead of nc (git-fixes). * selftests: forwarding: tc_flower: relax success criterion (git-fixes). * selftests: mirror_gre_changes: tighten up the ttl test match (git-fixes). * serial: sc16is7xx: fix broken port 0 uart init (git-fixes). * serial: sc16is7xx: fix bug when first setting gpio direction (git-fixes). * serial: sprd: assign sprd_port after initialized to avoid wrong access (git- fixes). * serial: sprd: fix dma buffer leak issue (git-fixes). * serial: tegra: handle clk prepare error in tegra_uart_hw_init() (git-fixes). * sfc: fix crash when reading stats while nic is resetting (git-fixes). * smb3: do not send lease break acknowledgment if all file handles have been closed (git-fixes). * smb3: do not set ntlmssp_version flag for negotiate not auth request (bsc#1193629). * smb: client: fix -wstringop-overflow issues (bsc#1193629). * smb: client: fix dfs link mount against w2k8 (bsc#1212142). * smb: client: fix null auth (git-fixes). * soc: aspeed: socinfo: add kfree for kstrdup (git-fixes). * soundwire: bus: pm_runtime_request_resume on peripheral attachment (git- fixes). * soundwire: fix enumeration completion (git-fixes). * spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (git-fixes). * supported.conf: fix typos for -!optional markers * target: compare and write backend driver sense handling (bsc#1177719 bsc#1213026). * target_core_rbd: fix leak and reduce kmalloc calls (bsc#1212873). * target_core_rbd: fix rbd_img_request.snap_id assignment (bsc#1212857). * target_core_rbd: remove snapshot existence validation code (bsc#1212857). * thunderbolt: read retimer nvm authentication status prior tb_retimer_set_inbound_sbtx() (git-fixes). * timers: add shutdown mechanism to the internal functions (bsc#1213970). * timers: provide timer_shutdown_sync (bsc#1213970). * timers: rename del_timer() to timer_delete() (bsc#1213970). * timers: rename del_timer_sync() to timer_delete_sync() (bsc#1213970). * timers: replace bug_on()s (bsc#1213970). * timers: silently ignore timers with a null function (bsc#1213970). * timers: split [try_to_]del_timer_sync to prepare for shutdown mode (bsc#1213970). * timers: update kernel-doc for various functions (bsc#1213970). * timers: use del_timer_sync() even on up (bsc#1213970). * tracing/histograms: add histograms to hist_vars if they have referenced variables (git-fixes). * tracing/histograms: return an error if we fail to add histogram to hist_vars list (git-fixes). * tracing/probes: fix not to count error code to total length (git-fixes). * tracing/probes: fix to avoid double count of the string length on the array (git-fixes). * tracing/probes: fix to record 0-length data_loc in fetch_store_string*() if fails (git-fixes). * tracing/probes: fix to update dynamic data counter if fetcharg uses it (git- fixes). * tracing: fix cpu buffers unavailable due to 'record_disabled' missed (git- fixes). * tracing: fix memleak due to race between current_tracer and trace (git- fixes). * tracing: fix memory leak of iter->temp when reading trace_pipe (git-fixes). * tracing: fix null pointer dereference in tracing_err_log_open() (git-fixes). * tracing: fix warning in trace_buffered_event_disable() (git-fixes). * tty: fix hang on tty device with no_room set (git-fixes). * tty: n_gsm: fix the uaf caused by race condition in gsm_cleanup_mux (git- fixes). * tty: serial: fsl_lpuart: add i.mxrt1050 support (git-fixes). * tty: serial: fsl_lpuart: clear the error flags by writing 1 for lpuart32 platforms (git-fixes). * tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms (git-fixes). * tty: serial: fsl_lpuart: reduce rx watermark to 0 on ls1028a (git-fixes). * ubifs: fix memleak when insert_old_idx() failed (git-fixes). * update patches.suse/cpufreq-intel_pstate-fix-cpu-pstate.turbo_freq-initi (git-fixes bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). * usb-storage: alauda: fix uninit-value in alauda_check_media() (git-fixes). * usb: chipidea: imx: add missing usb phy dpdm wakeup setting (git-fixes). * usb: chipidea: imx: do not request qos for imx8ulp (git-fixes). * usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 (git- fixes). * usb: common: usb-conn-gpio: prevent bailing out if initial role is none (git-fixes). * usb: dwc3: fix typos in gadget.c (git-fixes). * usb: dwc3: meson-g12a: do post init to fix broken usb after resumption (git- fixes). * usb: dwc3: properly handle processing of pending events (git-fixes). * usb: gadget: f_mass_storage: fix unused variable warning (git-fixes). * usb: gadget: fix the memory leak in raw_gadget driver (git-fixes). * usb: gadget: u_serial: avoid spinlock recursion in __gs_console_push (git- fixes). * usb: ohci-at91: fix the unhandle interrupt when resume (git-fixes). * usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (git- fixes). * usb: quirks: add quirk for focusrite scarlett (git-fixes). * usb: serial: option: add quectel ec200a module support (git-fixes). * usb: serial: option: support quectel em060k_128 (git-fixes). * usb: serial: simple: add kaufmann rks+can vcp (git-fixes). * usb: serial: simple: sort driver entries (git-fixes). * usb: typec: altmodes/displayport: signal hpd when configuring pin assignment (git-fixes). * usb: typec: tcpm: fix response to vsafe0v event (git-fixes). * usb: typec: tcpm: set initial svdm version based on pd revision (git-fixes). * usb: zaurus: add id for a-300/b-500/c-700 (git-fixes). * watchdog: sp5100_tco: support hygon fch/sch (server controller hub) (git- fixes). * wifi: ath10k: use rmw accessors for changing lnkctl (git-fixes). * wifi: ath11k: use rmw accessors for changing lnkctl (git-fixes). * wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx (git- fixes). * wifi: ath9k: protect wmi command response buffer replacement with a lock (git-fixes). * wifi: ath9k: use is_err() with debugfs_create_dir() (git-fixes). * wifi: cfg80211: fix return value in scan logic (git-fixes). * wifi: cfg80211: fix sband iftype data lookup for ap_vlan (git-fixes). * wifi: mt76: mt7615: do not advertise 5 ghz on first phy of mt7615d (dbdc) (git-fixes). * wifi: mt76: mt7915: fix power-limits while chan_switch (git-fixes). * wifi: mt76: mt7921: do not support one stream on secondary antenna only (git-fixes). * wifi: mt76: testmode: add nla_policy for mt76_tm_attr_tx_length (git-fixes). * wifi: mwifiex: avoid possible null skb pointer dereference (git-fixes). * wifi: mwifiex: fix error recovery in pcie buffer descriptor management (git- fixes). * wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (git-fixes). * wifi: mwifiex: fix missed return in oob checks failed path (git-fixes). * wifi: mwifiex: fix oob and integer underflow when rx packets (git-fixes). * wifi: nl80211/cfg80211: add forgotten nla_policy for bss color attribute (git-fixes). * wifi: radiotap: fix kernel-doc notation warnings (git-fixes). * wifi: rtw89: debug: fix error handling in rtw89_debug_priv_btc_manual_set() (git-fixes). * x86/alternative: make custom return thunk unconditional (git-fixes). * x86/cpu/amd: disable xsaves on amd family 0x17 (git-fixes). * x86/cpu/kvm: provide untrain_ret_vm (git-fixes). * x86/cpu: clean up srso return thunk mess (git-fixes). * x86/cpu: cleanup the untrain mess (git-fixes). * x86/cpu: fix __x86_return_thunk symbol type (git-fixes). * x86/cpu: fix up srso_safe_ret() and __x86_return_thunk() (git-fixes). * x86/cpu: rename original retbleed methods (git-fixes). * x86/cpu: rename srso_(.*) _alias to srso_alias_ \1 (git-fixes). * x86/mce: make sure logged mces are processed after sysfs update (git-fixes). * x86/retpoline,kprobes: fix position of thunk sections with config_lto_clang (git-fixes). * x86/retpoline,kprobes: skip optprobe check for indirect jumps with retpolines and ibt (git-fixes). * x86/retpoline: do not clobber rflags during srso_safe_ret() (git-fixes). * x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635). * x86/speculation: add cpu_show_gds() prototype (git-fixes). * x86/speculation: mark all skylake cpus as vulnerable to gds (git-fixes). * x86/srso: correct the mitigation status when smt is disabled (git-fixes). * x86/srso: disable the mitigation on unaffected configurations (git-fixes). * x86/srso: explain the untraining sequences a bit more (git-fixes). * x86/srso: fix build breakage with the llvm linker (git-fixes). * x86/srso: fix return thunks in generated code (git-fixes). * x86/static_call: fix __static_call_fixup() (git-fixes). * xfs: fix sb write verify for lazysbcount (bsc#1214661). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3964=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3964=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3964=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3964=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3964=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-3964=1 * SUSE Real Time Module 15-SP4 zypper in -t patch SUSE-SLE-Module-RT-15-SP4-2023-3964=1 ## Package List: * openSUSE Leap 15.4 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.53.1 * dlm-kmp-rt-5.14.21-150400.15.53.1 * kernel-rt-devel-5.14.21-150400.15.53.1 * gfs2-kmp-rt-debuginfo-5.14.21-150400.15.53.1 * kernel-rt_debug-debugsource-5.14.21-150400.15.53.1 * kernel-rt-devel-debuginfo-5.14.21-150400.15.53.1 * kernel-rt_debug-debuginfo-5.14.21-150400.15.53.1 * kernel-rt-debuginfo-5.14.21-150400.15.53.1 * kernel-rt_debug-devel-5.14.21-150400.15.53.1 * kernel-syms-rt-5.14.21-150400.15.53.1 * dlm-kmp-rt-debuginfo-5.14.21-150400.15.53.1 * ocfs2-kmp-rt-debuginfo-5.14.21-150400.15.53.1 * gfs2-kmp-rt-5.14.21-150400.15.53.1 * cluster-md-kmp-rt-debuginfo-5.14.21-150400.15.53.1 * kernel-rt_debug-devel-debuginfo-5.14.21-150400.15.53.1 * cluster-md-kmp-rt-5.14.21-150400.15.53.1 * ocfs2-kmp-rt-5.14.21-150400.15.53.1 * openSUSE Leap 15.4 (noarch) * kernel-source-rt-5.14.21-150400.15.53.1 * kernel-devel-rt-5.14.21-150400.15.53.1 * openSUSE Leap 15.4 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.53.1 * kernel-rt_debug-5.14.21-150400.15.53.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.53.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.53.1 * kernel-rt-debuginfo-5.14.21-150400.15.53.1 * SUSE Linux Enterprise Micro 5.3 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.53.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.53.1 * kernel-rt-debuginfo-5.14.21-150400.15.53.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.53.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.53.1 * kernel-rt-debuginfo-5.14.21-150400.15.53.1 * SUSE Linux Enterprise Micro 5.4 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.53.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.53.1 * kernel-rt-debuginfo-5.14.21-150400.15.53.1 * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * kernel-livepatch-5_14_21-150400_15_53-rt-1-150400.1.3.1 * kernel-livepatch-SLE15-SP4-RT_Update_13-debugsource-1-150400.1.3.1 * kernel-livepatch-5_14_21-150400_15_53-rt-debuginfo-1-150400.1.3.1 * SUSE Real Time Module 15-SP4 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.53.1 * dlm-kmp-rt-5.14.21-150400.15.53.1 * kernel-rt-devel-5.14.21-150400.15.53.1 * gfs2-kmp-rt-debuginfo-5.14.21-150400.15.53.1 * kernel-rt_debug-debugsource-5.14.21-150400.15.53.1 * kernel-rt-devel-debuginfo-5.14.21-150400.15.53.1 * kernel-rt_debug-debuginfo-5.14.21-150400.15.53.1 * kernel-rt-debuginfo-5.14.21-150400.15.53.1 * kernel-rt_debug-devel-5.14.21-150400.15.53.1 * kernel-syms-rt-5.14.21-150400.15.53.1 * dlm-kmp-rt-debuginfo-5.14.21-150400.15.53.1 * ocfs2-kmp-rt-debuginfo-5.14.21-150400.15.53.1 * gfs2-kmp-rt-5.14.21-150400.15.53.1 * cluster-md-kmp-rt-debuginfo-5.14.21-150400.15.53.1 * kernel-rt_debug-devel-debuginfo-5.14.21-150400.15.53.1 * cluster-md-kmp-rt-5.14.21-150400.15.53.1 * ocfs2-kmp-rt-5.14.21-150400.15.53.1 * SUSE Real Time Module 15-SP4 (noarch) * kernel-source-rt-5.14.21-150400.15.53.1 * kernel-devel-rt-5.14.21-150400.15.53.1 * SUSE Real Time Module 15-SP4 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.53.1 * kernel-rt_debug-5.14.21-150400.15.53.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2007.html * https://www.suse.com/security/cve/CVE-2023-20588.html * https://www.suse.com/security/cve/CVE-2023-34319.html * https://www.suse.com/security/cve/CVE-2023-3610.html * https://www.suse.com/security/cve/CVE-2023-37453.html * https://www.suse.com/security/cve/CVE-2023-3772.html * https://www.suse.com/security/cve/CVE-2023-3863.html * https://www.suse.com/security/cve/CVE-2023-4128.html * https://www.suse.com/security/cve/CVE-2023-4133.html * https://www.suse.com/security/cve/CVE-2023-4134.html * https://www.suse.com/security/cve/CVE-2023-4147.html * https://www.suse.com/security/cve/CVE-2023-4194.html * https://www.suse.com/security/cve/CVE-2023-4273.html * https://www.suse.com/security/cve/CVE-2023-4387.html * https://www.suse.com/security/cve/CVE-2023-4459.html * https://www.suse.com/security/cve/CVE-2023-4569.html * https://bugzilla.suse.com/show_bug.cgi?id=1023051 * https://bugzilla.suse.com/show_bug.cgi?id=1120059 * https://bugzilla.suse.com/show_bug.cgi?id=1177719 * https://bugzilla.suse.com/show_bug.cgi?id=1188885 * https://bugzilla.suse.com/show_bug.cgi?id=1193629 * https://bugzilla.suse.com/show_bug.cgi?id=1194869 * https://bugzilla.suse.com/show_bug.cgi?id=1205462 * https://bugzilla.suse.com/show_bug.cgi?id=1208902 * https://bugzilla.suse.com/show_bug.cgi?id=1208949 * https://bugzilla.suse.com/show_bug.cgi?id=1209284 * https://bugzilla.suse.com/show_bug.cgi?id=1209799 * https://bugzilla.suse.com/show_bug.cgi?id=1210048 * https://bugzilla.suse.com/show_bug.cgi?id=1210448 * https://bugzilla.suse.com/show_bug.cgi?id=1212091 * https://bugzilla.suse.com/show_bug.cgi?id=1212142 * https://bugzilla.suse.com/show_bug.cgi?id=1212526 * https://bugzilla.suse.com/show_bug.cgi?id=1212857 * https://bugzilla.suse.com/show_bug.cgi?id=1212873 * https://bugzilla.suse.com/show_bug.cgi?id=1213026 * https://bugzilla.suse.com/show_bug.cgi?id=1213123 * https://bugzilla.suse.com/show_bug.cgi?id=1213546 * https://bugzilla.suse.com/show_bug.cgi?id=1213580 * https://bugzilla.suse.com/show_bug.cgi?id=1213601 * https://bugzilla.suse.com/show_bug.cgi?id=1213666 * https://bugzilla.suse.com/show_bug.cgi?id=1213757 * https://bugzilla.suse.com/show_bug.cgi?id=1213759 * https://bugzilla.suse.com/show_bug.cgi?id=1213916 * https://bugzilla.suse.com/show_bug.cgi?id=1213921 * https://bugzilla.suse.com/show_bug.cgi?id=1213927 * https://bugzilla.suse.com/show_bug.cgi?id=1213946 * https://bugzilla.suse.com/show_bug.cgi?id=1213968 * https://bugzilla.suse.com/show_bug.cgi?id=1213970 * https://bugzilla.suse.com/show_bug.cgi?id=1213971 * https://bugzilla.suse.com/show_bug.cgi?id=1214000 * https://bugzilla.suse.com/show_bug.cgi?id=1214019 * https://bugzilla.suse.com/show_bug.cgi?id=1214120 * https://bugzilla.suse.com/show_bug.cgi?id=1214149 * https://bugzilla.suse.com/show_bug.cgi?id=1214180 * https://bugzilla.suse.com/show_bug.cgi?id=1214238 * https://bugzilla.suse.com/show_bug.cgi?id=1214285 * https://bugzilla.suse.com/show_bug.cgi?id=1214297 * https://bugzilla.suse.com/show_bug.cgi?id=1214299 * https://bugzilla.suse.com/show_bug.cgi?id=1214350 * https://bugzilla.suse.com/show_bug.cgi?id=1214368 * https://bugzilla.suse.com/show_bug.cgi?id=1214370 * https://bugzilla.suse.com/show_bug.cgi?id=1214371 * https://bugzilla.suse.com/show_bug.cgi?id=1214372 * https://bugzilla.suse.com/show_bug.cgi?id=1214380 * https://bugzilla.suse.com/show_bug.cgi?id=1214386 * https://bugzilla.suse.com/show_bug.cgi?id=1214392 * https://bugzilla.suse.com/show_bug.cgi?id=1214393 * https://bugzilla.suse.com/show_bug.cgi?id=1214397 * https://bugzilla.suse.com/show_bug.cgi?id=1214428 * https://bugzilla.suse.com/show_bug.cgi?id=1214451 * https://bugzilla.suse.com/show_bug.cgi?id=1214635 * https://bugzilla.suse.com/show_bug.cgi?id=1214659 * https://bugzilla.suse.com/show_bug.cgi?id=1214661 * https://bugzilla.suse.com/show_bug.cgi?id=1214729 * https://bugzilla.suse.com/show_bug.cgi?id=1214742 * https://bugzilla.suse.com/show_bug.cgi?id=1214743 * https://bugzilla.suse.com/show_bug.cgi?id=1214756 * https://bugzilla.suse.com/show_bug.cgi?id=1215522 * https://bugzilla.suse.com/show_bug.cgi?id=1215523 * https://bugzilla.suse.com/show_bug.cgi?id=1215552 * https://bugzilla.suse.com/show_bug.cgi?id=1215553 * https://jira.suse.com/browse/PED-4579 * https://jira.suse.com/browse/PED-4759 * https://jira.suse.com/browse/PED-4927 * https://jira.suse.com/browse/PED-4929 * https://jira.suse.com/browse/PED-5738 * https://jira.suse.com/browse/PED-6003 * https://jira.suse.com/browse/PED-6004 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 4 08:31:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 04 Oct 2023 08:31:55 -0000 Subject: SUSE-SU-2023:3965-1: moderate: Security update for libXpm Message-ID: <169640831539.2567.10655090731900533216@smelt2.prg2.suse.org> # Security update for libXpm Announcement ID: SUSE-SU-2023:3965-1 Rating: moderate References: * #1215686 * #1215687 Cross-References: * CVE-2023-43788 * CVE-2023-43789 CVSS scores: * CVE-2023-43788 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H * CVE-2023-43789 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for libXpm fixes the following issues: * CVE-2023-43788: Fixed an out of bounds read when creating an image (bsc#1215686). * CVE-2023-43789: Fixed an out of bounds read when parsing an XPM file with a corrupted colormap (bsc#1215687). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3965=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3965=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3965=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3965=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3965=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3965=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3965=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3965=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3965=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-3965=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-3965=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libXpm4-debuginfo-3.5.12-150000.3.10.1 * libXpm-tools-3.5.12-150000.3.10.1 * libXpm4-3.5.12-150000.3.10.1 * libXpm-tools-debuginfo-3.5.12-150000.3.10.1 * libXpm-devel-3.5.12-150000.3.10.1 * libXpm-debugsource-3.5.12-150000.3.10.1 * openSUSE Leap 15.4 (x86_64) * libXpm4-32bit-debuginfo-3.5.12-150000.3.10.1 * libXpm-devel-32bit-3.5.12-150000.3.10.1 * libXpm4-32bit-3.5.12-150000.3.10.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libXpm4-debuginfo-3.5.12-150000.3.10.1 * libXpm-tools-3.5.12-150000.3.10.1 * libXpm4-3.5.12-150000.3.10.1 * libXpm-tools-debuginfo-3.5.12-150000.3.10.1 * libXpm-devel-3.5.12-150000.3.10.1 * libXpm-debugsource-3.5.12-150000.3.10.1 * openSUSE Leap 15.5 (x86_64) * libXpm4-32bit-debuginfo-3.5.12-150000.3.10.1 * libXpm-devel-32bit-3.5.12-150000.3.10.1 * libXpm4-32bit-3.5.12-150000.3.10.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libXpm4-3.5.12-150000.3.10.1 * libXpm-devel-3.5.12-150000.3.10.1 * libXpm-debugsource-3.5.12-150000.3.10.1 * libXpm4-debuginfo-3.5.12-150000.3.10.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libXpm4-3.5.12-150000.3.10.1 * libXpm-devel-3.5.12-150000.3.10.1 * libXpm-debugsource-3.5.12-150000.3.10.1 * libXpm4-debuginfo-3.5.12-150000.3.10.1 * SUSE Package Hub 15 15-SP4 (x86_64) * libXpm4-32bit-debuginfo-3.5.12-150000.3.10.1 * libXpm4-32bit-3.5.12-150000.3.10.1 * libXpm-debugsource-3.5.12-150000.3.10.1 * SUSE Package Hub 15 15-SP5 (x86_64) * libXpm4-32bit-debuginfo-3.5.12-150000.3.10.1 * libXpm4-32bit-3.5.12-150000.3.10.1 * libXpm-debugsource-3.5.12-150000.3.10.1 * SUSE Manager Proxy 4.2 (x86_64) * libXpm4-3.5.12-150000.3.10.1 * libXpm-devel-3.5.12-150000.3.10.1 * libXpm-debugsource-3.5.12-150000.3.10.1 * libXpm4-debuginfo-3.5.12-150000.3.10.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libXpm4-3.5.12-150000.3.10.1 * libXpm-devel-3.5.12-150000.3.10.1 * libXpm-debugsource-3.5.12-150000.3.10.1 * libXpm4-debuginfo-3.5.12-150000.3.10.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libXpm4-3.5.12-150000.3.10.1 * libXpm-devel-3.5.12-150000.3.10.1 * libXpm-debugsource-3.5.12-150000.3.10.1 * libXpm4-debuginfo-3.5.12-150000.3.10.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * libXpm-tools-3.5.12-150000.3.10.1 * libXpm-debugsource-3.5.12-150000.3.10.1 * libXpm-tools-debuginfo-3.5.12-150000.3.10.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * libXpm-tools-3.5.12-150000.3.10.1 * libXpm-debugsource-3.5.12-150000.3.10.1 * libXpm-tools-debuginfo-3.5.12-150000.3.10.1 ## References: * https://www.suse.com/security/cve/CVE-2023-43788.html * https://www.suse.com/security/cve/CVE-2023-43789.html * https://bugzilla.suse.com/show_bug.cgi?id=1215686 * https://bugzilla.suse.com/show_bug.cgi?id=1215687 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 4 08:31:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 04 Oct 2023 08:31:58 -0000 Subject: SUSE-SU-2023:3963-1: moderate: Security update for libX11 Message-ID: <169640831862.2567.3186033271781289836@smelt2.prg2.suse.org> # Security update for libX11 Announcement ID: SUSE-SU-2023:3963-1 Rating: moderate References: * #1215683 * #1215684 * #1215685 Cross-References: * CVE-2023-43785 * CVE-2023-43786 * CVE-2023-43787 CVSS scores: * CVE-2023-43785 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L * CVE-2023-43786 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-43787 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves three vulnerabilities can now be installed. ## Description: This update for libX11 fixes the following issues: * CVE-2023-43786: Fixed stack exhaustion from infinite recursion in PutSubImage() (bsc#1215684). * CVE-2023-43787: Fixed integer overflow in XCreateImage() leading to a heap overflow (bsc#1215685). * CVE-2023-43785: Fixed out-of-bounds memory access in _XkbReadKeySyms() (bsc#1215683). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3963=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3963=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3963=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3963=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3963=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-3963=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3963=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3963=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3963=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3963=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3963=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3963=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3963=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3963=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libX11-xcb1-1.6.5-150000.3.33.1 * libX11-6-1.6.5-150000.3.33.1 * libX11-6-debuginfo-1.6.5-150000.3.33.1 * libX11-xcb1-debuginfo-1.6.5-150000.3.33.1 * libX11-debugsource-1.6.5-150000.3.33.1 * libX11-devel-1.6.5-150000.3.33.1 * openSUSE Leap 15.5 (x86_64) * libX11-6-32bit-debuginfo-1.6.5-150000.3.33.1 * libX11-devel-32bit-1.6.5-150000.3.33.1 * libX11-6-32bit-1.6.5-150000.3.33.1 * libX11-xcb1-32bit-debuginfo-1.6.5-150000.3.33.1 * libX11-xcb1-32bit-1.6.5-150000.3.33.1 * openSUSE Leap 15.5 (noarch) * libX11-data-1.6.5-150000.3.33.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libX11-xcb1-1.6.5-150000.3.33.1 * libX11-6-1.6.5-150000.3.33.1 * libX11-6-debuginfo-1.6.5-150000.3.33.1 * libX11-xcb1-debuginfo-1.6.5-150000.3.33.1 * libX11-debugsource-1.6.5-150000.3.33.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * libX11-data-1.6.5-150000.3.33.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libX11-xcb1-1.6.5-150000.3.33.1 * libX11-6-1.6.5-150000.3.33.1 * libX11-6-debuginfo-1.6.5-150000.3.33.1 * libX11-xcb1-debuginfo-1.6.5-150000.3.33.1 * libX11-debugsource-1.6.5-150000.3.33.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * libX11-data-1.6.5-150000.3.33.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libX11-xcb1-1.6.5-150000.3.33.1 * libX11-6-1.6.5-150000.3.33.1 * libX11-6-debuginfo-1.6.5-150000.3.33.1 * libX11-xcb1-debuginfo-1.6.5-150000.3.33.1 * libX11-debugsource-1.6.5-150000.3.33.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * libX11-data-1.6.5-150000.3.33.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libX11-xcb1-1.6.5-150000.3.33.1 * libX11-6-1.6.5-150000.3.33.1 * libX11-6-debuginfo-1.6.5-150000.3.33.1 * libX11-xcb1-debuginfo-1.6.5-150000.3.33.1 * libX11-debugsource-1.6.5-150000.3.33.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * libX11-data-1.6.5-150000.3.33.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * libX11-xcb1-1.6.5-150000.3.33.1 * libX11-6-1.6.5-150000.3.33.1 * libX11-6-debuginfo-1.6.5-150000.3.33.1 * libX11-xcb1-debuginfo-1.6.5-150000.3.33.1 * libX11-debugsource-1.6.5-150000.3.33.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * libX11-data-1.6.5-150000.3.33.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libX11-xcb1-1.6.5-150000.3.33.1 * libX11-6-1.6.5-150000.3.33.1 * libX11-6-debuginfo-1.6.5-150000.3.33.1 * libX11-xcb1-debuginfo-1.6.5-150000.3.33.1 * libX11-debugsource-1.6.5-150000.3.33.1 * libX11-devel-1.6.5-150000.3.33.1 * Basesystem Module 15-SP4 (noarch) * libX11-data-1.6.5-150000.3.33.1 * Basesystem Module 15-SP4 (x86_64) * libX11-6-32bit-debuginfo-1.6.5-150000.3.33.1 * libX11-xcb1-32bit-1.6.5-150000.3.33.1 * libX11-6-32bit-1.6.5-150000.3.33.1 * libX11-xcb1-32bit-debuginfo-1.6.5-150000.3.33.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libX11-xcb1-1.6.5-150000.3.33.1 * libX11-6-1.6.5-150000.3.33.1 * libX11-6-debuginfo-1.6.5-150000.3.33.1 * libX11-xcb1-debuginfo-1.6.5-150000.3.33.1 * libX11-debugsource-1.6.5-150000.3.33.1 * libX11-devel-1.6.5-150000.3.33.1 * Basesystem Module 15-SP5 (noarch) * libX11-data-1.6.5-150000.3.33.1 * Basesystem Module 15-SP5 (x86_64) * libX11-xcb1-32bit-debuginfo-1.6.5-150000.3.33.1 * libX11-6-32bit-debuginfo-1.6.5-150000.3.33.1 * libX11-6-32bit-1.6.5-150000.3.33.1 * libX11-xcb1-32bit-1.6.5-150000.3.33.1 * SUSE Manager Proxy 4.2 (x86_64) * libX11-xcb1-1.6.5-150000.3.33.1 * libX11-6-32bit-debuginfo-1.6.5-150000.3.33.1 * libX11-xcb1-32bit-1.6.5-150000.3.33.1 * libX11-6-32bit-1.6.5-150000.3.33.1 * libX11-6-1.6.5-150000.3.33.1 * libX11-xcb1-32bit-debuginfo-1.6.5-150000.3.33.1 * libX11-6-debuginfo-1.6.5-150000.3.33.1 * libX11-xcb1-debuginfo-1.6.5-150000.3.33.1 * libX11-debugsource-1.6.5-150000.3.33.1 * libX11-devel-1.6.5-150000.3.33.1 * SUSE Manager Proxy 4.2 (noarch) * libX11-data-1.6.5-150000.3.33.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libX11-xcb1-1.6.5-150000.3.33.1 * libX11-6-32bit-debuginfo-1.6.5-150000.3.33.1 * libX11-xcb1-32bit-1.6.5-150000.3.33.1 * libX11-6-32bit-1.6.5-150000.3.33.1 * libX11-6-1.6.5-150000.3.33.1 * libX11-xcb1-32bit-debuginfo-1.6.5-150000.3.33.1 * libX11-6-debuginfo-1.6.5-150000.3.33.1 * libX11-xcb1-debuginfo-1.6.5-150000.3.33.1 * libX11-debugsource-1.6.5-150000.3.33.1 * libX11-devel-1.6.5-150000.3.33.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * libX11-data-1.6.5-150000.3.33.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libX11-xcb1-1.6.5-150000.3.33.1 * libX11-6-1.6.5-150000.3.33.1 * libX11-6-debuginfo-1.6.5-150000.3.33.1 * libX11-xcb1-debuginfo-1.6.5-150000.3.33.1 * libX11-debugsource-1.6.5-150000.3.33.1 * libX11-devel-1.6.5-150000.3.33.1 * SUSE Manager Server 4.2 (noarch) * libX11-data-1.6.5-150000.3.33.1 * SUSE Manager Server 4.2 (x86_64) * libX11-6-32bit-1.6.5-150000.3.33.1 * libX11-6-32bit-debuginfo-1.6.5-150000.3.33.1 * libX11-xcb1-32bit-1.6.5-150000.3.33.1 * libX11-xcb1-32bit-debuginfo-1.6.5-150000.3.33.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libX11-xcb1-1.6.5-150000.3.33.1 * libX11-6-1.6.5-150000.3.33.1 * libX11-6-debuginfo-1.6.5-150000.3.33.1 * libX11-xcb1-debuginfo-1.6.5-150000.3.33.1 * libX11-debugsource-1.6.5-150000.3.33.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * libX11-data-1.6.5-150000.3.33.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libX11-xcb1-1.6.5-150000.3.33.1 * libX11-6-1.6.5-150000.3.33.1 * libX11-6-debuginfo-1.6.5-150000.3.33.1 * libX11-xcb1-debuginfo-1.6.5-150000.3.33.1 * libX11-debugsource-1.6.5-150000.3.33.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * libX11-data-1.6.5-150000.3.33.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libX11-xcb1-1.6.5-150000.3.33.1 * libX11-6-1.6.5-150000.3.33.1 * libX11-6-debuginfo-1.6.5-150000.3.33.1 * libX11-xcb1-debuginfo-1.6.5-150000.3.33.1 * libX11-debugsource-1.6.5-150000.3.33.1 * libX11-devel-1.6.5-150000.3.33.1 * openSUSE Leap 15.4 (x86_64) * libX11-6-32bit-debuginfo-1.6.5-150000.3.33.1 * libX11-devel-32bit-1.6.5-150000.3.33.1 * libX11-6-32bit-1.6.5-150000.3.33.1 * libX11-xcb1-32bit-debuginfo-1.6.5-150000.3.33.1 * libX11-xcb1-32bit-1.6.5-150000.3.33.1 * openSUSE Leap 15.4 (noarch) * libX11-data-1.6.5-150000.3.33.1 ## References: * https://www.suse.com/security/cve/CVE-2023-43785.html * https://www.suse.com/security/cve/CVE-2023-43786.html * https://www.suse.com/security/cve/CVE-2023-43787.html * https://bugzilla.suse.com/show_bug.cgi?id=1215683 * https://bugzilla.suse.com/show_bug.cgi?id=1215684 * https://bugzilla.suse.com/show_bug.cgi?id=1215685 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 4 08:32:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 04 Oct 2023 08:32:01 -0000 Subject: SUSE-SU-2023:3962-1: moderate: Security update for libXpm Message-ID: <169640832165.2567.4934629541836763413@smelt2.prg2.suse.org> # Security update for libXpm Announcement ID: SUSE-SU-2023:3962-1 Rating: moderate References: * #1215686 * #1215687 Cross-References: * CVE-2023-43788 * CVE-2023-43789 CVSS scores: * CVE-2023-43788 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H * CVE-2023-43789 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for libXpm fixes the following issues: * CVE-2023-43788: Fixed an out of bounds read when creating an image (bsc#1215686). * CVE-2023-43789: Fixed an out of bounds read when parsing an XPM file with a corrupted colormap (bsc#1215687). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3962=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3962=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3962=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3962=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libXpm-debugsource-3.5.11-6.10.1 * libXpm-devel-3.5.11-6.10.1 * libXpm-tools-3.5.11-6.10.1 * libXpm-tools-debuginfo-3.5.11-6.10.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libXpm-debugsource-3.5.11-6.10.1 * libXpm4-debuginfo-3.5.11-6.10.1 * libXpm4-3.5.11-6.10.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libXpm4-32bit-3.5.11-6.10.1 * libXpm4-debuginfo-32bit-3.5.11-6.10.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libXpm-debugsource-3.5.11-6.10.1 * libXpm4-debuginfo-3.5.11-6.10.1 * libXpm4-3.5.11-6.10.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libXpm4-32bit-3.5.11-6.10.1 * libXpm4-debuginfo-32bit-3.5.11-6.10.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libXpm-debugsource-3.5.11-6.10.1 * libXpm4-debuginfo-3.5.11-6.10.1 * libXpm4-3.5.11-6.10.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libXpm4-32bit-3.5.11-6.10.1 * libXpm4-debuginfo-32bit-3.5.11-6.10.1 ## References: * https://www.suse.com/security/cve/CVE-2023-43788.html * https://www.suse.com/security/cve/CVE-2023-43789.html * https://bugzilla.suse.com/show_bug.cgi?id=1215686 * https://bugzilla.suse.com/show_bug.cgi?id=1215687 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 4 08:32:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 04 Oct 2023 08:32:03 -0000 Subject: SUSE-RU-2023:3959-1: moderate: Recommended update to qca-qt5 Message-ID: <169640832368.2567.14691606612334949770@smelt2.prg2.suse.org> # Recommended update to qca-qt5 Announcement ID: SUSE-RU-2023:3959-1 Rating: moderate References: * #1215824 Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that has one fix can now be installed. ## Description: This update for qca-qt5 ships it to the PackageHub for use by KDE programs. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3959=1 openSUSE-SLE-15.5-2023-3959=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3959=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libqca-qt5-2-debuginfo-2.3.5-150500.3.2.1 * libqca-qt6-2-2.3.5-150500.3.2.1 * qca-qt5-devel-debuginfo-2.3.5-150500.3.2.1 * qca-qt6-plugins-2.3.5-150500.3.2.1 * qca-qt5-plugins-debuginfo-2.3.5-150500.3.2.1 * qca-qt6-debugsource-2.3.5-150500.3.2.1 * qca-qt5-debugsource-2.3.5-150500.3.2.1 * libqca-qt6-2-debuginfo-2.3.5-150500.3.2.1 * qca-qt6-devel-debuginfo-2.3.5-150500.3.2.1 * qca-qt5-2.3.5-150500.3.2.1 * qca-qt5-plugins-2.3.5-150500.3.2.1 * qca-qt5-debuginfo-2.3.5-150500.3.2.1 * libqca-qt5-2-2.3.5-150500.3.2.1 * qca-qt6-debuginfo-2.3.5-150500.3.2.1 * qca-qt5-devel-2.3.5-150500.3.2.1 * qca-qt6-2.3.5-150500.3.2.1 * qca-qt6-devel-2.3.5-150500.3.2.1 * qca-qt6-plugins-debuginfo-2.3.5-150500.3.2.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * qca-qt5-2.3.5-150500.3.2.1 * libqca-qt5-2-2.3.5-150500.3.2.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215824 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 4 08:32:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 04 Oct 2023 08:32:05 -0000 Subject: SUSE-SU-2023:3958-1: moderate: Security update for openssl-1_1 Message-ID: <169640832563.2567.11590017490707087446@smelt2.prg2.suse.org> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2023:3958-1 Rating: moderate References: * #1213853 Cross-References: * CVE-2023-3817 CVSS scores: * CVE-2023-3817 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-3817 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3958=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3958=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3958=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libopenssl1_1-hmac-1.1.0i-150100.14.65.6 * libopenssl1_1-debuginfo-1.1.0i-150100.14.65.6 * openssl-1_1-1.1.0i-150100.14.65.6 * libopenssl-1_1-devel-1.1.0i-150100.14.65.6 * openssl-1_1-debugsource-1.1.0i-150100.14.65.6 * libopenssl1_1-1.1.0i-150100.14.65.6 * openssl-1_1-debuginfo-1.1.0i-150100.14.65.6 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.65.6 * libopenssl1_1-hmac-32bit-1.1.0i-150100.14.65.6 * libopenssl-1_1-devel-32bit-1.1.0i-150100.14.65.6 * libopenssl1_1-32bit-1.1.0i-150100.14.65.6 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-hmac-1.1.0i-150100.14.65.6 * libopenssl1_1-debuginfo-1.1.0i-150100.14.65.6 * openssl-1_1-1.1.0i-150100.14.65.6 * libopenssl-1_1-devel-1.1.0i-150100.14.65.6 * openssl-1_1-debugsource-1.1.0i-150100.14.65.6 * libopenssl1_1-1.1.0i-150100.14.65.6 * openssl-1_1-debuginfo-1.1.0i-150100.14.65.6 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.65.6 * libopenssl1_1-hmac-32bit-1.1.0i-150100.14.65.6 * libopenssl-1_1-devel-32bit-1.1.0i-150100.14.65.6 * libopenssl1_1-32bit-1.1.0i-150100.14.65.6 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libopenssl1_1-hmac-1.1.0i-150100.14.65.6 * libopenssl1_1-debuginfo-1.1.0i-150100.14.65.6 * openssl-1_1-1.1.0i-150100.14.65.6 * libopenssl-1_1-devel-1.1.0i-150100.14.65.6 * openssl-1_1-debugsource-1.1.0i-150100.14.65.6 * libopenssl1_1-1.1.0i-150100.14.65.6 * openssl-1_1-debuginfo-1.1.0i-150100.14.65.6 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.65.6 * libopenssl1_1-hmac-32bit-1.1.0i-150100.14.65.6 * libopenssl-1_1-devel-32bit-1.1.0i-150100.14.65.6 * libopenssl1_1-32bit-1.1.0i-150100.14.65.6 * SUSE CaaS Platform 4.0 (x86_64) * libopenssl1_1-hmac-1.1.0i-150100.14.65.6 * libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.65.6 * libopenssl1_1-debuginfo-1.1.0i-150100.14.65.6 * openssl-1_1-1.1.0i-150100.14.65.6 * libopenssl-1_1-devel-32bit-1.1.0i-150100.14.65.6 * libopenssl-1_1-devel-1.1.0i-150100.14.65.6 * libopenssl1_1-32bit-1.1.0i-150100.14.65.6 * openssl-1_1-debugsource-1.1.0i-150100.14.65.6 * libopenssl1_1-1.1.0i-150100.14.65.6 * libopenssl1_1-hmac-32bit-1.1.0i-150100.14.65.6 * openssl-1_1-debuginfo-1.1.0i-150100.14.65.6 ## References: * https://www.suse.com/security/cve/CVE-2023-3817.html * https://bugzilla.suse.com/show_bug.cgi?id=1213853 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 4 08:32:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 04 Oct 2023 08:32:07 -0000 Subject: SUSE-SU-2023:3957-1: important: Security update for rubygem-puma Message-ID: <169640832777.2567.16333116557908162514@smelt2.prg2.suse.org> # Security update for rubygem-puma Announcement ID: SUSE-SU-2023:3957-1 Rating: important References: * #1214425 Cross-References: * CVE-2023-40175 CVSS scores: * CVE-2023-40175 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2023-40175 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Availability Extension 15 SP1 * SUSE Linux Enterprise High Availability Extension 15 SP2 * SUSE Linux Enterprise High Availability Extension 15 SP3 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for rubygem-puma fixes the following issues: * CVE-2023-40175: Fixed HTTP request smuggling when parsing chunked transfer encoding bodies and zero-length content-length headers (bsc#1214425). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3957=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3957=1 * SUSE Linux Enterprise High Availability Extension 15 SP1 zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-3957=1 * SUSE Linux Enterprise High Availability Extension 15 SP2 zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-3957=1 * SUSE Linux Enterprise High Availability Extension 15 SP3 zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-3957=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-3957=1 * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2023-3957=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-puma-debuginfo-4.3.12-150000.3.12.1 * ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1 * ruby2.5-rubygem-puma-4.3.12-150000.3.12.1 * rubygem-puma-debugsource-4.3.12-150000.3.12.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-puma-debuginfo-4.3.12-150000.3.12.1 * ruby2.5-rubygem-puma-doc-4.3.12-150000.3.12.1 * ruby2.5-rubygem-puma-4.3.12-150000.3.12.1 * rubygem-puma-debugsource-4.3.12-150000.3.12.1 * SUSE Linux Enterprise High Availability Extension 15 SP1 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-puma-debuginfo-4.3.12-150000.3.12.1 * ruby2.5-rubygem-puma-4.3.12-150000.3.12.1 * SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-puma-debuginfo-4.3.12-150000.3.12.1 * ruby2.5-rubygem-puma-4.3.12-150000.3.12.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-puma-debuginfo-4.3.12-150000.3.12.1 * rubygem-puma-debugsource-4.3.12-150000.3.12.1 * ruby2.5-rubygem-puma-4.3.12-150000.3.12.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-puma-debuginfo-4.3.12-150000.3.12.1 * rubygem-puma-debugsource-4.3.12-150000.3.12.1 * ruby2.5-rubygem-puma-4.3.12-150000.3.12.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-puma-debuginfo-4.3.12-150000.3.12.1 * rubygem-puma-debugsource-4.3.12-150000.3.12.1 * ruby2.5-rubygem-puma-4.3.12-150000.3.12.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40175.html * https://bugzilla.suse.com/show_bug.cgi?id=1214425 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 4 08:34:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 04 Oct 2023 08:34:06 -0000 Subject: SUSE-RU-2023:3956-1: moderate: Recommended update for mariadb104 Message-ID: <169640844622.2567.11442389314275587447@smelt2.prg2.suse.org> # Recommended update for mariadb104 Announcement ID: SUSE-RU-2023:3956-1 Rating: moderate References: * #1001367 * #1005555 * #1005558 * #1005562 * #1005564 * #1005566 * #1005569 * #1005581 * #1005582 * #1006539 * #1008253 * #1012075 * #1013882 * #1019948 * #1020873 * #1020875 * #1020877 * #1020878 * #1020882 * #1020884 * #1020885 * #1020890 * #1020891 * #1020894 * #1020896 * #1020976 * #1022428 * #1038740 * #1039034 * #1041525 * #1041891 * #1042632 * #1043328 * #1047218 * #1055165 * #1055268 * #1058374 * #1058729 * #1060110 * #1062583 * #1067443 * #1068906 * #1069401 * #1080891 * #1083087 * #1088681 * #1092544 * #1098683 * #1101676 * #1101677 * #1101678 * #1103342 * #1111858 * #1111859 * #1112368 * #1112377 * #1112384 * #1112386 * #1112391 * #1112397 * #1112404 * #1112415 * #1112417 * #1112421 * #1112432 * #1112767 * #1116686 * #1118754 * #1120041 * #1122198 * #1122475 * #1127027 * #1132666 * #1136035 * #1142909 * #1143215 * #1144314 * #1156669 * #1160285 * #1160868 * #1160878 * #1160883 * #1160895 * #1160912 * #1166781 * #1168380 * #1170204 * #1173028 * #1173516 * #1174559 * #1175596 * #1177472 * #1178428 * #1180014 * #1182218 * #1182255 * #1182739 * #1183770 * #1185870 * #1185872 * #1186031 * #1189320 * #1192497 * #1195325 * #1195334 * #1195339 * #1196016 * #1197459 * #1198603 * #1198604 * #1198605 * #1198606 * #1198607 * #1198609 * #1198610 * #1198611 * #1198612 * #1198613 * #1198628 * #1198629 * #1198630 * #1198631 * #1198632 * #1198633 * #1198634 * #1198635 * #1198636 * #1198637 * #1198638 * #1198639 * #1198640 * #1199928 * #1200105 * #1201161 * #1201163 * #1201164 * #1201165 * #1201166 * #1201167 * #1201168 * #1201169 * #1201170 * #1202863 * #332530 * #353120 * #357634 * #359522 * #366820 * #371000 * #387746 * #420313 * #425079 * #427384 * #429618 * #435519 * #437293 * #463586 * #520876 * #525065 * #525325 * #539243 * #539249 * #557669 * #635645 * #747811 * #763150 * #779476 * #789263 * #792444 * #796164 * #829430 * #841709 * #859345 * #889126 * #894479 * #902396 * #914370 * #921955 * #934789 * #937754 * #937767 * #937787 * #942908 * #943096 * #957174 * #963810 * #971456 * #979524 * #983938 * #984858 * #986251 * #989913 * #989919 * #989922 * #989926 * #990890 * #998309 * PED-2455 * SLE-12253 * SLE-8269 Cross-References: * CVE-2006-0903 * CVE-2006-4226 * CVE-2006-4227 * CVE-2007-5969 * CVE-2007-5970 * CVE-2007-6303 * CVE-2007-6304 * CVE-2008-2079 * CVE-2008-7247 * CVE-2009-4019 * CVE-2009-4028 * CVE-2009-4030 * CVE-2012-4414 * CVE-2012-5611 * CVE-2012-5612 * CVE-2012-5615 * CVE-2012-5627 * CVE-2013-1976 * CVE-2015-4792 * CVE-2015-4802 * CVE-2015-4807 * CVE-2015-4815 * CVE-2015-4816 * CVE-2015-4819 * CVE-2015-4826 * CVE-2015-4830 * CVE-2015-4836 * CVE-2015-4858 * CVE-2015-4861 * CVE-2015-4864 * CVE-2015-4866 * CVE-2015-4870 * CVE-2015-4879 * CVE-2015-4895 * CVE-2015-4913 * CVE-2015-5969 * CVE-2015-7744 * CVE-2016-0505 * CVE-2016-0546 * CVE-2016-0596 * CVE-2016-0597 * CVE-2016-0598 * CVE-2016-0600 * CVE-2016-0606 * CVE-2016-0608 * CVE-2016-0609 * CVE-2016-0610 * CVE-2016-0616 * CVE-2016-0640 * CVE-2016-0641 * CVE-2016-0642 * CVE-2016-0644 * CVE-2016-0646 * CVE-2016-0649 * CVE-2016-0650 * CVE-2016-0651 * CVE-2016-0668 * CVE-2016-2047 * CVE-2016-3477 * CVE-2016-3492 * CVE-2016-3521 * CVE-2016-3615 * CVE-2016-5440 * CVE-2016-5584 * CVE-2016-5616 * CVE-2016-5624 * CVE-2016-5626 * CVE-2016-5629 * CVE-2016-6662 * CVE-2016-6663 * CVE-2016-6664 * CVE-2016-7440 * CVE-2016-8283 * CVE-2016-9843 * CVE-2017-10268 * CVE-2017-10286 * CVE-2017-10320 * CVE-2017-10365 * CVE-2017-10378 * CVE-2017-10379 * CVE-2017-10384 * CVE-2017-15365 * CVE-2017-3238 * CVE-2017-3243 * CVE-2017-3244 * CVE-2017-3257 * CVE-2017-3258 * CVE-2017-3265 * CVE-2017-3291 * CVE-2017-3302 * CVE-2017-3308 * CVE-2017-3309 * CVE-2017-3312 * CVE-2017-3313 * CVE-2017-3317 * CVE-2017-3318 * CVE-2017-3453 * CVE-2017-3456 * CVE-2017-3464 * CVE-2017-3636 * CVE-2017-3641 * CVE-2017-3653 * CVE-2018-25032 * CVE-2018-2562 * CVE-2018-2612 * CVE-2018-2622 * CVE-2018-2640 * CVE-2018-2665 * CVE-2018-2668 * CVE-2018-2755 * CVE-2018-2759 * CVE-2018-2761 * CVE-2018-2766 * CVE-2018-2767 * CVE-2018-2771 * CVE-2018-2777 * CVE-2018-2781 * CVE-2018-2782 * CVE-2018-2784 * CVE-2018-2786 * CVE-2018-2787 * CVE-2018-2810 * CVE-2018-2813 * CVE-2018-2817 * CVE-2018-2819 * CVE-2018-3058 * CVE-2018-3060 * CVE-2018-3063 * CVE-2018-3064 * CVE-2018-3066 * CVE-2018-3143 * CVE-2018-3156 * CVE-2018-3162 * CVE-2018-3173 * CVE-2018-3174 * CVE-2018-3185 * CVE-2018-3200 * CVE-2018-3251 * CVE-2018-3277 * CVE-2018-3282 * CVE-2018-3284 * CVE-2019-18901 * CVE-2019-2510 * CVE-2019-2537 * CVE-2019-2614 * CVE-2019-2627 * CVE-2019-2628 * CVE-2019-2737 * CVE-2019-2739 * CVE-2019-2740 * CVE-2019-2758 * CVE-2019-2805 * CVE-2019-2938 * CVE-2019-2974 * CVE-2020-13249 * CVE-2020-14765 * CVE-2020-14776 * CVE-2020-14789 * CVE-2020-14812 * CVE-2020-15180 * CVE-2020-2574 * CVE-2020-2752 * CVE-2020-2760 * CVE-2020-2812 * CVE-2020-2814 * CVE-2020-7221 * CVE-2021-2154 * CVE-2021-2166 * CVE-2021-2372 * CVE-2021-2389 * CVE-2021-27928 * CVE-2021-35604 * CVE-2021-46657 * CVE-2021-46658 * CVE-2021-46659 * CVE-2021-46661 * CVE-2021-46663 * CVE-2021-46664 * CVE-2021-46665 * CVE-2021-46668 * CVE-2021-46669 * CVE-2022-21427 * CVE-2022-21595 * CVE-2022-24048 * CVE-2022-24050 * CVE-2022-24051 * CVE-2022-24052 * CVE-2022-27376 * CVE-2022-27377 * CVE-2022-27378 * CVE-2022-27379 * CVE-2022-27380 * CVE-2022-27381 * CVE-2022-27382 * CVE-2022-27383 * CVE-2022-27384 * CVE-2022-27386 * CVE-2022-27387 * CVE-2022-27444 * CVE-2022-27445 * CVE-2022-27446 * CVE-2022-27447 * CVE-2022-27448 * CVE-2022-27449 * CVE-2022-27451 * CVE-2022-27452 * CVE-2022-27455 * CVE-2022-27456 * CVE-2022-27457 * CVE-2022-27458 * CVE-2022-32081 * CVE-2022-32083 * CVE-2022-32084 * CVE-2022-32085 * CVE-2022-32086 * CVE-2022-32087 * CVE-2022-32088 * CVE-2022-32089 * CVE-2022-32091 * CVE-2022-38791 * CVE-2022-47015 CVSS scores: * CVE-2015-7744 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2016-0640 ( NVD ): 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2016-0641 ( NVD ): 5.1 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H * CVE-2016-0642 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2016-0642 ( NVD ): 4.7 CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2016-0644 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2016-0646 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2016-0649 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2016-0650 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2016-0651 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2016-0651 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2016-0668 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2016-0668 ( NVD ): 4.1 CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2016-2047 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2016-3477 ( NVD ): 8.1 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2016-3492 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2016-3492 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2016-3521 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2016-3615 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2016-5440 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2016-5584 ( NVD ): 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2016-5584 ( NVD ): 4.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2016-5624 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2016-5624 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2016-5624 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2016-5626 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2016-5626 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2016-5629 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2016-5629 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2016-5629 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2016-6662 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2016-6663 ( NVD ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2016-6664 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2016-6664 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2016-6664 ( NVD ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2016-7440 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2016-7440 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2016-8283 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2016-8283 ( NVD ): 4.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2016-9843 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2016-9843 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2017-10268 ( SUSE ): 4.1 CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2017-10268 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2017-10268 ( NVD ): 4.1 CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2017-10286 ( SUSE ): 4.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2017-10286 ( NVD ): 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2017-10286 ( NVD ): 4.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2017-10320 ( SUSE ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2017-10320 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2017-10320 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2017-10365 ( SUSE ): 3.8 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L * CVE-2017-10365 ( NVD ): 3.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L * CVE-2017-10365 ( NVD ): 3.8 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L * CVE-2017-10378 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2017-10378 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2017-10378 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2017-10379 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2017-10379 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2017-10379 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2017-10384 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2017-10384 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2017-10384 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2017-15365 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2017-15365 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2017-3238 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2017-3238 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2017-3243 ( NVD ): 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2017-3243 ( NVD ): 4.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2017-3244 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2017-3244 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2017-3257 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2017-3257 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2017-3258 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2017-3258 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2017-3258 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2017-3265 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H * CVE-2017-3265 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H * CVE-2017-3291 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H * CVE-2017-3291 ( NVD ): 6.3 CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H * CVE-2017-3302 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2017-3308 ( NVD ): 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2017-3308 ( NVD ): 7.7 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2017-3309 ( NVD ): 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2017-3309 ( NVD ): 7.7 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2017-3312 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2017-3312 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2017-3312 ( NVD ): 6.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2017-3313 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2017-3313 ( NVD ): 4.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2017-3317 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H * CVE-2017-3317 ( NVD ): 4.0 CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H * CVE-2017-3318 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N * CVE-2017-3318 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N * CVE-2017-3318 ( NVD ): 4.0 CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N * CVE-2017-3453 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2017-3453 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2017-3456 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2017-3456 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2017-3464 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2017-3464 ( NVD ): 4.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2017-3636 ( SUSE ): 5.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2017-3636 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2017-3636 ( NVD ): 5.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2017-3641 ( SUSE ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2017-3641 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2017-3641 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2017-3653 ( SUSE ): 3.1 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2017-3653 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2017-3653 ( NVD ): 3.1 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2018-25032 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2018-25032 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2562 ( SUSE ): 7.1 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2018-2562 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2018-2562 ( NVD ): 7.1 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2018-2612 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H * CVE-2018-2612 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H * CVE-2018-2622 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2622 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2622 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2640 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2640 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2640 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2665 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2665 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2665 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2668 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2668 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2668 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2755 ( SUSE ): 7.7 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2018-2755 ( NVD ): 7.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2018-2755 ( NVD ): 7.7 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2018-2759 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2759 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2761 ( SUSE ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2761 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2761 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2766 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2766 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2767 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2018-2767 ( NVD ): 3.1 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2018-2771 ( SUSE ): 4.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2771 ( NVD ): 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2771 ( NVD ): 4.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2777 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2777 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2781 ( SUSE ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2781 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2781 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2782 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2782 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2784 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2784 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2786 ( NVD ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2018-2786 ( NVD ): 5.5 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2018-2787 ( NVD ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2018-2787 ( NVD ): 5.5 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2018-2810 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2810 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2813 ( SUSE ): 4.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2018-2813 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2018-2813 ( NVD ): 4.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2018-2817 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2817 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2817 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2819 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2819 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-2819 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3058 ( SUSE ): 4.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2018-3058 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2018-3058 ( NVD ): 4.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2018-3060 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H * CVE-2018-3060 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H * CVE-2018-3063 ( SUSE ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3063 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3063 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3064 ( SUSE ): 7.1 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2018-3064 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2018-3064 ( NVD ): 7.1 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2018-3066 ( SUSE ): 3.3 CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N * CVE-2018-3066 ( NVD ): 3.3 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N * CVE-2018-3066 ( NVD ): 3.3 CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N * CVE-2018-3143 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3143 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3156 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3156 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3162 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3162 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3173 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3173 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3174 ( SUSE ): 5.3 CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2018-3174 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2018-3174 ( NVD ): 5.3 CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2018-3185 ( NVD ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2018-3185 ( NVD ): 5.5 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2018-3200 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3200 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3251 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3251 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3251 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3277 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3277 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3282 ( SUSE ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3282 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3282 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3284 ( SUSE ): 4.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3284 ( NVD ): 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2018-3284 ( NVD ): 4.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2019-18901 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2019-18901 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2019-2510 ( SUSE ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2510 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2510 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2537 ( SUSE ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2537 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2537 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2614 ( SUSE ): 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2614 ( NVD ): 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2614 ( NVD ): 4.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2627 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2627 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2627 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2628 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2628 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2628 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2737 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2737 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2739 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2019-2739 ( NVD ): 5.1 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2019-2740 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2740 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2758 ( SUSE ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2019-2758 ( NVD ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2019-2758 ( NVD ): 5.5 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2019-2805 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2805 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2805 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2938 ( SUSE ): 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2938 ( NVD ): 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2974 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2019-2974 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2020-13249 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2020-13249 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2020-14765 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2020-14765 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2020-14776 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2020-14776 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2020-14789 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2020-14789 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2020-14812 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2020-14812 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2020-15180 ( SUSE ): 9.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2020-15180 ( NVD ): 9.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2020-2574 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2020-2574 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2020-2752 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2020-2760 ( NVD ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2020-2812 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2020-2814 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2020-7221 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-2154 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2021-2154 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2021-2166 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2021-2166 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2021-2372 ( SUSE ): 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2021-2372 ( NVD ): 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2021-2389 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2021-2389 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2021-27928 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2021-27928 ( NVD ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2021-35604 ( SUSE ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2021-35604 ( NVD ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2021-46657 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2021-46657 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46658 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2021-46658 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46659 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2021-46659 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46661 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46661 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46663 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46663 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46664 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46665 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46668 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46669 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-21427 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-21595 ( SUSE ): 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-21595 ( NVD ): 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-24048 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-24050 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-24051 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-24052 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-27376 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-27376 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27377 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-27377 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27378 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-27378 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27379 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-27379 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27380 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-27380 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27381 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-27381 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27382 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-27382 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27383 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-27383 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27384 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-27384 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27386 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-27386 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27387 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-27387 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27444 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-27444 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27445 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-27445 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27446 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-27446 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27447 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-27447 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27448 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-27448 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27449 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-27449 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27451 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-27451 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27452 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-27452 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27455 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-27455 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27456 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-27456 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27457 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-27457 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27458 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-27458 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-32081 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-32081 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-32083 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-32083 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-32084 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-32084 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-32085 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-32085 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-32086 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-32086 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-32087 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-32087 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-32088 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-32088 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-32089 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-32089 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-32091 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-32091 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-38791 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-38791 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-47015 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L * CVE-2022-47015 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves 221 vulnerabilities and contains three features can now be installed. ## Description: This update for mariadb104 fixes the following issues: * Implement version 10.4 of MariaDB (jsc#PED-2455): * It is possible to use more than one authentication plugin for each user account. * The root user account is being created with the ability to use two authentication plugins. * All user accounts, passwords, and global privileges are now stored in the mysql.global_priv table. * Is being supported for User Password Expiry, which is not active by default. * Faster privilege checks for MariaDB setups with many user accounts or many database grants. * Update mysql-systemd-helper to be aware of custom group (bsc#1200105) * MariaDB is now support lz4 compression for 'INNODB'. (bsc#1186031) * Add 'mysql-user.conf' file to enable systemd generating mysql user in containers. (bsc#1173028) * Fixes an issue when MariaDB is ignoring the value of the parameter 'open_files_limit' in the global variables. (bsc#1180014) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3956=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3956=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3956=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * mariadb104-test-debuginfo-10.4.30-150100.3.5.10 * libmariadbd19-debuginfo-10.4.30-150100.3.5.10 * mariadb104-tools-10.4.30-150100.3.5.10 * mariadb104-bench-10.4.30-150100.3.5.10 * libmariadbd19-10.4.30-150100.3.5.10 * python3-mysqlclient-1.4.6-150100.3.3.7 * python3-mysqlclient-debuginfo-1.4.6-150100.3.3.7 * mariadb104-debuginfo-10.4.30-150100.3.5.10 * mariadb104-client-debuginfo-10.4.30-150100.3.5.10 * libmariadbd104-devel-10.4.30-150100.3.5.10 * mariadb104-tools-debuginfo-10.4.30-150100.3.5.10 * mariadb104-10.4.30-150100.3.5.10 * mariadb104-galera-10.4.30-150100.3.5.10 * mariadb104-bench-debuginfo-10.4.30-150100.3.5.10 * mariadb104-debugsource-10.4.30-150100.3.5.10 * mariadb104-rpm-macros-10.4.30-150100.3.5.10 * mariadb104-test-10.4.30-150100.3.5.10 * mariadb104-client-10.4.30-150100.3.5.10 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * mariadb104-errormessages-10.4.30-150100.3.5.10 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * mariadb104-test-debuginfo-10.4.30-150100.3.5.10 * libmariadbd19-debuginfo-10.4.30-150100.3.5.10 * mariadb104-tools-10.4.30-150100.3.5.10 * mariadb104-bench-10.4.30-150100.3.5.10 * libmariadbd19-10.4.30-150100.3.5.10 * python3-mysqlclient-1.4.6-150100.3.3.7 * python3-mysqlclient-debuginfo-1.4.6-150100.3.3.7 * mariadb104-debuginfo-10.4.30-150100.3.5.10 * mariadb104-client-debuginfo-10.4.30-150100.3.5.10 * libmariadbd104-devel-10.4.30-150100.3.5.10 * mariadb104-tools-debuginfo-10.4.30-150100.3.5.10 * mariadb104-10.4.30-150100.3.5.10 * mariadb104-galera-10.4.30-150100.3.5.10 * mariadb104-bench-debuginfo-10.4.30-150100.3.5.10 * mariadb104-debugsource-10.4.30-150100.3.5.10 * mariadb104-rpm-macros-10.4.30-150100.3.5.10 * mariadb104-test-10.4.30-150100.3.5.10 * mariadb104-client-10.4.30-150100.3.5.10 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * mariadb104-errormessages-10.4.30-150100.3.5.10 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * mariadb104-test-debuginfo-10.4.30-150100.3.5.10 * libmariadbd19-debuginfo-10.4.30-150100.3.5.10 * mariadb104-tools-10.4.30-150100.3.5.10 * mariadb104-bench-10.4.30-150100.3.5.10 * libmariadbd19-10.4.30-150100.3.5.10 * python3-mysqlclient-1.4.6-150100.3.3.7 * python3-mysqlclient-debuginfo-1.4.6-150100.3.3.7 * mariadb104-debuginfo-10.4.30-150100.3.5.10 * mariadb104-client-debuginfo-10.4.30-150100.3.5.10 * libmariadbd104-devel-10.4.30-150100.3.5.10 * mariadb104-tools-debuginfo-10.4.30-150100.3.5.10 * mariadb104-10.4.30-150100.3.5.10 * mariadb104-galera-10.4.30-150100.3.5.10 * mariadb104-bench-debuginfo-10.4.30-150100.3.5.10 * mariadb104-debugsource-10.4.30-150100.3.5.10 * mariadb104-rpm-macros-10.4.30-150100.3.5.10 * mariadb104-test-10.4.30-150100.3.5.10 * mariadb104-client-10.4.30-150100.3.5.10 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * mariadb104-errormessages-10.4.30-150100.3.5.10 * SUSE CaaS Platform 4.0 (x86_64) * mariadb104-test-debuginfo-10.4.30-150100.3.5.10 * libmariadbd19-debuginfo-10.4.30-150100.3.5.10 * mariadb104-tools-10.4.30-150100.3.5.10 * mariadb104-bench-10.4.30-150100.3.5.10 * libmariadbd19-10.4.30-150100.3.5.10 * python3-mysqlclient-1.4.6-150100.3.3.7 * python3-mysqlclient-debuginfo-1.4.6-150100.3.3.7 * mariadb104-debuginfo-10.4.30-150100.3.5.10 * mariadb104-client-debuginfo-10.4.30-150100.3.5.10 * libmariadbd104-devel-10.4.30-150100.3.5.10 * mariadb104-tools-debuginfo-10.4.30-150100.3.5.10 * mariadb104-10.4.30-150100.3.5.10 * mariadb104-galera-10.4.30-150100.3.5.10 * mariadb104-bench-debuginfo-10.4.30-150100.3.5.10 * mariadb104-debugsource-10.4.30-150100.3.5.10 * mariadb104-rpm-macros-10.4.30-150100.3.5.10 * mariadb104-test-10.4.30-150100.3.5.10 * mariadb104-client-10.4.30-150100.3.5.10 * SUSE CaaS Platform 4.0 (noarch) * mariadb104-errormessages-10.4.30-150100.3.5.10 ## References: * https://www.suse.com/security/cve/CVE-2006-0903.html * https://www.suse.com/security/cve/CVE-2006-4226.html * https://www.suse.com/security/cve/CVE-2006-4227.html * https://www.suse.com/security/cve/CVE-2007-5969.html * https://www.suse.com/security/cve/CVE-2007-5970.html * https://www.suse.com/security/cve/CVE-2007-6303.html * https://www.suse.com/security/cve/CVE-2007-6304.html * https://www.suse.com/security/cve/CVE-2008-2079.html * https://www.suse.com/security/cve/CVE-2008-7247.html * https://www.suse.com/security/cve/CVE-2009-4019.html * https://www.suse.com/security/cve/CVE-2009-4028.html * https://www.suse.com/security/cve/CVE-2009-4030.html * https://www.suse.com/security/cve/CVE-2012-4414.html * https://www.suse.com/security/cve/CVE-2012-5611.html * https://www.suse.com/security/cve/CVE-2012-5612.html * https://www.suse.com/security/cve/CVE-2012-5615.html * https://www.suse.com/security/cve/CVE-2012-5627.html * https://www.suse.com/security/cve/CVE-2013-1976.html * https://www.suse.com/security/cve/CVE-2015-4792.html * https://www.suse.com/security/cve/CVE-2015-4802.html * https://www.suse.com/security/cve/CVE-2015-4807.html * https://www.suse.com/security/cve/CVE-2015-4815.html * https://www.suse.com/security/cve/CVE-2015-4816.html * https://www.suse.com/security/cve/CVE-2015-4819.html * https://www.suse.com/security/cve/CVE-2015-4826.html * https://www.suse.com/security/cve/CVE-2015-4830.html * https://www.suse.com/security/cve/CVE-2015-4836.html * https://www.suse.com/security/cve/CVE-2015-4858.html * https://www.suse.com/security/cve/CVE-2015-4861.html * https://www.suse.com/security/cve/CVE-2015-4864.html * https://www.suse.com/security/cve/CVE-2015-4866.html * https://www.suse.com/security/cve/CVE-2015-4870.html * https://www.suse.com/security/cve/CVE-2015-4879.html * https://www.suse.com/security/cve/CVE-2015-4895.html * https://www.suse.com/security/cve/CVE-2015-4913.html * https://www.suse.com/security/cve/CVE-2015-5969.html * https://www.suse.com/security/cve/CVE-2015-7744.html * https://www.suse.com/security/cve/CVE-2016-0505.html * https://www.suse.com/security/cve/CVE-2016-0546.html * https://www.suse.com/security/cve/CVE-2016-0596.html * https://www.suse.com/security/cve/CVE-2016-0597.html * https://www.suse.com/security/cve/CVE-2016-0598.html * https://www.suse.com/security/cve/CVE-2016-0600.html * https://www.suse.com/security/cve/CVE-2016-0606.html * https://www.suse.com/security/cve/CVE-2016-0608.html * https://www.suse.com/security/cve/CVE-2016-0609.html * https://www.suse.com/security/cve/CVE-2016-0610.html * https://www.suse.com/security/cve/CVE-2016-0616.html * https://www.suse.com/security/cve/CVE-2016-0640.html * https://www.suse.com/security/cve/CVE-2016-0641.html * https://www.suse.com/security/cve/CVE-2016-0642.html * https://www.suse.com/security/cve/CVE-2016-0644.html * https://www.suse.com/security/cve/CVE-2016-0646.html * https://www.suse.com/security/cve/CVE-2016-0649.html * https://www.suse.com/security/cve/CVE-2016-0650.html * https://www.suse.com/security/cve/CVE-2016-0651.html * https://www.suse.com/security/cve/CVE-2016-0668.html * https://www.suse.com/security/cve/CVE-2016-2047.html * https://www.suse.com/security/cve/CVE-2016-3477.html * https://www.suse.com/security/cve/CVE-2016-3492.html * https://www.suse.com/security/cve/CVE-2016-3521.html * https://www.suse.com/security/cve/CVE-2016-3615.html * https://www.suse.com/security/cve/CVE-2016-5440.html * https://www.suse.com/security/cve/CVE-2016-5584.html * https://www.suse.com/security/cve/CVE-2016-5616.html * https://www.suse.com/security/cve/CVE-2016-5624.html * https://www.suse.com/security/cve/CVE-2016-5626.html * https://www.suse.com/security/cve/CVE-2016-5629.html * https://www.suse.com/security/cve/CVE-2016-6662.html * https://www.suse.com/security/cve/CVE-2016-6663.html * https://www.suse.com/security/cve/CVE-2016-6664.html * https://www.suse.com/security/cve/CVE-2016-7440.html * https://www.suse.com/security/cve/CVE-2016-8283.html * https://www.suse.com/security/cve/CVE-2016-9843.html * https://www.suse.com/security/cve/CVE-2017-10268.html * https://www.suse.com/security/cve/CVE-2017-10286.html * https://www.suse.com/security/cve/CVE-2017-10320.html * https://www.suse.com/security/cve/CVE-2017-10365.html * https://www.suse.com/security/cve/CVE-2017-10378.html * https://www.suse.com/security/cve/CVE-2017-10379.html * https://www.suse.com/security/cve/CVE-2017-10384.html * https://www.suse.com/security/cve/CVE-2017-15365.html * https://www.suse.com/security/cve/CVE-2017-3238.html * https://www.suse.com/security/cve/CVE-2017-3243.html * https://www.suse.com/security/cve/CVE-2017-3244.html * https://www.suse.com/security/cve/CVE-2017-3257.html * https://www.suse.com/security/cve/CVE-2017-3258.html * https://www.suse.com/security/cve/CVE-2017-3265.html * https://www.suse.com/security/cve/CVE-2017-3291.html * https://www.suse.com/security/cve/CVE-2017-3302.html * https://www.suse.com/security/cve/CVE-2017-3308.html * https://www.suse.com/security/cve/CVE-2017-3309.html * https://www.suse.com/security/cve/CVE-2017-3312.html * https://www.suse.com/security/cve/CVE-2017-3313.html * https://www.suse.com/security/cve/CVE-2017-3317.html * https://www.suse.com/security/cve/CVE-2017-3318.html * https://www.suse.com/security/cve/CVE-2017-3453.html * https://www.suse.com/security/cve/CVE-2017-3456.html * https://www.suse.com/security/cve/CVE-2017-3464.html * https://www.suse.com/security/cve/CVE-2017-3636.html * https://www.suse.com/security/cve/CVE-2017-3641.html * https://www.suse.com/security/cve/CVE-2017-3653.html * https://www.suse.com/security/cve/CVE-2018-25032.html * https://www.suse.com/security/cve/CVE-2018-2562.html * https://www.suse.com/security/cve/CVE-2018-2612.html * https://www.suse.com/security/cve/CVE-2018-2622.html * https://www.suse.com/security/cve/CVE-2018-2640.html * https://www.suse.com/security/cve/CVE-2018-2665.html * https://www.suse.com/security/cve/CVE-2018-2668.html * https://www.suse.com/security/cve/CVE-2018-2755.html * https://www.suse.com/security/cve/CVE-2018-2759.html * https://www.suse.com/security/cve/CVE-2018-2761.html * https://www.suse.com/security/cve/CVE-2018-2766.html * https://www.suse.com/security/cve/CVE-2018-2767.html * https://www.suse.com/security/cve/CVE-2018-2771.html * https://www.suse.com/security/cve/CVE-2018-2777.html * https://www.suse.com/security/cve/CVE-2018-2781.html * https://www.suse.com/security/cve/CVE-2018-2782.html * https://www.suse.com/security/cve/CVE-2018-2784.html * https://www.suse.com/security/cve/CVE-2018-2786.html * https://www.suse.com/security/cve/CVE-2018-2787.html * https://www.suse.com/security/cve/CVE-2018-2810.html * https://www.suse.com/security/cve/CVE-2018-2813.html * https://www.suse.com/security/cve/CVE-2018-2817.html * https://www.suse.com/security/cve/CVE-2018-2819.html * https://www.suse.com/security/cve/CVE-2018-3058.html * https://www.suse.com/security/cve/CVE-2018-3060.html * https://www.suse.com/security/cve/CVE-2018-3063.html * https://www.suse.com/security/cve/CVE-2018-3064.html * https://www.suse.com/security/cve/CVE-2018-3066.html * https://www.suse.com/security/cve/CVE-2018-3143.html * https://www.suse.com/security/cve/CVE-2018-3156.html * https://www.suse.com/security/cve/CVE-2018-3162.html * https://www.suse.com/security/cve/CVE-2018-3173.html * https://www.suse.com/security/cve/CVE-2018-3174.html * https://www.suse.com/security/cve/CVE-2018-3185.html * https://www.suse.com/security/cve/CVE-2018-3200.html * https://www.suse.com/security/cve/CVE-2018-3251.html * https://www.suse.com/security/cve/CVE-2018-3277.html * https://www.suse.com/security/cve/CVE-2018-3282.html * https://www.suse.com/security/cve/CVE-2018-3284.html * https://www.suse.com/security/cve/CVE-2019-18901.html * https://www.suse.com/security/cve/CVE-2019-2510.html * https://www.suse.com/security/cve/CVE-2019-2537.html * https://www.suse.com/security/cve/CVE-2019-2614.html * https://www.suse.com/security/cve/CVE-2019-2627.html * https://www.suse.com/security/cve/CVE-2019-2628.html * https://www.suse.com/security/cve/CVE-2019-2737.html * https://www.suse.com/security/cve/CVE-2019-2739.html * https://www.suse.com/security/cve/CVE-2019-2740.html * https://www.suse.com/security/cve/CVE-2019-2758.html * https://www.suse.com/security/cve/CVE-2019-2805.html * https://www.suse.com/security/cve/CVE-2019-2938.html * https://www.suse.com/security/cve/CVE-2019-2974.html * https://www.suse.com/security/cve/CVE-2020-13249.html * https://www.suse.com/security/cve/CVE-2020-14765.html * https://www.suse.com/security/cve/CVE-2020-14776.html * https://www.suse.com/security/cve/CVE-2020-14789.html * https://www.suse.com/security/cve/CVE-2020-14812.html * https://www.suse.com/security/cve/CVE-2020-15180.html * https://www.suse.com/security/cve/CVE-2020-2574.html * https://www.suse.com/security/cve/CVE-2020-2752.html * https://www.suse.com/security/cve/CVE-2020-2760.html * https://www.suse.com/security/cve/CVE-2020-2812.html * https://www.suse.com/security/cve/CVE-2020-2814.html * https://www.suse.com/security/cve/CVE-2020-7221.html * https://www.suse.com/security/cve/CVE-2021-2154.html * https://www.suse.com/security/cve/CVE-2021-2166.html * https://www.suse.com/security/cve/CVE-2021-2372.html * https://www.suse.com/security/cve/CVE-2021-2389.html * https://www.suse.com/security/cve/CVE-2021-27928.html * https://www.suse.com/security/cve/CVE-2021-35604.html * https://www.suse.com/security/cve/CVE-2021-46657.html * https://www.suse.com/security/cve/CVE-2021-46658.html * https://www.suse.com/security/cve/CVE-2021-46659.html * https://www.suse.com/security/cve/CVE-2021-46661.html * https://www.suse.com/security/cve/CVE-2021-46663.html * https://www.suse.com/security/cve/CVE-2021-46664.html * https://www.suse.com/security/cve/CVE-2021-46665.html * https://www.suse.com/security/cve/CVE-2021-46668.html * https://www.suse.com/security/cve/CVE-2021-46669.html * https://www.suse.com/security/cve/CVE-2022-21427.html * https://www.suse.com/security/cve/CVE-2022-21595.html * https://www.suse.com/security/cve/CVE-2022-24048.html * https://www.suse.com/security/cve/CVE-2022-24050.html * https://www.suse.com/security/cve/CVE-2022-24051.html * https://www.suse.com/security/cve/CVE-2022-24052.html * https://www.suse.com/security/cve/CVE-2022-27376.html * https://www.suse.com/security/cve/CVE-2022-27377.html * https://www.suse.com/security/cve/CVE-2022-27378.html * https://www.suse.com/security/cve/CVE-2022-27379.html * https://www.suse.com/security/cve/CVE-2022-27380.html * https://www.suse.com/security/cve/CVE-2022-27381.html * https://www.suse.com/security/cve/CVE-2022-27382.html * https://www.suse.com/security/cve/CVE-2022-27383.html * https://www.suse.com/security/cve/CVE-2022-27384.html * https://www.suse.com/security/cve/CVE-2022-27386.html * https://www.suse.com/security/cve/CVE-2022-27387.html * https://www.suse.com/security/cve/CVE-2022-27444.html * https://www.suse.com/security/cve/CVE-2022-27445.html * https://www.suse.com/security/cve/CVE-2022-27446.html * https://www.suse.com/security/cve/CVE-2022-27447.html * https://www.suse.com/security/cve/CVE-2022-27448.html * https://www.suse.com/security/cve/CVE-2022-27449.html * https://www.suse.com/security/cve/CVE-2022-27451.html * https://www.suse.com/security/cve/CVE-2022-27452.html * https://www.suse.com/security/cve/CVE-2022-27455.html * https://www.suse.com/security/cve/CVE-2022-27456.html * https://www.suse.com/security/cve/CVE-2022-27457.html * https://www.suse.com/security/cve/CVE-2022-27458.html * https://www.suse.com/security/cve/CVE-2022-32081.html * https://www.suse.com/security/cve/CVE-2022-32083.html * https://www.suse.com/security/cve/CVE-2022-32084.html * https://www.suse.com/security/cve/CVE-2022-32085.html * https://www.suse.com/security/cve/CVE-2022-32086.html * https://www.suse.com/security/cve/CVE-2022-32087.html * https://www.suse.com/security/cve/CVE-2022-32088.html * https://www.suse.com/security/cve/CVE-2022-32089.html * https://www.suse.com/security/cve/CVE-2022-32091.html * https://www.suse.com/security/cve/CVE-2022-38791.html * https://www.suse.com/security/cve/CVE-2022-47015.html * https://bugzilla.suse.com/show_bug.cgi?id=1001367 * https://bugzilla.suse.com/show_bug.cgi?id=1005555 * https://bugzilla.suse.com/show_bug.cgi?id=1005558 * https://bugzilla.suse.com/show_bug.cgi?id=1005562 * https://bugzilla.suse.com/show_bug.cgi?id=1005564 * https://bugzilla.suse.com/show_bug.cgi?id=1005566 * https://bugzilla.suse.com/show_bug.cgi?id=1005569 * https://bugzilla.suse.com/show_bug.cgi?id=1005581 * https://bugzilla.suse.com/show_bug.cgi?id=1005582 * https://bugzilla.suse.com/show_bug.cgi?id=1006539 * https://bugzilla.suse.com/show_bug.cgi?id=1008253 * https://bugzilla.suse.com/show_bug.cgi?id=1012075 * https://bugzilla.suse.com/show_bug.cgi?id=1013882 * https://bugzilla.suse.com/show_bug.cgi?id=1019948 * https://bugzilla.suse.com/show_bug.cgi?id=1020873 * https://bugzilla.suse.com/show_bug.cgi?id=1020875 * https://bugzilla.suse.com/show_bug.cgi?id=1020877 * https://bugzilla.suse.com/show_bug.cgi?id=1020878 * https://bugzilla.suse.com/show_bug.cgi?id=1020882 * https://bugzilla.suse.com/show_bug.cgi?id=1020884 * https://bugzilla.suse.com/show_bug.cgi?id=1020885 * https://bugzilla.suse.com/show_bug.cgi?id=1020890 * https://bugzilla.suse.com/show_bug.cgi?id=1020891 * https://bugzilla.suse.com/show_bug.cgi?id=1020894 * https://bugzilla.suse.com/show_bug.cgi?id=1020896 * https://bugzilla.suse.com/show_bug.cgi?id=1020976 * https://bugzilla.suse.com/show_bug.cgi?id=1022428 * https://bugzilla.suse.com/show_bug.cgi?id=1038740 * https://bugzilla.suse.com/show_bug.cgi?id=1039034 * https://bugzilla.suse.com/show_bug.cgi?id=1041525 * https://bugzilla.suse.com/show_bug.cgi?id=1041891 * https://bugzilla.suse.com/show_bug.cgi?id=1042632 * https://bugzilla.suse.com/show_bug.cgi?id=1043328 * https://bugzilla.suse.com/show_bug.cgi?id=1047218 * https://bugzilla.suse.com/show_bug.cgi?id=1055165 * https://bugzilla.suse.com/show_bug.cgi?id=1055268 * https://bugzilla.suse.com/show_bug.cgi?id=1058374 * https://bugzilla.suse.com/show_bug.cgi?id=1058729 * https://bugzilla.suse.com/show_bug.cgi?id=1060110 * https://bugzilla.suse.com/show_bug.cgi?id=1062583 * https://bugzilla.suse.com/show_bug.cgi?id=1067443 * https://bugzilla.suse.com/show_bug.cgi?id=1068906 * https://bugzilla.suse.com/show_bug.cgi?id=1069401 * https://bugzilla.suse.com/show_bug.cgi?id=1080891 * https://bugzilla.suse.com/show_bug.cgi?id=1083087 * https://bugzilla.suse.com/show_bug.cgi?id=1088681 * https://bugzilla.suse.com/show_bug.cgi?id=1092544 * https://bugzilla.suse.com/show_bug.cgi?id=1098683 * https://bugzilla.suse.com/show_bug.cgi?id=1101676 * https://bugzilla.suse.com/show_bug.cgi?id=1101677 * https://bugzilla.suse.com/show_bug.cgi?id=1101678 * https://bugzilla.suse.com/show_bug.cgi?id=1103342 * https://bugzilla.suse.com/show_bug.cgi?id=1111858 * https://bugzilla.suse.com/show_bug.cgi?id=1111859 * https://bugzilla.suse.com/show_bug.cgi?id=1112368 * https://bugzilla.suse.com/show_bug.cgi?id=1112377 * https://bugzilla.suse.com/show_bug.cgi?id=1112384 * https://bugzilla.suse.com/show_bug.cgi?id=1112386 * https://bugzilla.suse.com/show_bug.cgi?id=1112391 * https://bugzilla.suse.com/show_bug.cgi?id=1112397 * https://bugzilla.suse.com/show_bug.cgi?id=1112404 * https://bugzilla.suse.com/show_bug.cgi?id=1112415 * https://bugzilla.suse.com/show_bug.cgi?id=1112417 * https://bugzilla.suse.com/show_bug.cgi?id=1112421 * https://bugzilla.suse.com/show_bug.cgi?id=1112432 * https://bugzilla.suse.com/show_bug.cgi?id=1112767 * https://bugzilla.suse.com/show_bug.cgi?id=1116686 * https://bugzilla.suse.com/show_bug.cgi?id=1118754 * https://bugzilla.suse.com/show_bug.cgi?id=1120041 * https://bugzilla.suse.com/show_bug.cgi?id=1122198 * https://bugzilla.suse.com/show_bug.cgi?id=1122475 * https://bugzilla.suse.com/show_bug.cgi?id=1127027 * https://bugzilla.suse.com/show_bug.cgi?id=1132666 * https://bugzilla.suse.com/show_bug.cgi?id=1136035 * https://bugzilla.suse.com/show_bug.cgi?id=1142909 * https://bugzilla.suse.com/show_bug.cgi?id=1143215 * https://bugzilla.suse.com/show_bug.cgi?id=1144314 * https://bugzilla.suse.com/show_bug.cgi?id=1156669 * https://bugzilla.suse.com/show_bug.cgi?id=1160285 * https://bugzilla.suse.com/show_bug.cgi?id=1160868 * https://bugzilla.suse.com/show_bug.cgi?id=1160878 * https://bugzilla.suse.com/show_bug.cgi?id=1160883 * https://bugzilla.suse.com/show_bug.cgi?id=1160895 * https://bugzilla.suse.com/show_bug.cgi?id=1160912 * https://bugzilla.suse.com/show_bug.cgi?id=1166781 * https://bugzilla.suse.com/show_bug.cgi?id=1168380 * https://bugzilla.suse.com/show_bug.cgi?id=1170204 * https://bugzilla.suse.com/show_bug.cgi?id=1173028 * https://bugzilla.suse.com/show_bug.cgi?id=1173516 * https://bugzilla.suse.com/show_bug.cgi?id=1174559 * https://bugzilla.suse.com/show_bug.cgi?id=1175596 * https://bugzilla.suse.com/show_bug.cgi?id=1177472 * https://bugzilla.suse.com/show_bug.cgi?id=1178428 * https://bugzilla.suse.com/show_bug.cgi?id=1180014 * https://bugzilla.suse.com/show_bug.cgi?id=1182218 * https://bugzilla.suse.com/show_bug.cgi?id=1182255 * https://bugzilla.suse.com/show_bug.cgi?id=1182739 * https://bugzilla.suse.com/show_bug.cgi?id=1183770 * https://bugzilla.suse.com/show_bug.cgi?id=1185870 * https://bugzilla.suse.com/show_bug.cgi?id=1185872 * https://bugzilla.suse.com/show_bug.cgi?id=1186031 * https://bugzilla.suse.com/show_bug.cgi?id=1189320 * https://bugzilla.suse.com/show_bug.cgi?id=1192497 * https://bugzilla.suse.com/show_bug.cgi?id=1195325 * https://bugzilla.suse.com/show_bug.cgi?id=1195334 * https://bugzilla.suse.com/show_bug.cgi?id=1195339 * https://bugzilla.suse.com/show_bug.cgi?id=1196016 * https://bugzilla.suse.com/show_bug.cgi?id=1197459 * https://bugzilla.suse.com/show_bug.cgi?id=1198603 * https://bugzilla.suse.com/show_bug.cgi?id=1198604 * https://bugzilla.suse.com/show_bug.cgi?id=1198605 * https://bugzilla.suse.com/show_bug.cgi?id=1198606 * https://bugzilla.suse.com/show_bug.cgi?id=1198607 * https://bugzilla.suse.com/show_bug.cgi?id=1198609 * https://bugzilla.suse.com/show_bug.cgi?id=1198610 * https://bugzilla.suse.com/show_bug.cgi?id=1198611 * https://bugzilla.suse.com/show_bug.cgi?id=1198612 * https://bugzilla.suse.com/show_bug.cgi?id=1198613 * https://bugzilla.suse.com/show_bug.cgi?id=1198628 * https://bugzilla.suse.com/show_bug.cgi?id=1198629 * https://bugzilla.suse.com/show_bug.cgi?id=1198630 * https://bugzilla.suse.com/show_bug.cgi?id=1198631 * https://bugzilla.suse.com/show_bug.cgi?id=1198632 * https://bugzilla.suse.com/show_bug.cgi?id=1198633 * https://bugzilla.suse.com/show_bug.cgi?id=1198634 * https://bugzilla.suse.com/show_bug.cgi?id=1198635 * https://bugzilla.suse.com/show_bug.cgi?id=1198636 * https://bugzilla.suse.com/show_bug.cgi?id=1198637 * https://bugzilla.suse.com/show_bug.cgi?id=1198638 * https://bugzilla.suse.com/show_bug.cgi?id=1198639 * https://bugzilla.suse.com/show_bug.cgi?id=1198640 * https://bugzilla.suse.com/show_bug.cgi?id=1199928 * https://bugzilla.suse.com/show_bug.cgi?id=1200105 * https://bugzilla.suse.com/show_bug.cgi?id=1201161 * https://bugzilla.suse.com/show_bug.cgi?id=1201163 * https://bugzilla.suse.com/show_bug.cgi?id=1201164 * https://bugzilla.suse.com/show_bug.cgi?id=1201165 * https://bugzilla.suse.com/show_bug.cgi?id=1201166 * https://bugzilla.suse.com/show_bug.cgi?id=1201167 * https://bugzilla.suse.com/show_bug.cgi?id=1201168 * https://bugzilla.suse.com/show_bug.cgi?id=1201169 * https://bugzilla.suse.com/show_bug.cgi?id=1201170 * https://bugzilla.suse.com/show_bug.cgi?id=1202863 * https://bugzilla.suse.com/show_bug.cgi?id=332530 * https://bugzilla.suse.com/show_bug.cgi?id=353120 * https://bugzilla.suse.com/show_bug.cgi?id=357634 * https://bugzilla.suse.com/show_bug.cgi?id=359522 * https://bugzilla.suse.com/show_bug.cgi?id=366820 * https://bugzilla.suse.com/show_bug.cgi?id=371000 * https://bugzilla.suse.com/show_bug.cgi?id=387746 * https://bugzilla.suse.com/show_bug.cgi?id=420313 * https://bugzilla.suse.com/show_bug.cgi?id=425079 * https://bugzilla.suse.com/show_bug.cgi?id=427384 * https://bugzilla.suse.com/show_bug.cgi?id=429618 * https://bugzilla.suse.com/show_bug.cgi?id=435519 * https://bugzilla.suse.com/show_bug.cgi?id=437293 * https://bugzilla.suse.com/show_bug.cgi?id=463586 * https://bugzilla.suse.com/show_bug.cgi?id=520876 * https://bugzilla.suse.com/show_bug.cgi?id=525065 * https://bugzilla.suse.com/show_bug.cgi?id=525325 * https://bugzilla.suse.com/show_bug.cgi?id=539243 * https://bugzilla.suse.com/show_bug.cgi?id=539249 * https://bugzilla.suse.com/show_bug.cgi?id=557669 * https://bugzilla.suse.com/show_bug.cgi?id=635645 * https://bugzilla.suse.com/show_bug.cgi?id=747811 * https://bugzilla.suse.com/show_bug.cgi?id=763150 * https://bugzilla.suse.com/show_bug.cgi?id=779476 * https://bugzilla.suse.com/show_bug.cgi?id=789263 * https://bugzilla.suse.com/show_bug.cgi?id=792444 * https://bugzilla.suse.com/show_bug.cgi?id=796164 * https://bugzilla.suse.com/show_bug.cgi?id=829430 * https://bugzilla.suse.com/show_bug.cgi?id=841709 * https://bugzilla.suse.com/show_bug.cgi?id=859345 * https://bugzilla.suse.com/show_bug.cgi?id=889126 * https://bugzilla.suse.com/show_bug.cgi?id=894479 * https://bugzilla.suse.com/show_bug.cgi?id=902396 * https://bugzilla.suse.com/show_bug.cgi?id=914370 * https://bugzilla.suse.com/show_bug.cgi?id=921955 * https://bugzilla.suse.com/show_bug.cgi?id=934789 * https://bugzilla.suse.com/show_bug.cgi?id=937754 * https://bugzilla.suse.com/show_bug.cgi?id=937767 * https://bugzilla.suse.com/show_bug.cgi?id=937787 * https://bugzilla.suse.com/show_bug.cgi?id=942908 * https://bugzilla.suse.com/show_bug.cgi?id=943096 * https://bugzilla.suse.com/show_bug.cgi?id=957174 * https://bugzilla.suse.com/show_bug.cgi?id=963810 * https://bugzilla.suse.com/show_bug.cgi?id=971456 * https://bugzilla.suse.com/show_bug.cgi?id=979524 * https://bugzilla.suse.com/show_bug.cgi?id=983938 * https://bugzilla.suse.com/show_bug.cgi?id=984858 * https://bugzilla.suse.com/show_bug.cgi?id=986251 * https://bugzilla.suse.com/show_bug.cgi?id=989913 * https://bugzilla.suse.com/show_bug.cgi?id=989919 * https://bugzilla.suse.com/show_bug.cgi?id=989922 * https://bugzilla.suse.com/show_bug.cgi?id=989926 * https://bugzilla.suse.com/show_bug.cgi?id=990890 * https://bugzilla.suse.com/show_bug.cgi?id=998309 * https://jira.suse.com/browse/PED-2455 * https://jira.suse.com/browse/SLE-12253 * https://jira.suse.com/browse/SLE-8269 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 4 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 04 Oct 2023 12:30:02 -0000 Subject: SUSE-SU-2023:3968-1: moderate: Security update for libraw Message-ID: <169642260247.18575.2965497879661072034@smelt2.prg2.suse.org> # Security update for libraw Announcement ID: SUSE-SU-2023:3968-1 Rating: moderate References: * #1215308 Cross-References: * CVE-2020-22628 CVSS scores: * CVE-2020-22628 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2020-22628 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for libraw fixes the following issues: * CVE-2020-22628: Fixed buffer overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp. (bsc#1215308) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3968=1 openSUSE-SLE-15.4-2023-3968=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3968=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-3968=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-3968=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3968=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-3968=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-3968=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libraw-tools-0.20.2-150400.3.9.1 * libraw-tools-debuginfo-0.20.2-150400.3.9.1 * libraw20-debuginfo-0.20.2-150400.3.9.1 * libraw-devel-0.20.2-150400.3.9.1 * libraw-devel-static-0.20.2-150400.3.9.1 * libraw-debugsource-0.20.2-150400.3.9.1 * libraw20-0.20.2-150400.3.9.1 * openSUSE Leap 15.4 (x86_64) * libraw20-32bit-debuginfo-0.20.2-150400.3.9.1 * libraw20-32bit-0.20.2-150400.3.9.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libraw20-64bit-debuginfo-0.20.2-150400.3.9.1 * libraw20-64bit-0.20.2-150400.3.9.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libraw-tools-0.20.2-150400.3.9.1 * libraw-tools-debuginfo-0.20.2-150400.3.9.1 * libraw20-debuginfo-0.20.2-150400.3.9.1 * libraw-devel-static-0.20.2-150400.3.9.1 * libraw-debugsource-0.20.2-150400.3.9.1 * libraw-devel-0.20.2-150400.3.9.1 * libraw20-0.20.2-150400.3.9.1 * openSUSE Leap 15.5 (x86_64) * libraw20-32bit-debuginfo-0.20.2-150400.3.9.1 * libraw20-32bit-0.20.2-150400.3.9.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libraw-debugsource-0.20.2-150400.3.9.1 * libraw20-debuginfo-0.20.2-150400.3.9.1 * libraw20-0.20.2-150400.3.9.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libraw-debugsource-0.20.2-150400.3.9.1 * libraw20-debuginfo-0.20.2-150400.3.9.1 * libraw20-0.20.2-150400.3.9.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x) * libraw-tools-0.20.2-150400.3.9.1 * libraw-tools-debuginfo-0.20.2-150400.3.9.1 * libraw-devel-static-0.20.2-150400.3.9.1 * libraw-debugsource-0.20.2-150400.3.9.1 * libraw-devel-0.20.2-150400.3.9.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * libraw-debugsource-0.20.2-150400.3.9.1 * libraw-devel-0.20.2-150400.3.9.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * libraw-debugsource-0.20.2-150400.3.9.1 * libraw-devel-0.20.2-150400.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2020-22628.html * https://bugzilla.suse.com/show_bug.cgi?id=1215308 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 4 12:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 04 Oct 2023 12:30:04 -0000 Subject: SUSE-SU-2023:3967-1: moderate: Security update for libraw Message-ID: <169642260486.18575.17256908013236261740@smelt2.prg2.suse.org> # Security update for libraw Announcement ID: SUSE-SU-2023:3967-1 Rating: moderate References: * #1215308 Cross-References: * CVE-2020-22628 CVSS scores: * CVE-2020-22628 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2020-22628 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for libraw fixes the following issues: * CVE-2020-22628: Fixed buffer overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp. (bsc#1215308) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-3967=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3967=1 ## Package List: * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * libraw9-0.15.4-42.1 * libraw9-debuginfo-0.15.4-42.1 * libraw-debugsource-0.15.4-42.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libraw9-0.15.4-42.1 * libraw9-debuginfo-0.15.4-42.1 * libraw-devel-static-0.15.4-42.1 * libraw-devel-0.15.4-42.1 * libraw-debugsource-0.15.4-42.1 ## References: * https://www.suse.com/security/cve/CVE-2020-22628.html * https://bugzilla.suse.com/show_bug.cgi?id=1215308 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 4 12:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 04 Oct 2023 12:30:07 -0000 Subject: SUSE-SU-2023:3966-1: moderate: Security update for libraw Message-ID: <169642260776.18575.4431607192410087546@smelt2.prg2.suse.org> # Security update for libraw Announcement ID: SUSE-SU-2023:3966-1 Rating: moderate References: * #1215308 Cross-References: * CVE-2020-22628 CVSS scores: * CVE-2020-22628 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2020-22628 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for libraw fixes the following issues: * CVE-2020-22628: Fixed buffer overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp. (bsc#1215308) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3966=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-3966=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-3966=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libraw16-0.18.9-150000.3.23.1 * libraw16-debuginfo-0.18.9-150000.3.23.1 * libraw-debuginfo-0.18.9-150000.3.23.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * libraw16-0.18.9-150000.3.23.1 * libraw16-debuginfo-0.18.9-150000.3.23.1 * libraw-debuginfo-0.18.9-150000.3.23.1 * libraw-debugsource-0.18.9-150000.3.23.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * libraw16-0.18.9-150000.3.23.1 * libraw16-debuginfo-0.18.9-150000.3.23.1 * libraw-debuginfo-0.18.9-150000.3.23.1 * libraw-debugsource-0.18.9-150000.3.23.1 ## References: * https://www.suse.com/security/cve/CVE-2020-22628.html * https://bugzilla.suse.com/show_bug.cgi?id=1215308 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 4 12:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 04 Oct 2023 12:30:12 -0000 Subject: SUSE-SU-2023:3291-2: moderate: Security update for openssl-1_1 Message-ID: <169642261233.18575.3383168183624951256@smelt2.prg2.suse.org> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2023:3291-2 Rating: moderate References: * #1213517 * #1213853 Cross-References: * CVE-2023-3817 CVSS scores: * CVE-2023-3817 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-3817 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3291=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3291=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3291=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3291=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3291=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3291=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3291=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3291=1 ## Package List: * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-debuginfo-1.1.1d-150200.11.75.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.75.1 * openssl-1_1-1.1.1d-150200.11.75.1 * libopenssl1_1-1.1.1d-150200.11.75.1 * libopenssl1_1-hmac-1.1.1d-150200.11.75.1 * openssl-1_1-debugsource-1.1.1d-150200.11.75.1 * libopenssl-1_1-devel-1.1.1d-150200.11.75.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * openssl-1_1-doc-1.1.1d-150200.11.75.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.75.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.75.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.75.1 * libopenssl1_1-32bit-1.1.1d-150200.11.75.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libopenssl1_1-debuginfo-1.1.1d-150200.11.75.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.75.1 * openssl-1_1-1.1.1d-150200.11.75.1 * libopenssl1_1-1.1.1d-150200.11.75.1 * libopenssl1_1-hmac-1.1.1d-150200.11.75.1 * openssl-1_1-debugsource-1.1.1d-150200.11.75.1 * libopenssl-1_1-devel-1.1.1d-150200.11.75.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libopenssl1_1-32bit-1.1.1d-150200.11.75.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.75.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.75.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libopenssl1_1-debuginfo-1.1.1d-150200.11.75.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.75.1 * openssl-1_1-1.1.1d-150200.11.75.1 * libopenssl1_1-1.1.1d-150200.11.75.1 * libopenssl1_1-hmac-1.1.1d-150200.11.75.1 * openssl-1_1-debugsource-1.1.1d-150200.11.75.1 * libopenssl-1_1-devel-1.1.1d-150200.11.75.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * openssl-1_1-doc-1.1.1d-150200.11.75.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.75.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.75.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.75.1 * libopenssl1_1-32bit-1.1.1d-150200.11.75.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libopenssl1_1-debuginfo-1.1.1d-150200.11.75.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.75.1 * openssl-1_1-1.1.1d-150200.11.75.1 * libopenssl1_1-1.1.1d-150200.11.75.1 * libopenssl1_1-hmac-1.1.1d-150200.11.75.1 * openssl-1_1-debugsource-1.1.1d-150200.11.75.1 * libopenssl-1_1-devel-1.1.1d-150200.11.75.1 * SUSE Enterprise Storage 7.1 (noarch) * openssl-1_1-doc-1.1.1d-150200.11.75.1 * SUSE Enterprise Storage 7.1 (x86_64) * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.75.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.75.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.75.1 * libopenssl1_1-32bit-1.1.1d-150200.11.75.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libopenssl1_1-debuginfo-1.1.1d-150200.11.75.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.75.1 * openssl-1_1-1.1.1d-150200.11.75.1 * libopenssl1_1-1.1.1d-150200.11.75.1 * libopenssl1_1-hmac-1.1.1d-150200.11.75.1 * openssl-1_1-debugsource-1.1.1d-150200.11.75.1 * libopenssl-1_1-devel-1.1.1d-150200.11.75.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libopenssl1_1-32bit-1.1.1d-150200.11.75.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.75.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.75.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libopenssl1_1-debuginfo-1.1.1d-150200.11.75.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.75.1 * openssl-1_1-1.1.1d-150200.11.75.1 * libopenssl1_1-1.1.1d-150200.11.75.1 * libopenssl1_1-hmac-1.1.1d-150200.11.75.1 * openssl-1_1-debugsource-1.1.1d-150200.11.75.1 * libopenssl-1_1-devel-1.1.1d-150200.11.75.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * openssl-1_1-doc-1.1.1d-150200.11.75.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.75.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.75.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.75.1 * libopenssl1_1-32bit-1.1.1d-150200.11.75.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libopenssl1_1-debuginfo-1.1.1d-150200.11.75.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.75.1 * openssl-1_1-1.1.1d-150200.11.75.1 * libopenssl1_1-1.1.1d-150200.11.75.1 * libopenssl1_1-hmac-1.1.1d-150200.11.75.1 * openssl-1_1-debugsource-1.1.1d-150200.11.75.1 * libopenssl-1_1-devel-1.1.1d-150200.11.75.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * openssl-1_1-doc-1.1.1d-150200.11.75.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.75.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.75.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.75.1 * libopenssl1_1-32bit-1.1.1d-150200.11.75.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-debuginfo-1.1.1d-150200.11.75.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.75.1 * openssl-1_1-1.1.1d-150200.11.75.1 * libopenssl1_1-1.1.1d-150200.11.75.1 * libopenssl1_1-hmac-1.1.1d-150200.11.75.1 * openssl-1_1-debugsource-1.1.1d-150200.11.75.1 * libopenssl-1_1-devel-1.1.1d-150200.11.75.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libopenssl1_1-32bit-1.1.1d-150200.11.75.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.75.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.75.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3817.html * https://bugzilla.suse.com/show_bug.cgi?id=1213517 * https://bugzilla.suse.com/show_bug.cgi?id=1213853 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 4 16:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 04 Oct 2023 16:30:01 -0000 Subject: SUSE-SU-2023:3972-1: important: Security update for python-reportlab Message-ID: <169643700192.1900.7882164172009722381@smelt2.prg2.suse.org> # Security update for python-reportlab Announcement ID: SUSE-SU-2023:3972-1 Rating: important References: * #1215560 Cross-References: * CVE-2019-19450 CVSS scores: * CVE-2019-19450 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2019-19450 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for python-reportlab fixes the following issues: * CVE-2019-19450: Fixed an issue which allowed remote code execution via start_unichar in paraparser.py evaluating untrusted user input. (bsc#1215560) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3972=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3972=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3972=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3972=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * python3-reportlab-debuginfo-3.4.0-150000.3.12.1 * python-reportlab-debugsource-3.4.0-150000.3.12.1 * python3-reportlab-3.4.0-150000.3.12.1 * python-reportlab-debuginfo-3.4.0-150000.3.12.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * python3-reportlab-debuginfo-3.4.0-150000.3.12.1 * python3-reportlab-3.4.0-150000.3.12.1 * python-reportlab-debugsource-3.4.0-150000.3.12.1 * python-reportlab-debuginfo-3.4.0-150000.3.12.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * python3-reportlab-debuginfo-3.4.0-150000.3.12.1 * python-reportlab-debugsource-3.4.0-150000.3.12.1 * python3-reportlab-3.4.0-150000.3.12.1 * python-reportlab-debuginfo-3.4.0-150000.3.12.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * python3-reportlab-debuginfo-3.4.0-150000.3.12.1 * python-reportlab-debugsource-3.4.0-150000.3.12.1 * python3-reportlab-3.4.0-150000.3.12.1 * python-reportlab-debuginfo-3.4.0-150000.3.12.1 ## References: * https://www.suse.com/security/cve/CVE-2019-19450.html * https://bugzilla.suse.com/show_bug.cgi?id=1215560 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 4 16:30:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 04 Oct 2023 16:30:31 -0000 Subject: SUSE-SU-2023:3971-1: important: Security update for the Linux Kernel Message-ID: <169643703162.1900.11737719960679110562@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:3971-1 Rating: important References: * #1023051 * #1120059 * #1177719 * #1188885 * #1193629 * #1194869 * #1203329 * #1203330 * #1205462 * #1206453 * #1208902 * #1208949 * #1209284 * #1209799 * #1210048 * #1210448 * #1211220 * #1212091 * #1212142 * #1212423 * #1212526 * #1212857 * #1212873 * #1213026 * #1213123 * #1213546 * #1213580 * #1213601 * #1213666 * #1213733 * #1213757 * #1213759 * #1213916 * #1213921 * #1213927 * #1213946 * #1213949 * #1213968 * #1213970 * #1213971 * #1214000 * #1214019 * #1214073 * #1214120 * #1214149 * #1214180 * #1214233 * #1214238 * #1214285 * #1214297 * #1214299 * #1214305 * #1214350 * #1214368 * #1214370 * #1214371 * #1214372 * #1214380 * #1214386 * #1214392 * #1214393 * #1214397 * #1214404 * #1214428 * #1214451 * #1214635 * #1214659 * #1214661 * #1214727 * #1214729 * #1214742 * #1214743 * #1214756 * #1214976 * #1215522 * #1215523 * #1215552 * #1215553 * PED-3924 * PED-4579 * PED-4759 * PED-4927 * PED-4929 * PED-5738 * PED-6003 * PED-6004 Cross-References: * CVE-2022-38457 * CVE-2022-40133 * CVE-2023-2007 * CVE-2023-20588 * CVE-2023-34319 * CVE-2023-3610 * CVE-2023-37453 * CVE-2023-3772 * CVE-2023-3863 * CVE-2023-40283 * CVE-2023-4128 * CVE-2023-4133 * CVE-2023-4134 * CVE-2023-4147 * CVE-2023-4194 * CVE-2023-4273 * CVE-2023-4387 * CVE-2023-4459 * CVE-2023-4563 * CVE-2023-4569 CVSS scores: * CVE-2022-38457 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-38457 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H * CVE-2022-40133 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-40133 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H * CVE-2023-2007 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2007 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-20588 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20588 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-34319 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-34319 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3610 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3610 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-37453 ( SUSE ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-37453 ( NVD ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3772 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3772 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3863 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-40283 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-40283 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4128 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4128 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4133 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4133 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4134 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4147 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4147 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4194 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-4194 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2023-4273 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4273 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-4387 ( SUSE ): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4387 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-4459 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4569 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-4569 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP5 * Development Tools Module 15-SP5 * Legacy Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP5 An update that solves 20 vulnerabilities, contains eight features and has 58 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2022-38457: Fixed a use-after-free vulnerability in vmwgfx driver that allowed a local attacker to cause a denial of service (bsc#1203330). * CVE-2022-40133: Fixed a use-after-free vulnerability in vmwgfx driver that allowed a local attacker to cause a denial of service (bsc#1203329). * CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448). * CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927). * CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546). * CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580). * CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123). * CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666). * CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). * CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233). * CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149). * CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970). * CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971). * CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968). * CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019). * CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120). * CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350). * CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451). * CVE-2023-4563: Fixed use-after-free in nft_verdict_dump due to a race between set GC and transaction (bsc#1214727). * CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c (bsc#1214729). The following non-security bugs were fixed: * ACPI/IORT: Update SMMUv3 DeviceID support (bsc#1214305). * ACPI: processor: perflib: Avoid updating frequency QoS unnecessarily (git- fixes). * ACPI: processor: perflib: Use the "no limit" frequency QoS (git-fixes). * ACPI: x86: s2idle: Fix a logic error parsing AMD constraints table (git- fixes). * ALSA: ac97: Fix possible error value of *rac97 (git-fixes). * ALSA: hda/cs8409: Support new Dell Dolphin Variants (git-fixes). * ALSA: hda/realtek - Remodified 3k pull low procedure (git-fixes). * ALSA: hda/realtek: Add quirk for HP Victus 16-d1xxx to enable mute LED (git- fixes). * ALSA: hda/realtek: Add quirk for mute LEDs on HP ENVY x360 15-eu0xxx (git- fixes). * ALSA: hda/realtek: Add quirks for HP G11 Laptops (git-fixes). * ALSA: hda/realtek: Switch Dell Oasis models to use SPI (git-fixes). * ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl (git-fixes). * ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces (git-fixes). * ALSA: usb-audio: Fix init call orders for UAC1 (git-fixes). * ALSA: ymfpci: Fix the missing snd_card_free() call at probe error (git- fixes). * ARM: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix USB related warnings (git-fixes). * ARM: dts: imx6sll: fixup of operating points (git-fixes). * ARM: spear: Do not use timer namespace for timer_shutdown() function (bsc#1213970). * ASoC: SOF: Intel: fix SoundWire/HDaudio mutual exclusion (git-fixes). * ASoC: amd: yc: Fix a non-functional mic on Lenovo 82SJ (git-fixes). * ASoC: lower "no backend DAIs enabled for ... Port" log severity (git-fixes). * ASoC: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes). * ASoC: rt5665: add missed regulator_bulk_disable (git-fixes). * ASoC: stac9766: fix build errors with REGMAP_AC97 (git-fixes). * ASoC: tegra: Fix SFC conversion for few rates (git-fixes). * Bluetooth: Fix potential use-after-free when clear keys (git-fixes). * Bluetooth: L2CAP: Fix use-after-free (git-fixes). * Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (git-fixes). * Bluetooth: Remove unused declaration amp_read_loc_info() (git-fixes). * Bluetooth: btusb: Add MT7922 bluetooth ID for the Asus Ally (git-fixes). * Bluetooth: btusb: Do not call kfree_skb() under spin_lock_irqsave() (git- fixes). * Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git- fixes). * CONFIG_NVME_VERBOSE_ERRORS=y gone with a82baa8083b * CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13 gone with 7e152d55123 * Created new preempt kernel flavor Configs are cloned from the respective $arch/default configs. All changed configs appart from CONFIG_PREEMPT->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. TREE_RCU has been also changed to PREEMPT_RCU which is the default implementation for PREEMPT kernel. * Documentation: devices.txt: Fix minors for ttyCPM* (git-fixes). * Documentation: devices.txt: Remove ttyIOC* (git-fixes). * Documentation: devices.txt: Remove ttySIOC* (git-fixes). * Drivers: hv: Do not remap addresses that are above shared_gpa_boundary (bsc#1206453). * Drivers: hv: Enable vmbus driver for nested root partition (bsc#1206453). * Drivers: hv: Explicitly request decrypted in vmap_pfn() calls (bsc#1206453). * Drivers: hv: Setup synic registers in case of nested root partition (bsc#1206453). * Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (bsc#1206453). * Drivers: hv: vmbus: Remove second mapping of VMBus monitor pages (bsc#1206453). * Drivers: hv: vmbus: Remove second way of mapping ring buffers (bsc#1206453). * Drivers: hv: vmbus: Remove the per-CPU post_msg_page (bsc#1206453). * Drop amdgpu patch causing spamming (bsc#1215523) * Drop cfg80211 lock fix patches that caused a regression (bsc#1213757) * Drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428) * Enable Analog Devices Industrial Ethernet PHY driver (jsc#PED-4759) * HID: add quirk for 03f0:464a HP Elite Presenter Mouse (git-fixes). * HID: logitech-dj: Fix error handling in logi_dj_recv_switch_to_dj_mode() (git-fixes). * HID: logitech-hidpp: Add USB and Bluetooth IDs for the Logitech G915 TKL Keyboard (git-fixes). * HID: multitouch: Correct devm device reference for hidinput input_dev name (git-fixes). * HID: wacom: remove the battery when the EKR is off (git-fixes). * HWPOISON: offline support: fix spelling in Documentation/ABI/ (git-fixes). * IB/hfi1: Fix possible panic during hotplug remove (git-fixes) * IB/uverbs: Fix an potential error pointer dereference (git-fixes) * Input: exc3000 - properly stop timer on shutdown (git-fixes). * KVM: s390: fix sthyi error handling (git-fixes bsc#1214370). * Kbuild: add -Wno-shift-negative-value where -Wextra is used (bsc#1214756). * Kbuild: move to -std=gnu11 (bsc#1214756). * PCI/ASPM: Avoid link retraining race (git-fixes). * PCI/ASPM: Factor out pcie_wait_for_retrain() (git-fixes). * PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link() (git-fixes). * PCI: Mark NVIDIA T4 GPUs to avoid bus reset (git-fixes). * PCI: acpiphp: Reassign resources on bridge if necessary (git-fixes). * PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus (git-fixes). * PCI: hv: Enable PCI pass-thru devices in Confidential VMs (bsc#1206453). * PCI: hv: Replace retarget_msi_interrupt_params with (bsc#1206453). * PCI: meson: Remove cast between incompatible function type (git-fixes). * PCI: microchip: Correct the DED and SEC interrupt bit offsets (git-fixes). * PCI: microchip: Remove cast between incompatible function type (git-fixes). * PCI: pciehp: Use RMW accessors for changing LNKCTL (git-fixes). * PCI: rockchip: Remove writes to unused registers (git-fixes). * PCI: s390: Fix use-after-free of PCI resources with per-function hotplug (git-fixes). * PCI: tegra194: Fix possible array out of bounds access (git-fixes). * PM / devfreq: Fix leak in devfreq_dev_release() (git-fixes). * RDMA/bnxt_re: Fix error handling in probe failure path (git-fixes) * RDMA/bnxt_re: Fix max_qp count for virtual functions (git-fixes) * RDMA/efa: Fix wrong resources deallocation order (git-fixes) * RDMA/hns: Fix CQ and QP cache affinity (git-fixes) * RDMA/hns: Fix incorrect post-send with direct wqe of wr-list (git-fixes) * RDMA/hns: Fix port active speed (git-fixes) * RDMA/irdma: Prevent zero-length STAG registration (git-fixes) * RDMA/irdma: Replace one-element array with flexible-array member (git-fixes) * RDMA/mlx5: Return the firmware result upon destroying QP/RQ (git-fixes) * RDMA/qedr: Remove a duplicate assignment in irdma_query_ah() (git-fixes) * RDMA/siw: Balance the reference of cep->kref in the error path (git-fixes) * RDMA/siw: Correct wrong debug message (git-fixes) * RDMA/umem: Set iova in ODP flow (git-fixes) * README.BRANCH: Add Miroslav Franc as a SLE15-SP4 co-maintainer. * Revert "IB/isert: Fix incorrect release of isert connection" (git-fixes) * Revert "tracing: Add "(fault)" name injection to kernel probes" (git-fixes). * SMB3: Do not send lease break acknowledgment if all file handles have been closed (git-fixes). * Update patches.suse/cpufreq-intel_pstate-Fix-cpu-pstate.turbo_freq- initi.patch (git-fixes bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). * amba: bus: fix refcount leak (git-fixes). * arm64: dts: imx8mn-var-som: add missing pull-up for onboard PHY reset pinmux (git-fixes). * arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (git-fixes). * arm64: dts: rockchip: Disable HS400 for eMMC on ROCK Pi 4 (git-fixes). * audit: fix possible soft lockup in __audit_inode_child() (git-fixes). * backlight/bd6107: Compare against struct fb_info.device (git-fixes). * backlight/gpio_backlight: Compare against struct fb_info.device (git-fixes). * backlight/lv5207lp: Compare against struct fb_info.device (git-fixes). * batman-adv: Do not get eth header before batadv_check_management_packet (git-fixes). * batman-adv: Do not increase MTU when set by user (git-fixes). * batman-adv: Fix TT global entry leak when client roamed back (git-fixes). * batman-adv: Fix batadv_v_ogm_aggr_send memory leak (git-fixes). * batman-adv: Hold rtnl lock during MTU update via netlink (git-fixes). * batman-adv: Trigger events for auto adjusted MTU (git-fixes). * bnx2x: fix page fault following EEH recovery (bsc#1214299). * bpf: Disable preemption in bpf_event_output (git-fixes). * bpftool: Print newline before '}' for struct with padding only fields (bsc#1211220 jsc#PED-3924). * bus: mhi: host: Skip MHI reset if device is in RDDM (git-fixes). * bus: ti-sysc: Fix build warning for 64-bit build (git-fixes). * bus: ti-sysc: Fix cast to enum warning (git-fixes). * bus: ti-sysc: Flush posted write on enable before reset (git-fixes). * can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM (git-fixes). * ceph: defer stopping mdsc delayed_work (bsc#1214392). * ceph: do not check for quotas on MDS stray dirs (bsc#1214238). * ceph: never send metrics if disable_send_metrics is set (bsc#1214180). * check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380). gcc7 on SLE 15 does not support this while later gcc does. * cifs: add missing return value check for cifs_sb_tlink (bsc#1193629). * cifs: allow dumping keys for directories too (bsc#1193629). * cifs: fix mid leak during reconnection after timeout threshold (git-fixes). * cifs: if deferred close is disabled then close files immediately (git- fixes). * cifs: is_network_name_deleted should return a bool (bsc#1193629). * cifs: update internal module version number for cifs.ko (bsc#1193629). * clk: Fix slab-out-of-bounds error in devm_clk_release() (git-fixes). * clk: Fix undefined reference to `clk_rate_exclusive_{get,put}' (git-fixes). * clk: imx8mp: fix sai4 clock (git-fixes). * clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op (git-fixes). * clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz (git- fixes). * clk: qcom: camcc-sc7180: fix async resume during probe (git-fixes). * clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (git-fixes). * clk: qcom: gcc-sc7180: Fix up gcc_sdcc2_apps_clk_src (git-fixes). * clk: qcom: gcc-sm8250: Fix gcc_sdcc2_apps_clk_src (git-fixes). * clk: sunxi-ng: Modify mismatched function name (git-fixes). * clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function (bsc#1213970). * clocksource/drivers/hyper-v: Rework clocksource and sched clock setup (bsc#1206453). * clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function (bsc#1213970). * clocksource: hyper-v: Add TSC page support for root partition (bsc#1206453). * clocksource: hyper-v: Introduce TSC PFN getter (bsc#1206453). * clocksource: hyper-v: Introduce a pointer to TSC page (bsc#1206453). * clocksource: hyper-v: Use TSC PFN getter to map vvar page (bsc#1206453). * clocksource: hyper-v: make sure Invariant-TSC is used if it is (bsc#1206453). * cpu/SMT: Allow enabling partial SMT states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/SMT: Create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/SMT: Move SMT prototypes into cpu_smt.h (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/SMT: Move smt/control simple exit cases earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/SMT: Remove topology_smt_supported() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/SMT: Store the current/max number of threads (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpufreq: Fix the race condition while updating the transition_task of policy (git-fixes). * cpufreq: intel_pstate: Adjust balance_performance EPP for Sapphire Rapids (bsc#1214659). * cpufreq: intel_pstate: Enable HWP IO boost for all servers (bsc#1208949 jsc#PED-6003 jsc#PED-6004). * cpufreq: intel_pstate: Fix scaling for hybrid-capable systems with disabled E-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). * cpufreq: intel_pstate: Read all MSRs on the target CPU (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). * cpufreq: intel_pstate: hybrid: Rework HWP calibration (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). * cpufreq: intel_pstate: hybrid: Use known scaling factor for P-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). * crypto: caam - fix unchecked return value error (git-fixes). * crypto: stm32 - Properly handle pm_runtime_get failing (git-fixes). * define more Hyper-V related constants (bsc#1206453). * dma-buf/sw_sync: Avoid recursive lock during fence signal (git-fixes). * dma-buf/sync_file: Fix docs syntax (git-fixes). * dmaengine: idxd: Modify the dependence of attribute pasid_enabled (git- fixes). * dmaengine: mcf-edma: Fix a potential un-allocated memory access (git-fixes). * dmaengine: pl330: Return DMA_PAUSED when transaction is paused (git-fixes). * dmaengine: ste_dma40: Add missing IRQ check in d40_probe (git-fixes). * docs/process/howto: Replace C89 with C11 (bsc#1214756). * docs: kernel-parameters: Refer to the correct bitmap function (git-fixes). * docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx (git-fixes). * docs: printk-formats: Fix hex printing of signed values (git-fixes). * driver core: test_async: fix an error code (git-fixes). * drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init() (git- fixes). * drivers: usb: smsusb: fix error handling code in smsusb_init_device (git- fixes). * drm/amd/display: Apply 60us prefetch for DCFCLK <= 300Mhz (git-fixes). * drm/amd/display: Disable phantom OTG after enable for plane disable (git- fixes). * drm/amd/display: Do not set drr on pipe commit (git-fixes). * drm/amd/display: Enable dcn314 DPP RCO (git-fixes). * drm/amd/display: Ensure that planes are in the same order (git-fixes). * drm/amd/display: Implement workaround for writing to OTG_PIXEL_RATE_DIV register (git-fixes). * drm/amd/display: Retain phantom plane/stream if validation fails (git- fixes). * drm/amd/display: Skip DPP DTO update if root clock is gated (git-fixes). * drm/amd/display: Use update plane and stream routine for DCN32x (git-fixes). * drm/amd/display: check TG is non-null before checking if enabled (git- fixes). * drm/amd/display: check attr flag before set cursor degamma on DCN3+ (git- fixes). * drm/amd/display: disable RCO for DCN314 (git-fixes). * drm/amd/display: do not wait for mpc idle if tg is disabled (git-fixes). * drm/amd/display: fix access hdcp_workqueue assert (git-fixes). * drm/amd/display: fix the build when DRM_AMD_DC_DCN is not set (git-fixes). * drm/amd/display: limit DPIA link rate to HBR3 (git-fixes). * drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes). * drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes). * drm/amd/display: trigger timing sync only if TG is running (git-fixes). * drm/amd/pm/smu7: move variables to where they are used (git-fixes). * drm/amd/pm: avoid unintentional shutdown due to temperature momentary fluctuation (git-fixes). * drm/amd/pm: expose swctf threshold setting for legacy powerplay (git-fixes). * drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create() (git-fixes). * drm/amd/pm: fulfill powerplay peak profiling mode shader/memory clock settings (git-fixes). * drm/amd/pm: fulfill swsmu peak profiling mode shader/memory clock settings (git-fixes). * drm/amd/pm: skip the RLC stop when S0i3 suspend for SMU v13.0.4/11 (git- fixes). * drm/amd: Disable S/G for APUs when 64GB or more host memory (git-fixes). * drm/amd: flush any delayed gfxoff on suspend entry (git-fixes). * drm/amdgpu/pm: fix throttle_status for other than MP1 11.0.7 (git-fixes). * drm/amdgpu: Fix integer overflow in amdgpu_cs_pass1 (git-fixes). * drm/amdgpu: Fix potential fence use-after-free v2 (git-fixes). * drm/amdgpu: Remove unnecessary domain argument (git-fixes). * drm/amdgpu: Use RMW accessors for changing LNKCTL (git-fixes). * drm/amdgpu: add S/G display parameter (git-fixes). * drm/amdgpu: add vram reservation based on vram_usagebyfirmware_v2_2 (git- fixes). * drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() (git-fixes). * drm/amdgpu: fix calltrace warning in amddrm_buddy_fini (git-fixes). * drm/amdgpu: fix memory leak in mes self test (git-fixes). * drm/amdgpu: fix possible UAF in amdgpu_cs_pass1() (git-fixes). * drm/amdgpu: install stub fence into potential unused fence pointers (git- fixes). * drm/amdgpu: keep irq count in amdgpu_irq_disable_all (git-fixes). * drm/amdgpu: skip fence GFX interrupts disable/enable for S0ix (git-fixes). * drm/armada: Fix off-by-one error in armada_overlay_get_property() (git- fixes). * drm/ast: Fix DRAM init on AST2200 (git-fixes). * drm/atomic-helper: Update reference to drm_crtc_force_disable_all() (git- fixes). * drm/bridge: anx7625: Drop device lock before drm_helper_hpd_irq_event() (git-fixes). * drm/bridge: anx7625: Use common macros for DP power sequencing commands (git-fixes). * drm/bridge: anx7625: Use common macros for HDCP capabilities (git-fixes). * drm/bridge: fix -Wunused-const-variable= warning (git-fixes). * drm/bridge: tc358764: Fix debug print parameter order (git-fixes). * drm/etnaviv: fix dumping of active MMU context (git-fixes). * drm/gma500: Use drm_aperture_remove_conflicting_pci_framebuffers (git- fixes). * drm/i915/sdvo: fix panel_type initialization (git-fixes). * drm/i915: Fix premature release of request's reusable memory (git-fixes). * drm/mediatek: Fix dereference before null check (git-fixes). * drm/mediatek: Fix potential memory leak if vmap() fail (git-fixes). * drm/mediatek: Remove freeing not dynamic allocated memory (git-fixes). * drm/msm/a2xx: Call adreno_gpu_init() earlier (git-fixes). * drm/msm/dpu: fix the irq index in dpu_encoder_phys_wb_wait_for_commit_done (git-fixes). * drm/msm/mdp5: Do not leak some plane state (git-fixes). * drm/msm: Update dev core dump to not print backwards (git-fixes). * drm/mxsfb: Disable overlay plane in mxsfb_plane_overlay_atomic_disable() (git-fixes). * drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes (git-fixes). * drm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create (bsc#1214073). * drm/nouveau/gr: enable memory loads on helper invocation on all channels (git-fixes). * drm/nouveau/nvkm/dp: Add workaround to fix DP 1.3+ DPCD issues (git-fixes). * drm/panel: simple: Add missing connector type and pixel format for AUO T215HVN01 (git-fixes). * drm/panel: simple: Fix AUO G121EAN01 panel timings according to the docs (git-fixes). * drm/qxl: fix UAF on handle creation (git-fixes). * drm/radeon: Use RMW accessors for changing LNKCTL (git-fixes). * drm/repaper: Reduce temporary buffer size in repaper_fb_dirty() (git-fixes). * drm/rockchip: Do not spam logs in atomic check (git-fixes). * drm/shmem-helper: Reset vma->vm_ops before calling dma_buf_mmap() (git- fixes). * drm/stm: ltdc: fix late dereference check (git-fixes). * drm/tegra: dpaux: Fix incorrect return value of platform_get_irq (git- fixes). * drm/ttm: check null pointer before accessing when swapping (git-fixes). * drm/ttm: never consider pinned BOs for eviction&swap (git-fixes). * drm/vmwgfx: Fix shader stage validation (git-fixes). * drm: adv7511: Fix low refresh rate register for ADV7533/5 (git-fixes). * drm: rcar-du: remove R-Car H3 ES1.* workarounds (git-fixes). * drm: xlnx: zynqmp_dpsub: Add missing check for dma_set_mask (git-fixes). * dt-bindings: clock: xlnx,versal-clk: drop select:false (git-fixes). * dt-bindings: clocks: imx8mp: make sai4 a dummy clock (git-fixes). * dt-bindings: crypto: ti,sa2ul: make power-domains conditional (git-fixes). * e1000: Fix typos in comments (jsc#PED-5738). * e1000: Remove unnecessary use of kmap_atomic() (jsc#PED-5738). * e1000: switch to napi_build_skb() (jsc#PED-5738). * e1000: switch to napi_consume_skb() (jsc#PED-5738). * exfat: fix unexpected EOF while reading dir (bsc#1214000). * exfat: release s_lock before calling dir_emit() (bsc#1214000). * exfat_iterate(): do not open-code file_inode(file) (bsc#1214000). * fbdev/ep93xx-fb: Do not assign to struct fb_info.dev (git-fixes). * fbdev: Fix sys_imageblit() for arbitrary image widths (git-fixes). * fbdev: Improve performance of sys_imageblit() (git-fixes). * fbdev: Update fbdev source file paths (git-fixes). * fbdev: fix potential OOB read in fast_imageblit() (git-fixes). * fbdev: mmp: fix value check in mmphw_probe() (git-fixes). * file: reinstate f_pos locking optimization for regular files (bsc#1213759). * firmware: arm_scmi: Drop OF node reference in the transport channel setup (git-fixes). * firmware: cs_dsp: Fix new control name check (git-fixes). * firmware: meson_sm: fix to avoid potential NULL pointer dereference (git- fixes). * firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes). * fprobe: Release rethook after the ftrace_ops is unregistered (git-fixes). * fprobe: add unlock to match a succeeded ftrace_test_recursion_trylock (git- fixes). * fs/sysv: Null check to prevent null-ptr-deref bug (git-fixes). * fsi: aspeed: Reset master errors after CFAM reset (git-fixes). * fsi: master-ast-cf: Add MODULE_FIRMWARE macro (git-fixes). * ftrace: Fix possible warning on checking all pages used in ftrace_process_locs() (git-fixes). * gpio: mvebu: Make use of devm_pwmchip_add (git-fixes). * gpio: mvebu: fix irq domain leak (git-fixes). * gpio: tps68470: Make tps68470_gpio_output() always set the initial value (git-fixes). * hv_netvsc: Remove second mapping of send and recv buffers (bsc#1206453). * hwmon: (pmbus/bel-pfe) Enable PMBUS_SKIP_STATUS_CHECK for pfe1100 (git- fixes). * hwmon: (tmp513) Fix the channel number in tmp51x_is_visible() (git-fixes). * hwrng: iproc-rng200 - Implement suspend and resume calls (git-fixes). * hwrng: nomadik - keep clock enabled while hwrng is registered (git-fixes). * hwrng: pic32 - use devm_clk_get_enabled (git-fixes). * i2c: Delete error messages for failed memory allocations (git-fixes). * i2c: Improve size determinations (git-fixes). * i2c: bcm-iproc: Fix bcm_iproc_i2c_isr deadlock issue (git-fixes). * i2c: designware: Correct length byte validation logic (git-fixes). * i2c: designware: Handle invalid SMBus block data response length value (git- fixes). * i2c: hisi: Only handle the interrupt of the driver's transfer (git-fixes). * i2c: nomadik: Remove a useless call in the remove function (git-fixes). * i2c: nomadik: Remove unnecessary goto label (git-fixes). * i2c: nomadik: Use devm_clk_get_enabled() (git-fixes). * i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes). * iavf: fix potential races for FDIR filters (git-fixes). * ice: Fix RDMA VSI removal during queue rebuild (git-fixes). * ice: Fix crash by keep old cfg when update TCs more than queues (git-fixes). * ice: Fix max_rate check while configuring TX rate limits (git-fixes). * ice: Fix memory management in ice_ethtool_fdir.c (git-fixes). * iio: adc: ina2xx: avoid NULL pointer dereference on OF device match (git- fixes). * iio: adc: stx104: Implement and utilize register structures (git-fixes). * iio: adc: stx104: Utilize iomap interface (git-fixes). * iio: cros_ec: Fix the allocation size for cros_ec_command (git-fixes). * intel/e1000:fix repeated words in comments (jsc#PED-5738). * intel: remove unused macros (jsc#PED-5738). * iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423). * iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423). * iommu/amd: Add PCI segment support for ivrs_ commands (git-fixes). * iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423). * iommu/amd: Do not identity map v2 capable device when snp is enabled (git- fixes). * iommu/amd: Fix compile warning in init code (git-fixes). * iommu/amd: Fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (git-fixes). * iommu/amd: Fix ivrs_acpihid cmdline parsing code (git-fixes). * iommu/amd: Fix pci device refcount leak in ppr_notifier() (git-fixes). * iommu/amd: use full 64-bit value in build_completion_wait() (git-fixes). * iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT device to identity (git-fixes). * iommu/arm-smmu-v3: check return value after calling platform_get_resource() (git-fixes). * iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes). * iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (git- fixes). * iommu/dart: Initialize DART_STREAMS_ENABLE (git-fixes). * iommu/dma: Fix incorrect error return on iommu deferred attach (git-fixes). * iommu/dma: Fix iova map result check bug (git-fixes). * iommu/dma: return error code from iommu_dma_map_sg() (git-fixes). * iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe() (git-fixes). * iommu/io-pgtable-arm-v7s: Add a quirk to allow pgtable PA up to 35bit (git- fixes). * iommu/iova: Fix module config properly (git-fixes). * iommu/mediatek: Add error path for loop of mm_dts_parse (git-fixes). * iommu/mediatek: Add platform_device_put for recovering the device refcnt (git-fixes). * iommu/mediatek: Check return value after calling platform_get_resource() (git-fixes). * iommu/mediatek: Set dma_mask for PGTABLE_PA_35_EN (git-fixes). * iommu/mediatek: Use component_match_add (git-fixes). * iommu/mediatek: Validate number of phandles associated with "mediatek,larbs" (git-fixes). * iommu/omap: Fix buffer overflow in debugfs (git-fixes). * iommu/rockchip: fix permission bits in page table entries v2 (git-fixes). * iommu/s390: Fix duplicate domain attachments (git-fixes). * iommu/sun50i: Consider all fault sources for reset (git-fixes). * iommu/sun50i: Fix R/W permission check (git-fixes). * iommu/sun50i: Fix flush size (git-fixes). * iommu/sun50i: Fix reset release (git-fixes). * iommu/sun50i: Implement .iotlb_sync_map (git-fixes). * iommu/sun50i: Remove IOMMU_DOMAIN_IDENTITY (git-fixes). * iommu/vt-d: Add RPLS to quirk list to skip TE disabling (git-fixes). * iommu/vt-d: Check correct capability for sagaw determination (git-fixes). * iommu/vt-d: Clean up si_domain in the init_dmars() error path (git-fixes). * iommu/vt-d: Correctly calculate sagaw value of IOMMU (git-fixes). * iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init() (git- fixes). * iommu/vt-d: Fix PCI device refcount leak in has_external_pci() (git-fixes). * iommu/vt-d: Fix kdump kernels boot failure with scalable mode (git-fixes). * iommu/vt-d: Preset Access bit for IOVA in FL non-leaf paging entries (git- fixes). * iommu/vt-d: Set SRE bit only when hardware has SRS cap (git-fixes). * ipmi:ssif: Add check for kstrdup (git-fixes). * ipmi:ssif: Fix a memory leak when scanning for an adapter (git-fixes). * ipmi_si: fix a memleak in try_smi_init() (git-fixes). * jffs2: correct logic when creating a hole in jffs2_write_begin (git-fixes). * kabi/severities: Ignore newly added SRSO mitigation functions * kabi: Allow extra bugsints (bsc#1213927). * kernel-binary: Common dependencies cleanup Common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there. * kernel-binary: Drop code for kerntypes support Kerntypes was a SUSE-specific feature dropped before SLE 12. * kunit: make kunit_test_timeout compatible with comment (git-fixes). * leds: Fix BUG_ON check for LED_COLOR_ID_MULTI that is always false (git- fixes). * leds: multicolor: Use rounded division when calculating color components (git-fixes). * leds: pwm: Fix error code in led_pwm_create_fwnode() (git-fixes). * leds: trigger: tty: Do not use LED_ON/OFF constants, use led_blink_set_oneshot instead (git-fixes). * leds: turris-omnia: Drop unnecessary mutex locking (git-fixes). * lib/test_meminit: allocate pages up to order MAX_ORDER (git-fixes). * lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test (git-fixes). * libbpf: Fix BTF-to-C converter's padding logic (bsc#1211220 jsc#PED-3924). * libbpf: Fix btf_dump's packed struct determination (bsc#1211220 jsc#PED-3924). * libbpf: Fix single-line struct definition output in btf_dump (bsc#1211220 jsc#PED-3924). * libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393). * md/raid0: Factor out helper for mapping and submitting a bio (bsc#1213916). * md/raid0: Fix performance regression for large sequential writes (bsc#1213916). * media: ad5820: Drop unsupported ad5823 from i2c_ and of_device_id tables (git-fixes). * media: cx24120: Add retval check for cx24120_message_send() (git-fixes). * media: dib7000p: Fix potential division by zero (git-fixes). * media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() (git- fixes). * media: go7007: Remove redundant if statement (git-fixes). * media: i2c: ccs: Check rules is non-NULL (git-fixes). * media: i2c: rdacm21: Fix uninitialized value (git-fixes). * media: i2c: tvp5150: check return value of devm_kasprintf() (git-fixes). * media: ov2680: Add ov2680_fill_format() helper function (git-fixes). * media: ov2680: Do not take the lock for try_fmt calls (git-fixes). * media: ov2680: Fix ov2680_bayer_order() (git-fixes). * media: ov2680: Fix ov2680_set_fmt() which == V4L2_SUBDEV_FORMAT_TRY not working (git-fixes). * media: ov2680: Fix regulators being left enabled on ov2680_power_on() errors (git-fixes). * media: ov2680: Fix vflip / hflip set functions (git-fixes). * media: ov2680: Remove VIDEO_V4L2_SUBDEV_API ifdef-s (git-fixes). * media: ov5640: Enable MIPI interface in ov5640_set_power_mipi() (git-fixes). * media: rkvdec: increase max supported height for H.264 (git-fixes). * media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link() (git-fixes). * media: v4l2-mem2mem: add lock to protect parameter num_rdy (git-fixes). * media: venus: hfi_venus: Only consider sys_idle_indicator on V1 (git-fixes). * media: venus: hfi_venus: Write to VIDC_CTRL_INIT after unmasking interrupts (git-fixes). * misc: rtsx: judge ASPM Mode to set PETXCFG Reg (git-fixes). * mkspec: Allow unsupported KMPs (bsc#1214386) * mlxsw: pci: Add shutdown method in PCI driver (git-fixes). * mmc: block: Fix in_flight[issue_type] value error (git-fixes). * mmc: moxart: read scr register without changing byte order (git-fixes). * mmc: wbsd: fix double mmc_free_host() in wbsd_init() (git-fixes). * module: avoid allocation if module is already present and ready (bsc#1213921). * module: extract patient module check into helper (bsc#1213921). * module: move check_modinfo() early to early_mod_check() (bsc#1213921). * module: move early sanity checks into a helper (bsc#1213921). * mtd: rawnand: brcmnand: Fix crash during the panic_write (git-fixes). * mtd: rawnand: brcmnand: Fix mtd oobsize (git-fixes). * mtd: rawnand: brcmnand: Fix potential false time out warning (git-fixes). * mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write (git-fixes). * mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op() (git-fixes). * mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() (git- fixes). * mtd: rawnand: omap_elm: Fix incorrect type in assignment (git-fixes). * mtd: rawnand: rockchip: Align hwecc vs. raw page helper layouts (git-fixes). * mtd: rawnand: rockchip: fix oobfree offset and description (git-fixes). * mtd: spi-nor: Check bus width while setting QE bit (git-fixes). * mtd: spinand: toshiba: Fix ecc_get_status (git-fixes). * n_tty: Rename tail to old_tail in n_tty_read() (git-fixes). * net: hns3: fix wrong bw weight of disabled tc issue (git-fixes). * net: ieee802154: at86rf230: Stop leaking skb's (git-fixes). * net: mana: Fix MANA VF unload when hardware is unresponsive (git-fixes). * net: phy: at803x: remove set/get wol callbacks for AR8032 (git-fixes). * net: phy: broadcom: stub c45 read/write for 54810 (git-fixes). * net: phy: fix IRQ-based wake-on-lan over hibernate / power off (git-fixes). * net: stmmac: tegra: Properly allocate clock bulk data (bsc#1213733) * net: usb: lan78xx: reorder cleanup operations to avoid UAF bugs (git-fixes). * net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb (git-fixes). * netfs: Fix lockdep warning from taking sb_writers whilst holding mmap_lock (bsc#1214742). * netfs: Fix missing xas_retry() calls in xarray iteration (bsc#1213946 bsc#1214404). * netfs: Fix missing xas_retry() calls in xarray iteration (bsc#1213946). * netfs: fix parameter of cleanup() (bsc#1214743). * nfsd: Remove incorrect check in nfsd4_validate_stateid (git-fixes). * nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse (git- fixes). * nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (git- fixes). * nvme-rdma: fix potential unbalanced freeze & unfreeze (bsc#1208902). * nvme-tcp: fix potential unbalanced freeze & unfreeze (bsc#1208902). * objtool/x86: Fix SRSO mess (git-fixes). * objtool/x86: Fixup frame-pointer vs rethunk (git-fixes). * objtool: Union instruction::{call_dest,jump_table} (git-fixes). * old-flavors: Drop 2.6 kernels. 2.6 based kernels are EOL, upgrading from them is no longer suported. * pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() (git-fixes). * phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write (git- fixes). * phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate (git- fixes). * phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 (git-fixes). * phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend (git-fixes). * phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes). * phy: qcom-snps: Use dev_err_probe() to simplify code (git-fixes). * phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc (git-fixes). * pinctrl: amd: Mask wake bits on probe again (git-fixes). * pinctrl: amd: Revert "pinctrl: amd: disable and mask interrupts on probe" (git-fixes). * pinctrl: cherryview: fix address_space_handler() argument (git-fixes). * pinctrl: mcp23s08: check return value of devm_kasprintf() (git-fixes). * pinctrl: renesas: rza2: Add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function} (git-fixes). * platform/x86: dell-sysman: Fix reference leak (git-fixes). * powerpc/64e: Fix kexec build error (bsc#1212091 ltc#199106). * powerpc/iommu: Fix iommu_table_in_use for a small default DMA window case (bsc#1212091 ltc#199106). * powerpc/iommu: Incorrect DDW Table is referenced for SR-IOV device (bsc#1212091 ltc#199106). * powerpc/iommu: TCEs are incorrectly manipulated with DLPAR add/remove of memory (bsc#1212091 ltc#199106). * powerpc/iommu: do not set failed sg dma_address to DMA_MAPPING_ERROR (bsc#1212091 ltc#199106). * powerpc/iommu: return error code from .map_sg() ops (bsc#1212091 ltc#199106). * powerpc/kernel/iommu: Add new iommu_table_in_use() helper (bsc#1212091 ltc#199106). * powerpc/kexec: Fix build failure from uninitialised variable (bsc#1212091 ltc#199106). * powerpc/mm/altmap: Fix altmap boundary check (bsc#1120059 git-fixes). * powerpc/pseries/ddw: Do not try direct mapping with persistent memory and one window (bsc#1212091 ltc#199106). * powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Add ddw_list_new_entry() helper (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Add ddw_property_create() and refactor enable_ddw() (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Add iommu_pseries_alloc_table() helper (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Add of_node_put() before break (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Allow DDW windows starting at 0x00 (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Check if the default window in use before removing it (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Create huge DMA window if no MMIO32 is present (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Find existing DDW with given property name (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Make use of DDW for indirect mapping (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Print ibm,query-pe-dma-windows parameters (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Rename "direct window" to "dma window" (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Reorganize iommu_table_setparms*() with new helper (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Replace hard-coded page shift (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Update remove_dma_window() to accept property name (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Use correct vfree for it_map (bsc#1212091 ltc#199106). * powerpc/pseries: Add __init attribute to eligible functions (bsc#1212091 ltc#199106). * powerpc/pseries: Honour current SMT state when DLPAR onlining CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * powerpc/pseries: Initialise CPU hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * powerpc/rtas: block error injection when locked down (bsc#1023051). * powerpc/rtas: enture rtas_call is called with MMU enabled (bsc#1023051). * powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051). * powerpc/rtas_flash: allow user copy to flash block cache objects (bsc#1194869). * powerpc/security: Fix Speculation_Store_Bypass reporting on Power10 (bsc#1188885 ltc#193722 git-fixes). * powerpc: Add HOTPLUG_SMT support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). Update config files. * powerpc: Move DMA64_PROPNAME define to a header (bsc#1214297 ltc#197503). * powerpc: fix typos in comments (bsc#1212091 ltc#199106). * pseries/iommu/ddw: Fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503). * pstore/ram: Check start of empty przs during init (git-fixes). * pwm: Add a stub for devm_pwmchip_add() (git-fixes). * pwm: meson: Simplify duplicated per-channel tracking (git-fixes). * pwm: meson: fix handling of period/duty if greater than UINT_MAX (git- fixes). * qed: Fix scheduling in a tasklet while getting stats (git-fixes). * regmap: rbtree: Use alloc_flags for memory allocations (git-fixes). * ring-buffer: Do not swap cpu_buffer during resize process (git-fixes). * ring-buffer: Fix deadloop issue on reading trace_pipe (git-fixes). * ring-buffer: Fix wrong stat of cpu_buffer->read (git-fixes). * rpm/mkspec-dtb: support for nested subdirs * rpmsg: glink: Add check for kstrdup (git-fixes). * s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976). * s390/purgatory: disable branch profiling (git-fixes bsc#1214372). * s390/zcrypt: fix reply buffer calculations for CCA replies (bsc#1213949). * sched/fair: Fix inaccurate tally of ttwu_move_affine (git fixes). * sched/fair: Use recent_used_cpu to test p->cpus_ptr (git fixes). * sched/psi: use kernfs polling functions for PSI trigger polling (bsc#1209799). * scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes). * scsi: 53c700: Check that command slot is not NULL (git-fixes). * scsi: RDMA/srp: Fix residual handling (git-fixes) * scsi: bsg: Increase number of devices (bsc#1210048). * scsi: core: Do not wait for quiesce in scsi_device_block() (bsc#1209284). * scsi: core: Do not wait for quiesce in scsi_stop_queue() (bsc#1209284). * scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes). * scsi: core: Fix possible memory leak if device_add() fails (git-fixes). * scsi: core: Improve warning message in scsi_device_block() (bsc#1209284). * scsi: core: Merge scsi_internal_device_block() and device_block() (bsc#1209284). * scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes). * scsi: qedf: Fix NULL dereference in error handling (git-fixes). * scsi: qedf: Fix firmware halt over suspend and resume (git-fixes). * scsi: qedi: Fix firmware halt over suspend and resume (git-fixes). * scsi: scsi_debug: Remove dead code (git-fixes). * scsi: sg: Increase number of devices (bsc#1210048). * scsi: snic: Fix double free in snic_tgt_create() (git-fixes). * scsi: snic: Fix possible memory leak if device_add() fails (git-fixes). * scsi: storvsc: Always set no_report_opcodes (git-fixes). * scsi: storvsc: Fix handling of virtual Fibre Channel timeouts (git-fixes). * scsi: storvsc: Handle SRB status value 0x30 (git-fixes). * scsi: storvsc: Limit max_sectors for virtual Fibre Channel devices (git- fixes). * scsi: zfcp: Defer fc_rport blocking until after ADISC response (git-fixes bsc#1214371). * selftests/bpf: Test btf dump for struct with padding only fields (bsc#1211220 jsc#PED-3924). * selftests/futex: Order calls to futex_lock_pi (git-fixes). * selftests/harness: Actually report SKIP for signal tests (git-fixes). * selftests/resctrl: Close perf value read fd on errors (git-fixes). * selftests/resctrl: Do not leak buffer in fill_cache() (git-fixes). * selftests/resctrl: Unmount resctrl FS if child fails to run benchmark (git- fixes). * selftests/rseq: check if libc rseq support is registered (git-fixes). * selftests: forwarding: Add a helper to skip test when using veth pairs (git- fixes). * selftests: forwarding: Skip test when no interfaces are specified (git- fixes). * selftests: forwarding: Switch off timeout (git-fixes). * selftests: forwarding: ethtool: Skip when using veth pairs (git-fixes). * selftests: forwarding: ethtool_extended_state: Skip when using veth pairs (git-fixes). * selftests: forwarding: tc_actions: Use ncat instead of nc (git-fixes). * selftests: forwarding: tc_actions: cleanup temporary files when test is aborted (git-fixes). * selftests: forwarding: tc_flower: Relax success criterion (git-fixes). * selftests: mirror_gre_changes: Tighten up the TTL test match (git-fixes). * serial: sc16is7xx: fix broken port 0 uart init (git-fixes). * serial: sc16is7xx: fix bug when first setting GPIO direction (git-fixes). * serial: sprd: Assign sprd_port after initialized to avoid wrong access (git- fixes). * serial: sprd: Fix DMA buffer leak issue (git-fixes). * serial: tegra: handle clk prepare error in tegra_uart_hw_init() (git-fixes). * sfc: fix crash when reading stats while NIC is resetting (git-fixes). * smb3: do not set NTLMSSP_VERSION flag for negotiate not auth request (bsc#1193629). * smb: client: Fix -Wstringop-overflow issues (bsc#1193629). * smb: client: fix dfs link mount against w2k8 (bsc#1212142). * smb: client: fix null auth (git-fixes). * soc: aspeed: socinfo: Add kfree for kstrdup (git-fixes). * soundwire: bus: pm_runtime_request_resume on peripheral attachment (git- fixes). * soundwire: fix enumeration completion (git-fixes). * spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (git-fixes). * supported.conf: fix typos for -!optional markers * swiotlb: Remove bounce buffer remapping for Hyper-V (bsc#1206453). * target: compare and write backend driver sense handling (bsc#1177719 bsc#1213026). * target_core_rbd: fix leak and reduce kmalloc calls (bsc#1212873). * target_core_rbd: fix rbd_img_request.snap_id assignment (bsc#1212857). * target_core_rbd: remove snapshot existence validation code (bsc#1212857). * thunderbolt: Read retimer NVM authentication status prior tb_retimer_set_inbound_sbtx() (git-fixes). * timers: Add shutdown mechanism to the internal functions (bsc#1213970). * timers: Provide timer_shutdown_sync (bsc#1213970). * timers: Rename del_timer() to timer_delete() (bsc#1213970). * timers: Rename del_timer_sync() to timer_delete_sync() (bsc#1213970). * timers: Replace BUG_ON()s (bsc#1213970). * timers: Silently ignore timers with a NULL function (bsc#1213970). * timers: Split [try_to_]del_timer_sync to prepare for shutdown mode (bsc#1213970). * timers: Update kernel-doc for various functions (bsc#1213970). * timers: Use del_timer_sync() even on UP (bsc#1213970). * tracing/histograms: Add histograms to hist_vars if they have referenced variables (git-fixes). * tracing/histograms: Return an error if we fail to add histogram to hist_vars list (git-fixes). * tracing/probes: Fix not to count error code to total length (git-fixes). * tracing/probes: Fix to avoid double count of the string length on the array (git-fixes). * tracing/probes: Fix to record 0-length data_loc in fetch_store_string*() if fails (git-fixes). * tracing/probes: Fix to update dynamic data counter if fetcharg uses it (git- fixes). * tracing: Fix cpu buffers unavailable due to 'record_disabled' missed (git- fixes). * tracing: Fix memleak due to race between current_tracer and trace (git- fixes). * tracing: Fix memory leak of iter->temp when reading trace_pipe (git-fixes). * tracing: Fix null pointer dereference in tracing_err_log_open() (git-fixes). * tracing: Fix warning in trace_buffered_event_disable() (git-fixes). * tty: fix hang on tty device with no_room set (git-fixes). * tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux (git- fixes). * tty: serial: fsl_lpuart: Add i.MXRT1050 support (git-fixes). * tty: serial: fsl_lpuart: Clear the error flags by writing 1 for lpuart32 platforms (git-fixes). * tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms (git-fixes). * tty: serial: fsl_lpuart: reduce RX watermark to 0 on LS1028A (git-fixes). * ubifs: Fix memleak when insert_old_idx() failed (git-fixes). * usb-storage: alauda: Fix uninit-value in alauda_check_media() (git-fixes). * usb: chipidea: imx: add missing USB PHY DPDM wakeup setting (git-fixes). * usb: chipidea: imx: do not request QoS for imx8ulp (git-fixes). * usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 (git- fixes). * usb: common: usb-conn-gpio: Prevent bailing out if initial role is none (git-fixes). * usb: dwc3: Fix typos in gadget.c (git-fixes). * usb: dwc3: Properly handle processing of pending events (git-fixes). * usb: dwc3: meson-g12a: do post init to fix broken usb after resumption (git- fixes). * usb: gadget: Fix the memory leak in raw_gadget driver (git-fixes). * usb: gadget: f_mass_storage: Fix unused variable warning (git-fixes). * usb: gadget: u_serial: Avoid spinlock recursion in __gs_console_push (git- fixes). * usb: ohci-at91: Fix the unhandle interrupt when resume (git-fixes). * usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (git- fixes). * usb: quirks: add quirk for Focusrite Scarlett (git-fixes). * usb: serial: option: add Quectel EC200A module support (git-fixes). * usb: serial: option: support Quectel EM060K_128 (git-fixes). * usb: serial: simple: add Kaufmann RKS+CAN VCP (git-fixes). * usb: serial: simple: sort driver entries (git-fixes). * usb: typec: altmodes/displayport: Signal hpd when configuring pin assignment (git-fixes). * usb: typec: tcpm: Fix response to vsafe0V event (git-fixes). * usb: typec: tcpm: set initial svdm version based on pd revision (git-fixes). * usb: zaurus: Add ID for A-300/B-500/C-700 (git-fixes). * watchdog: sp5100_tco: support Hygon FCH/SCH (Server Controller Hub) (git- fixes). * wifi: ath10k: Use RMW accessors for changing LNKCTL (git-fixes). * wifi: ath11k: Use RMW accessors for changing LNKCTL (git-fixes). * wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx (git- fixes). * wifi: ath9k: protect WMI command response buffer replacement with a lock (git-fixes). * wifi: ath9k: use IS_ERR() with debugfs_create_dir() (git-fixes). * wifi: cfg80211: Fix return value in scan logic (git-fixes). * wifi: cfg80211: fix sband iftype data lookup for AP_VLAN (git-fixes). * wifi: mt76: mt7615: do not advertise 5 GHz on first phy of MT7615D (DBDC) (git-fixes). * wifi: mt76: mt7915: fix power-limits while chan_switch (git-fixes). * wifi: mt76: mt7921: do not support one stream on secondary antenna only (git-fixes). * wifi: mt76: mt7921: fix non-PSC channel scan fail (git-fixes). * wifi: mt76: testmode: add nla_policy for MT76_TM_ATTR_TX_LENGTH (git-fixes). * wifi: mwifiex: Fix OOB and integer underflow when rx packets (git-fixes). * wifi: mwifiex: Fix missed return in oob checks failed path (git-fixes). * wifi: mwifiex: avoid possible NULL skb pointer dereference (git-fixes). * wifi: mwifiex: fix error recovery in PCIE buffer descriptor management (git- fixes). * wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (git-fixes). * wifi: nl80211/cfg80211: add forgotten nla_policy for BSS color attribute (git-fixes). * wifi: radiotap: fix kernel-doc notation warnings (git-fixes). * wifi: rtw89: debug: Fix error handling in rtw89_debug_priv_btc_manual_set() (git-fixes). * x86/CPU/AMD: Disable XSAVES on AMD family 0x17 (git-fixes). * x86/alternative: Make custom return thunk unconditional (git-fixes). * x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes). * x86/cpu: Clean up SRSO return thunk mess (git-fixes). * x86/cpu: Cleanup the untrain mess (git-fixes). * x86/cpu: Fix __x86_return_thunk symbol type (git-fixes). * x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (git-fixes). * x86/cpu: Rename original retbleed methods (git-fixes). * x86/cpu: Rename srso_(.*) _alias to srso_alias_ \1 (git-fixes). * x86/hyperv: Add an interface to do nested hypercalls (bsc#1206453). * x86/hyperv: Add support for detecting nested hypervisor (bsc#1206453). * x86/hyperv: Change vTOM handling to use standard coco mechanisms (bsc#1206453). * x86/hyperv: Remove BUG_ON() for kmap_local_page() (bsc#1206453). * x86/hyperv: Reorder code to facilitate future work (bsc#1206453). * x86/hyperv: Replace kmap() with kmap_local_page() (bsc#1206453). * x86/ioremap: Add hypervisor callback for private MMIO mapping in coco (bsc#1206453). * x86/mce: Make sure logged MCEs are processed after sysfs update (git-fixes). * x86/mm: Handle decryption/re-encryption of bss_decrypted consistently (bsc#1206453). * x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (git-fixes). * x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (git-fixes). * x86/retpoline: Do not clobber RFLAGS during srso_safe_ret() (git-fixes). * x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635). * x86/speculation: Add cpu_show_gds() prototype (git-fixes). * x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes). * x86/srso: Correct the mitigation status when SMT is disabled (git-fixes). * x86/srso: Disable the mitigation on unaffected configurations (git-fixes). * x86/srso: Explain the untraining sequences a bit more (git-fixes). * x86/srso: Fix build breakage with the LLVM linker (git-fixes). * x86/srso: Fix return thunks in generated code (git-fixes). * x86/static_call: Fix __static_call_fixup() (git-fixes). * x86/tdx: Add more registers to struct tdx_hypercall_args (bsc#1206453). * x86/tdx: Do not corrupt frame-pointer in __tdx_hypercall() (bsc#1206453). * x86/tdx: Expand __tdx_hypercall() to handle more arguments (bsc#1206453). * x86/tdx: Fix typo in comment in __tdx_hypercall() (bsc#1206453). * x86/tdx: Refactor __tdx_hypercall() to allow pass down more arguments (bsc#1206453). * xfs: fix sb write verify for lazysbcount (bsc#1214661). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3971=1 openSUSE-SLE-15.5-2023-3971=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-3971=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3971=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3971=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-3971=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-3971=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2023-3971=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-3971=1 ## Package List: * openSUSE Leap 15.5 (noarch nosrc) * kernel-docs-5.14.21-150500.55.28.1 * openSUSE Leap 15.5 (noarch) * kernel-macros-5.14.21-150500.55.28.1 * kernel-source-5.14.21-150500.55.28.1 * kernel-source-vanilla-5.14.21-150500.55.28.1 * kernel-devel-5.14.21-150500.55.28.1 * kernel-docs-html-5.14.21-150500.55.28.1 * openSUSE Leap 15.5 (nosrc ppc64le x86_64) * kernel-debug-5.14.21-150500.55.28.1 * openSUSE Leap 15.5 (ppc64le x86_64) * kernel-debug-devel-5.14.21-150500.55.28.1 * kernel-debug-devel-debuginfo-5.14.21-150500.55.28.1 * kernel-debug-debugsource-5.14.21-150500.55.28.1 * kernel-debug-debuginfo-5.14.21-150500.55.28.1 * kernel-debug-livepatch-devel-5.14.21-150500.55.28.1 * openSUSE Leap 15.5 (x86_64) * kernel-default-vdso-5.14.21-150500.55.28.1 * kernel-debug-vdso-debuginfo-5.14.21-150500.55.28.1 * kernel-kvmsmall-vdso-5.14.21-150500.55.28.1 * kernel-debug-vdso-5.14.21-150500.55.28.1 * kernel-kvmsmall-vdso-debuginfo-5.14.21-150500.55.28.1 * kernel-default-vdso-debuginfo-5.14.21-150500.55.28.1 * openSUSE Leap 15.5 (aarch64 ppc64le x86_64) * kernel-kvmsmall-devel-debuginfo-5.14.21-150500.55.28.1 * kernel-kvmsmall-livepatch-devel-5.14.21-150500.55.28.1 * kernel-kvmsmall-devel-5.14.21-150500.55.28.1 * kernel-default-base-rebuild-5.14.21-150500.55.28.1.150500.6.11.2 * kernel-default-base-5.14.21-150500.55.28.1.150500.6.11.2 * kernel-kvmsmall-debuginfo-5.14.21-150500.55.28.1 * kernel-kvmsmall-debugsource-5.14.21-150500.55.28.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-5.14.21-150500.55.28.1 * ocfs2-kmp-default-5.14.21-150500.55.28.1 * kernel-default-devel-debuginfo-5.14.21-150500.55.28.1 * kernel-default-livepatch-5.14.21-150500.55.28.1 * dlm-kmp-default-5.14.21-150500.55.28.1 * kernel-obs-qa-5.14.21-150500.55.28.1 * kernel-syms-5.14.21-150500.55.28.1 * kernel-default-debuginfo-5.14.21-150500.55.28.1 * cluster-md-kmp-default-debuginfo-5.14.21-150500.55.28.1 * reiserfs-kmp-default-debuginfo-5.14.21-150500.55.28.1 * kernel-default-livepatch-devel-5.14.21-150500.55.28.1 * kernel-default-extra-5.14.21-150500.55.28.1 * reiserfs-kmp-default-5.14.21-150500.55.28.1 * kernel-default-optional-5.14.21-150500.55.28.1 * kernel-default-extra-debuginfo-5.14.21-150500.55.28.1 * kernel-obs-build-debugsource-5.14.21-150500.55.28.1 * gfs2-kmp-default-5.14.21-150500.55.28.1 * ocfs2-kmp-default-debuginfo-5.14.21-150500.55.28.1 * kernel-default-devel-5.14.21-150500.55.28.1 * kernel-default-optional-debuginfo-5.14.21-150500.55.28.1 * gfs2-kmp-default-debuginfo-5.14.21-150500.55.28.1 * kernel-default-debugsource-5.14.21-150500.55.28.1 * dlm-kmp-default-debuginfo-5.14.21-150500.55.28.1 * cluster-md-kmp-default-5.14.21-150500.55.28.1 * kselftests-kmp-default-debuginfo-5.14.21-150500.55.28.1 * kselftests-kmp-default-5.14.21-150500.55.28.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150500.55.28.1 * openSUSE Leap 15.5 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-5.14.21-150500.55.28.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_28-default-debuginfo-1-150500.11.5.1 * kernel-livepatch-5_14_21-150500_55_28-default-1-150500.11.5.1 * kernel-livepatch-SLE15-SP5_Update_5-debugsource-1-150500.11.5.1 * openSUSE Leap 15.5 (nosrc s390x) * kernel-zfcpdump-5.14.21-150500.55.28.1 * openSUSE Leap 15.5 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150500.55.28.1 * kernel-zfcpdump-debuginfo-5.14.21-150500.55.28.1 * openSUSE Leap 15.5 (nosrc) * dtb-aarch64-5.14.21-150500.55.28.1 * openSUSE Leap 15.5 (aarch64) * dtb-amlogic-5.14.21-150500.55.28.1 * dtb-renesas-5.14.21-150500.55.28.1 * dtb-broadcom-5.14.21-150500.55.28.1 * dtb-freescale-5.14.21-150500.55.28.1 * cluster-md-kmp-64kb-5.14.21-150500.55.28.1 * kernel-64kb-optional-debuginfo-5.14.21-150500.55.28.1 * dlm-kmp-64kb-debuginfo-5.14.21-150500.55.28.1 * reiserfs-kmp-64kb-debuginfo-5.14.21-150500.55.28.1 * dtb-allwinner-5.14.21-150500.55.28.1 * cluster-md-kmp-64kb-debuginfo-5.14.21-150500.55.28.1 * ocfs2-kmp-64kb-debuginfo-5.14.21-150500.55.28.1 * kernel-64kb-livepatch-devel-5.14.21-150500.55.28.1 * gfs2-kmp-64kb-5.14.21-150500.55.28.1 * kernel-64kb-extra-5.14.21-150500.55.28.1 * kernel-64kb-optional-5.14.21-150500.55.28.1 * dtb-arm-5.14.21-150500.55.28.1 * dtb-mediatek-5.14.21-150500.55.28.1 * kernel-64kb-devel-debuginfo-5.14.21-150500.55.28.1 * dtb-altera-5.14.21-150500.55.28.1 * dtb-nvidia-5.14.21-150500.55.28.1 * dtb-marvell-5.14.21-150500.55.28.1 * kselftests-kmp-64kb-5.14.21-150500.55.28.1 * ocfs2-kmp-64kb-5.14.21-150500.55.28.1 * dtb-xilinx-5.14.21-150500.55.28.1 * dlm-kmp-64kb-5.14.21-150500.55.28.1 * kselftests-kmp-64kb-debuginfo-5.14.21-150500.55.28.1 * dtb-amazon-5.14.21-150500.55.28.1 * kernel-64kb-extra-debuginfo-5.14.21-150500.55.28.1 * dtb-hisilicon-5.14.21-150500.55.28.1 * dtb-exynos-5.14.21-150500.55.28.1 * dtb-cavium-5.14.21-150500.55.28.1 * kernel-64kb-debuginfo-5.14.21-150500.55.28.1 * reiserfs-kmp-64kb-5.14.21-150500.55.28.1 * kernel-64kb-devel-5.14.21-150500.55.28.1 * dtb-sprd-5.14.21-150500.55.28.1 * gfs2-kmp-64kb-debuginfo-5.14.21-150500.55.28.1 * dtb-amd-5.14.21-150500.55.28.1 * dtb-apm-5.14.21-150500.55.28.1 * dtb-socionext-5.14.21-150500.55.28.1 * dtb-lg-5.14.21-150500.55.28.1 * dtb-rockchip-5.14.21-150500.55.28.1 * dtb-apple-5.14.21-150500.55.28.1 * kernel-64kb-debugsource-5.14.21-150500.55.28.1 * dtb-qcom-5.14.21-150500.55.28.1 * openSUSE Leap 15.5 (aarch64 nosrc) * kernel-64kb-5.14.21-150500.55.28.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150500.55.28.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 x86_64) * kernel-default-base-5.14.21-150500.55.28.1.150500.6.11.2 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150500.55.28.1 * kernel-default-debugsource-5.14.21-150500.55.28.1 * Basesystem Module 15-SP5 (aarch64 nosrc) * kernel-64kb-5.14.21-150500.55.28.1 * Basesystem Module 15-SP5 (aarch64) * kernel-64kb-debugsource-5.14.21-150500.55.28.1 * kernel-64kb-debuginfo-5.14.21-150500.55.28.1 * kernel-64kb-devel-5.14.21-150500.55.28.1 * kernel-64kb-devel-debuginfo-5.14.21-150500.55.28.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150500.55.28.1 * Basesystem Module 15-SP5 (aarch64 ppc64le x86_64) * kernel-default-base-5.14.21-150500.55.28.1.150500.6.11.2 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * kernel-default-debuginfo-5.14.21-150500.55.28.1 * kernel-default-debugsource-5.14.21-150500.55.28.1 * kernel-default-devel-debuginfo-5.14.21-150500.55.28.1 * kernel-default-devel-5.14.21-150500.55.28.1 * Basesystem Module 15-SP5 (noarch) * kernel-macros-5.14.21-150500.55.28.1 * kernel-devel-5.14.21-150500.55.28.1 * Basesystem Module 15-SP5 (nosrc s390x) * kernel-zfcpdump-5.14.21-150500.55.28.1 * Basesystem Module 15-SP5 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150500.55.28.1 * kernel-zfcpdump-debuginfo-5.14.21-150500.55.28.1 * Development Tools Module 15-SP5 (noarch nosrc) * kernel-docs-5.14.21-150500.55.28.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-5.14.21-150500.55.28.1 * kernel-syms-5.14.21-150500.55.28.1 * kernel-obs-build-debugsource-5.14.21-150500.55.28.1 * Development Tools Module 15-SP5 (noarch) * kernel-source-5.14.21-150500.55.28.1 * Legacy Module 15-SP5 (nosrc) * kernel-default-5.14.21-150500.55.28.1 * Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) * reiserfs-kmp-default-5.14.21-150500.55.28.1 * kernel-default-debuginfo-5.14.21-150500.55.28.1 * kernel-default-debugsource-5.14.21-150500.55.28.1 * reiserfs-kmp-default-debuginfo-5.14.21-150500.55.28.1 * SUSE Linux Enterprise Live Patching 15-SP5 (nosrc) * kernel-default-5.14.21-150500.55.28.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-default-livepatch-devel-5.14.21-150500.55.28.1 * kernel-default-debugsource-5.14.21-150500.55.28.1 * kernel-default-livepatch-5.14.21-150500.55.28.1 * kernel-default-debuginfo-5.14.21-150500.55.28.1 * kernel-livepatch-5_14_21-150500_55_28-default-1-150500.11.5.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * gfs2-kmp-default-5.14.21-150500.55.28.1 * ocfs2-kmp-default-debuginfo-5.14.21-150500.55.28.1 * ocfs2-kmp-default-5.14.21-150500.55.28.1 * gfs2-kmp-default-debuginfo-5.14.21-150500.55.28.1 * kernel-default-debugsource-5.14.21-150500.55.28.1 * dlm-kmp-default-debuginfo-5.14.21-150500.55.28.1 * cluster-md-kmp-default-5.14.21-150500.55.28.1 * dlm-kmp-default-5.14.21-150500.55.28.1 * kernel-default-debuginfo-5.14.21-150500.55.28.1 * cluster-md-kmp-default-debuginfo-5.14.21-150500.55.28.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (nosrc) * kernel-default-5.14.21-150500.55.28.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (nosrc) * kernel-default-5.14.21-150500.55.28.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * kernel-default-extra-debuginfo-5.14.21-150500.55.28.1 * kernel-default-debuginfo-5.14.21-150500.55.28.1 * kernel-default-debugsource-5.14.21-150500.55.28.1 * kernel-default-extra-5.14.21-150500.55.28.1 ## References: * https://www.suse.com/security/cve/CVE-2022-38457.html * https://www.suse.com/security/cve/CVE-2022-40133.html * https://www.suse.com/security/cve/CVE-2023-2007.html * https://www.suse.com/security/cve/CVE-2023-20588.html * https://www.suse.com/security/cve/CVE-2023-34319.html * https://www.suse.com/security/cve/CVE-2023-3610.html * https://www.suse.com/security/cve/CVE-2023-37453.html * https://www.suse.com/security/cve/CVE-2023-3772.html * https://www.suse.com/security/cve/CVE-2023-3863.html * https://www.suse.com/security/cve/CVE-2023-40283.html * https://www.suse.com/security/cve/CVE-2023-4128.html * https://www.suse.com/security/cve/CVE-2023-4133.html * https://www.suse.com/security/cve/CVE-2023-4134.html * https://www.suse.com/security/cve/CVE-2023-4147.html * https://www.suse.com/security/cve/CVE-2023-4194.html * https://www.suse.com/security/cve/CVE-2023-4273.html * https://www.suse.com/security/cve/CVE-2023-4387.html * https://www.suse.com/security/cve/CVE-2023-4459.html * https://www.suse.com/security/cve/CVE-2023-4563.html * https://www.suse.com/security/cve/CVE-2023-4569.html * https://bugzilla.suse.com/show_bug.cgi?id=1023051 * https://bugzilla.suse.com/show_bug.cgi?id=1120059 * https://bugzilla.suse.com/show_bug.cgi?id=1177719 * https://bugzilla.suse.com/show_bug.cgi?id=1188885 * https://bugzilla.suse.com/show_bug.cgi?id=1193629 * https://bugzilla.suse.com/show_bug.cgi?id=1194869 * https://bugzilla.suse.com/show_bug.cgi?id=1203329 * https://bugzilla.suse.com/show_bug.cgi?id=1203330 * https://bugzilla.suse.com/show_bug.cgi?id=1205462 * https://bugzilla.suse.com/show_bug.cgi?id=1206453 * https://bugzilla.suse.com/show_bug.cgi?id=1208902 * https://bugzilla.suse.com/show_bug.cgi?id=1208949 * https://bugzilla.suse.com/show_bug.cgi?id=1209284 * https://bugzilla.suse.com/show_bug.cgi?id=1209799 * https://bugzilla.suse.com/show_bug.cgi?id=1210048 * https://bugzilla.suse.com/show_bug.cgi?id=1210448 * https://bugzilla.suse.com/show_bug.cgi?id=1211220 * https://bugzilla.suse.com/show_bug.cgi?id=1212091 * https://bugzilla.suse.com/show_bug.cgi?id=1212142 * https://bugzilla.suse.com/show_bug.cgi?id=1212423 * https://bugzilla.suse.com/show_bug.cgi?id=1212526 * https://bugzilla.suse.com/show_bug.cgi?id=1212857 * https://bugzilla.suse.com/show_bug.cgi?id=1212873 * https://bugzilla.suse.com/show_bug.cgi?id=1213026 * https://bugzilla.suse.com/show_bug.cgi?id=1213123 * https://bugzilla.suse.com/show_bug.cgi?id=1213546 * https://bugzilla.suse.com/show_bug.cgi?id=1213580 * https://bugzilla.suse.com/show_bug.cgi?id=1213601 * https://bugzilla.suse.com/show_bug.cgi?id=1213666 * https://bugzilla.suse.com/show_bug.cgi?id=1213733 * https://bugzilla.suse.com/show_bug.cgi?id=1213757 * https://bugzilla.suse.com/show_bug.cgi?id=1213759 * https://bugzilla.suse.com/show_bug.cgi?id=1213916 * https://bugzilla.suse.com/show_bug.cgi?id=1213921 * https://bugzilla.suse.com/show_bug.cgi?id=1213927 * https://bugzilla.suse.com/show_bug.cgi?id=1213946 * https://bugzilla.suse.com/show_bug.cgi?id=1213949 * https://bugzilla.suse.com/show_bug.cgi?id=1213968 * https://bugzilla.suse.com/show_bug.cgi?id=1213970 * https://bugzilla.suse.com/show_bug.cgi?id=1213971 * https://bugzilla.suse.com/show_bug.cgi?id=1214000 * https://bugzilla.suse.com/show_bug.cgi?id=1214019 * https://bugzilla.suse.com/show_bug.cgi?id=1214073 * https://bugzilla.suse.com/show_bug.cgi?id=1214120 * https://bugzilla.suse.com/show_bug.cgi?id=1214149 * https://bugzilla.suse.com/show_bug.cgi?id=1214180 * https://bugzilla.suse.com/show_bug.cgi?id=1214233 * https://bugzilla.suse.com/show_bug.cgi?id=1214238 * https://bugzilla.suse.com/show_bug.cgi?id=1214285 * https://bugzilla.suse.com/show_bug.cgi?id=1214297 * https://bugzilla.suse.com/show_bug.cgi?id=1214299 * https://bugzilla.suse.com/show_bug.cgi?id=1214305 * https://bugzilla.suse.com/show_bug.cgi?id=1214350 * https://bugzilla.suse.com/show_bug.cgi?id=1214368 * https://bugzilla.suse.com/show_bug.cgi?id=1214370 * https://bugzilla.suse.com/show_bug.cgi?id=1214371 * https://bugzilla.suse.com/show_bug.cgi?id=1214372 * https://bugzilla.suse.com/show_bug.cgi?id=1214380 * https://bugzilla.suse.com/show_bug.cgi?id=1214386 * https://bugzilla.suse.com/show_bug.cgi?id=1214392 * https://bugzilla.suse.com/show_bug.cgi?id=1214393 * https://bugzilla.suse.com/show_bug.cgi?id=1214397 * https://bugzilla.suse.com/show_bug.cgi?id=1214404 * https://bugzilla.suse.com/show_bug.cgi?id=1214428 * https://bugzilla.suse.com/show_bug.cgi?id=1214451 * https://bugzilla.suse.com/show_bug.cgi?id=1214635 * https://bugzilla.suse.com/show_bug.cgi?id=1214659 * https://bugzilla.suse.com/show_bug.cgi?id=1214661 * https://bugzilla.suse.com/show_bug.cgi?id=1214727 * https://bugzilla.suse.com/show_bug.cgi?id=1214729 * https://bugzilla.suse.com/show_bug.cgi?id=1214742 * https://bugzilla.suse.com/show_bug.cgi?id=1214743 * https://bugzilla.suse.com/show_bug.cgi?id=1214756 * https://bugzilla.suse.com/show_bug.cgi?id=1214976 * https://bugzilla.suse.com/show_bug.cgi?id=1215522 * https://bugzilla.suse.com/show_bug.cgi?id=1215523 * https://bugzilla.suse.com/show_bug.cgi?id=1215552 * https://bugzilla.suse.com/show_bug.cgi?id=1215553 * https://jira.suse.com/browse/PED-3924 * https://jira.suse.com/browse/PED-4579 * https://jira.suse.com/browse/PED-4759 * https://jira.suse.com/browse/PED-4927 * https://jira.suse.com/browse/PED-4929 * https://jira.suse.com/browse/PED-5738 * https://jira.suse.com/browse/PED-6003 * https://jira.suse.com/browse/PED-6004 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 4 16:30:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 04 Oct 2023 16:30:35 -0000 Subject: SUSE-RU-2023:3970-1: moderate: Recommended update for dracut Message-ID: <169643703568.1900.4431070798814589713@smelt2.prg2.suse.org> # Recommended update for dracut Announcement ID: SUSE-RU-2023:3970-1 Rating: moderate References: * #1215578 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one fix can now be installed. ## Description: This update for dracut fixes the following issues: * Honor nvme-cli's /etc/nvme/config.json in NVMe/TCP (bsc#1215578) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3970=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3970=1 openSUSE-SLE-15.5-2023-3970=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-3970=1 ## Package List: * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * dracut-ima-055+suse.371.g5237e44a-150500.3.12.1 * dracut-fips-055+suse.371.g5237e44a-150500.3.12.1 * dracut-mkinitrd-deprecated-055+suse.371.g5237e44a-150500.3.12.1 * dracut-debugsource-055+suse.371.g5237e44a-150500.3.12.1 * dracut-055+suse.371.g5237e44a-150500.3.12.1 * dracut-debuginfo-055+suse.371.g5237e44a-150500.3.12.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * dracut-extra-055+suse.371.g5237e44a-150500.3.12.1 * dracut-ima-055+suse.371.g5237e44a-150500.3.12.1 * dracut-tools-055+suse.371.g5237e44a-150500.3.12.1 * dracut-fips-055+suse.371.g5237e44a-150500.3.12.1 * dracut-mkinitrd-deprecated-055+suse.371.g5237e44a-150500.3.12.1 * dracut-debugsource-055+suse.371.g5237e44a-150500.3.12.1 * dracut-055+suse.371.g5237e44a-150500.3.12.1 * dracut-debuginfo-055+suse.371.g5237e44a-150500.3.12.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * dracut-debugsource-055+suse.371.g5237e44a-150500.3.12.1 * dracut-055+suse.371.g5237e44a-150500.3.12.1 * dracut-fips-055+suse.371.g5237e44a-150500.3.12.1 * dracut-debuginfo-055+suse.371.g5237e44a-150500.3.12.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215578 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 4 16:30:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 04 Oct 2023 16:30:57 -0000 Subject: SUSE-SU-2023:3969-1: important: Security update for the Linux Kernel Message-ID: <169643705702.1900.11094443298611514470@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:3969-1 Rating: important References: * #1023051 * #1120059 * #1177719 * #1188885 * #1193629 * #1194869 * #1205462 * #1208902 * #1208949 * #1209284 * #1209799 * #1210048 * #1210448 * #1212091 * #1212142 * #1212526 * #1212857 * #1212873 * #1213026 * #1213123 * #1213546 * #1213580 * #1213601 * #1213666 * #1213757 * #1213759 * #1213916 * #1213921 * #1213927 * #1213946 * #1213968 * #1213970 * #1213971 * #1214000 * #1214019 * #1214120 * #1214149 * #1214180 * #1214238 * #1214285 * #1214297 * #1214299 * #1214350 * #1214368 * #1214370 * #1214371 * #1214372 * #1214380 * #1214386 * #1214392 * #1214393 * #1214397 * #1214428 * #1214451 * #1214635 * #1214659 * #1214661 * #1214729 * #1214742 * #1214743 * #1214756 * #1215522 * #1215523 * #1215552 * #1215553 * PED-4579 * PED-4759 * PED-4927 * PED-4929 * PED-5738 * PED-6003 * PED-6004 Cross-References: * CVE-2023-2007 * CVE-2023-20588 * CVE-2023-34319 * CVE-2023-3610 * CVE-2023-37453 * CVE-2023-3772 * CVE-2023-3863 * CVE-2023-4128 * CVE-2023-4133 * CVE-2023-4134 * CVE-2023-4147 * CVE-2023-4194 * CVE-2023-4273 * CVE-2023-4387 * CVE-2023-4459 * CVE-2023-4569 CVSS scores: * CVE-2023-2007 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2007 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-20588 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20588 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-34319 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-34319 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3610 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3610 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-37453 ( SUSE ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-37453 ( NVD ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3772 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3772 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3863 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4128 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4128 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4133 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4133 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4134 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4147 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4147 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4194 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-4194 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2023-4273 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4273 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-4387 ( SUSE ): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4387 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-4459 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4569 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-4569 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP4 * Development Tools Module 15-SP4 * Legacy Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves 16 vulnerabilities, contains seven features and has 49 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448). * CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927). * CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546). * CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580). * CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123). * CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666). * CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). * CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149). * CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970). * CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971). * CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968). * CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019). * CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120). * CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350). * CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451). * CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c (bsc#1214729). The following non-security bugs were fixed: * Drop amdgpu patch causing spamming (bsc#1215523) * acpi: processor: perflib: avoid updating frequency qos unnecessarily (git- fixes). * acpi: processor: perflib: use the "no limit" frequency qos (git-fixes). * acpi: x86: s2idle: fix a logic error parsing amd constraints table (git- fixes). * alsa: ac97: fix possible error value of *rac97 (git-fixes). * alsa: hda/cs8409: support new dell dolphin variants (git-fixes). * alsa: hda/realtek - remodified 3k pull low procedure (git-fixes). * alsa: hda/realtek: add quirk for hp victus 16-d1xxx to enable mute led (git- fixes). * alsa: hda/realtek: add quirk for mute leds on hp envy x360 15-eu0xxx (git- fixes). * alsa: hda/realtek: add quirks for hp g11 laptops (git-fixes). * alsa: hda/realtek: switch dell oasis models to use spi (git-fixes). * alsa: pcm: fix missing fixup call in compat hw_refine ioctl (git-fixes). * alsa: usb-audio: add support for mythware xa001au capture and playback interfaces (git-fixes). * alsa: usb-audio: fix init call orders for uac1 (git-fixes). * alsa: ymfpci: fix the missing snd_card_free() call at probe error (git- fixes). * amba: bus: fix refcount leak (git-fixes). * arm64: dts: imx8mn-var-som: add missing pull-up for onboard phy reset pinmux (git-fixes). * arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (git-fixes). * arm64: dts: rockchip: disable hs400 for emmc on rock pi 4 (git-fixes). * arm: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix usb related warnings (git-fixes). * arm: dts: imx6sll: fixup of operating points (git-fixes). * arm: spear: do not use timer namespace for timer_shutdown() function (bsc#1213970). * asoc: lower "no backend dais enabled for ... port" log severity (git-fixes). * asoc: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes). * asoc: rt5665: add missed regulator_bulk_disable (git-fixes). * asoc: sof: intel: fix soundwire/hdaudio mutual exclusion (git-fixes). * asoc: stac9766: fix build errors with regmap_ac97 (git-fixes). * asoc: tegra: fix sfc conversion for few rates (git-fixes). * audit: fix possible soft lockup in __audit_inode_child() (git-fixes). * backlight/bd6107: compare against struct fb_info.device (git-fixes). * backlight/gpio_backlight: compare against struct fb_info.device (git-fixes). * backlight/lv5207lp: compare against struct fb_info.device (git-fixes). * batman-adv: do not get eth header before batadv_check_management_packet (git-fixes). * batman-adv: do not increase mtu when set by user (git-fixes). * batman-adv: fix batadv_v_ogm_aggr_send memory leak (git-fixes). * batman-adv: fix tt global entry leak when client roamed back (git-fixes). * batman-adv: trigger events for auto adjusted mtu (git-fixes). * bluetooth: btusb: add mt7922 bluetooth id for the asus ally (git-fixes). * bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git- fixes). * bluetooth: fix potential use-after-free when clear keys (git-fixes). * bluetooth: l2cap: fix use-after-free (git-fixes). * bluetooth: l2cap: fix use-after-free in l2cap_sock_ready_cb (git-fixes). * bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git- fixes). * bluetooth: remove unused declaration amp_read_loc_info() (git-fixes). * bnx2x: fix page fault following eeh recovery (bsc#1214299). * bpf: disable preemption in bpf_event_output (git-fixes). * bus: ti-sysc: fix build warning for 64-bit build (git-fixes). * bus: ti-sysc: fix cast to enum warning (git-fixes). * bus: ti-sysc: flush posted write on enable before reset (git-fixes). * can: gs_usb: gs_usb_receive_bulk_callback(): count rx overflow errors also in case of oom (git-fixes). * ceph: defer stopping mdsc delayed_work (bsc#1214392). * ceph: do not check for quotas on mds stray dirs (bsc#1214238). * ceph: never send metrics if disable_send_metrics is set (bsc#1214180). * check-for-config-changes: ignore builtin_return_address_strips_pac (bsc#1214380). gcc7 on sle 15 does not support this while later gcc does. * cifs: add missing return value check for cifs_sb_tlink (bsc#1193629). * cifs: allow dumping keys for directories too (bsc#1193629). * cifs: fix mid leak during reconnection after timeout threshold (git-fixes). * cifs: if deferred close is disabled then close files immediately (git- fixes). * cifs: is_network_name_deleted should return a bool (bsc#1193629). * cifs: update internal module version number for cifs.ko (bsc#1193629). * clk: fix slab-out-of-bounds error in devm_clk_release() (git-fixes). * clk: fix undefined reference to `clk_rate_exclusive_{get,put}' (git-fixes). * clk: imx8mp: fix sai4 clock (git-fixes). * clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op (git-fixes). * clk: imx: pll14xx: dynamically configure pll for 393216000/361267200hz (git- fixes). * clk: qcom: camcc-sc7180: fix async resume during probe (git-fixes). * clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (git-fixes). * clk: qcom: gcc-sc7180: fix up gcc_sdcc2_apps_clk_src (git-fixes). * clk: qcom: gcc-sm8250: fix gcc_sdcc2_apps_clk_src (git-fixes). * clk: sunxi-ng: modify mismatched function name (git-fixes). * clocksource/drivers/arm_arch_timer: do not use timer namespace for timer_shutdown() function (bsc#1213970). * clocksource/drivers/sp804: do not use timer namespace for timer_shutdown() function (bsc#1213970). * config_nvme_verbose_errors=y gone with a82baa8083b * config_printk_safe_log_buf_shift=13 gone with 7e152d55123 * cpu/smt: allow enabling partial smt states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/smt: create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/smt: move smt prototypes into cpu_smt.h (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/smt: move smt/control simple exit cases earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/smt: remove topology_smt_supported() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/smt: store the current/max number of threads (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpufreq: fix the race condition while updating the transition_task of policy (git-fixes). * cpufreq: intel_pstate: adjust balance_performance epp for sapphire rapids (bsc#1214659). * cpufreq: intel_pstate: enable hwp io boost for all servers (bsc#1208949 jsc#ped-6003 jsc#ped-6004). * cpufreq: intel_pstate: fix scaling for hybrid-capable systems with disabled e-cores (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). * cpufreq: intel_pstate: hybrid: rework hwp calibration (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). * cpufreq: intel_pstate: hybrid: use known scaling factor for p-cores (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). * cpufreq: intel_pstate: read all msrs on the target cpu (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). * created new preempt kernel flavor configs are cloned from the respective $arch/default configs. all changed configs appart from config_preempt->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. tree_rcu has been also changed to preempt_rcu which is the default implementation for preempt kernel. * crypto: caam - fix unchecked return value error (git-fixes). * crypto: stm32 - properly handle pm_runtime_get failing (git-fixes). * dma-buf/sw_sync: avoid recursive lock during fence signal (git-fixes). * dma-buf/sync_file: fix docs syntax (git-fixes). * dmaengine: idxd: modify the dependence of attribute pasid_enabled (git- fixes). * dmaengine: mcf-edma: fix a potential un-allocated memory access (git-fixes). * dmaengine: pl330: return dma_paused when transaction is paused (git-fixes). * dmaengine: ste_dma40: add missing irq check in d40_probe (git-fixes). * docs/process/howto: replace c89 with c11 (bsc#1214756). * docs: kernel-parameters: refer to the correct bitmap function (git-fixes). * docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx (git-fixes). * docs: printk-formats: fix hex printing of signed values (git-fixes). * documentation: devices.txt: fix minors for ttycpm* (git-fixes). * documentation: devices.txt: remove ttyioc* (git-fixes). * documentation: devices.txt: remove ttysioc* (git-fixes). * driver core: test_async: fix an error code (git-fixes). * drivers: clk: keystone: fix parameter judgment in _of_pll_clk_init() (git- fixes). * drivers: usb: smsusb: fix error handling code in smsusb_init_device (git- fixes). * drm/amd/display: check attr flag before set cursor degamma on dcn3+ (git- fixes). * drm/amd/display: check tg is non-null before checking if enabled (git- fixes). * drm/amd/display: do not wait for mpc idle if tg is disabled (git-fixes). * drm/amd/display: fix access hdcp_workqueue assert (git-fixes). * drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes). * drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes). * drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create() (git-fixes). * drm/amd: flush any delayed gfxoff on suspend entry (git-fixes). * drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() (git-fixes). * drm/amdgpu: fix potential fence use-after-free v2 (git-fixes). * drm/amdgpu: install stub fence into potential unused fence pointers (git- fixes). * drm/amdgpu: use rmw accessors for changing lnkctl (git-fixes). * drm/armada: fix off-by-one error in armada_overlay_get_property() (git- fixes). * drm/ast: fix dram init on ast2200 (git-fixes). * drm/bridge: anx7625: drop device lock before drm_helper_hpd_irq_event() (git-fixes). * drm/bridge: fix -wunused-const-variable= warning (git-fixes). * drm/bridge: tc358764: fix debug print parameter order (git-fixes). * drm/etnaviv: fix dumping of active mmu context (git-fixes). * drm/mediatek: fix dereference before null check (git-fixes). * drm/mediatek: fix potential memory leak if vmap() fail (git-fixes). * drm/msm/a2xx: call adreno_gpu_init() earlier (git-fixes). * drm/msm/mdp5: do not leak some plane state (git-fixes). * drm/nouveau/disp: revert a null check inside nouveau_connector_get_modes (git-fixes). * drm/nouveau/gr: enable memory loads on helper invocation on all channels (git-fixes). * drm/panel: simple: add missing connector type and pixel format for auo t215hvn01 (git-fixes). * drm/panel: simple: fix auo g121ean01 panel timings according to the docs (git-fixes). * drm/qxl: fix uaf on handle creation (git-fixes). * drm/radeon: use rmw accessors for changing lnkctl (git-fixes). * drm/rockchip: do not spam logs in atomic check (git-fixes). * drm/shmem-helper: reset vma->vm_ops before calling dma_buf_mmap() (git- fixes). * drm/tegra: dpaux: fix incorrect return value of platform_get_irq (git- fixes). * drm/ttm: check null pointer before accessing when swapping (git-fixes). * drm/ttm: never consider pinned bos for eviction&swap (git-fixes). * drm/vmwgfx: fix shader stage validation (git-fixes). * drm: xlnx: zynqmp_dpsub: add missing check for dma_set_mask (git-fixes). * drop cfg80211 lock fix patches that caused a regression (bsc#1213757) * drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428) * dt-bindings: clock: xlnx,versal-clk: drop select:false (git-fixes). * dt-bindings: clocks: imx8mp: make sai4 a dummy clock (git-fixes). * dt-bindings: crypto: ti,sa2ul: make power-domains conditional (git-fixes). * e1000: fix typos in comments (jsc#ped-5738). * e1000: remove unnecessary use of kmap_atomic() (jsc#ped-5738). * e1000: switch to napi_build_skb() (jsc#ped-5738). * e1000: switch to napi_consume_skb() (jsc#ped-5738). * enable analog devices industrial ethernet phy driver (jsc#ped-4759) * exfat: fix unexpected eof while reading dir (bsc#1214000). * exfat: release s_lock before calling dir_emit() (bsc#1214000). * exfat_iterate(): do not open-code file_inode(file) (bsc#1214000). * fbdev/ep93xx-fb: do not assign to struct fb_info.dev (git-fixes). * fbdev: fix potential oob read in fast_imageblit() (git-fixes). * fbdev: fix sys_imageblit() for arbitrary image widths (git-fixes). * fbdev: improve performance of sys_imageblit() (git-fixes). * fbdev: mmp: fix value check in mmphw_probe() (git-fixes). * file: reinstate f_pos locking optimization for regular files (bsc#1213759). * firmware: arm_scmi: drop of node reference in the transport channel setup (git-fixes). * firmware: cs_dsp: fix new control name check (git-fixes). * firmware: meson_sm: fix to avoid potential null pointer dereference (git- fixes). * firmware: stratix10-svc: fix an null vs is_err() bug in probe (git-fixes). * fs/sysv: null check to prevent null-ptr-deref bug (git-fixes). * ftrace: fix possible warning on checking all pages used in ftrace_process_locs() (git-fixes). * gpio: mvebu: fix irq domain leak (git-fixes). * gpio: mvebu: make use of devm_pwmchip_add (git-fixes). * gpio: tps68470: make tps68470_gpio_output() always set the initial value (git-fixes). * hid: add quirk for 03f0:464a hp elite presenter mouse (git-fixes). * hid: logitech-dj: fix error handling in logi_dj_recv_switch_to_dj_mode() (git-fixes). * hid: logitech-hidpp: add usb and bluetooth ids for the logitech g915 tkl keyboard (git-fixes). * hid: multitouch: correct devm device reference for hidinput input_dev name (git-fixes). * hid: wacom: remove the battery when the ekr is off (git-fixes). * hwmon: (pmbus/bel-pfe) enable pmbus_skip_status_check for pfe1100 (git- fixes). * hwmon: (tmp513) fix the channel number in tmp51x_is_visible() (git-fixes). * hwpoison: offline support: fix spelling in documentation/abi/ (git-fixes). * hwrng: iproc-rng200 - implement suspend and resume calls (git-fixes). * hwrng: nomadik - keep clock enabled while hwrng is registered (git-fixes). * hwrng: pic32 - use devm_clk_get_enabled (git-fixes). * i2c: bcm-iproc: fix bcm_iproc_i2c_isr deadlock issue (git-fixes). * i2c: designware: correct length byte validation logic (git-fixes). * i2c: designware: handle invalid smbus block data response length value (git- fixes). * i2c: hisi: only handle the interrupt of the driver's transfer (git-fixes). * i2c: improve size determinations (git-fixes). * i2c: nomadik: remove a useless call in the remove function (git-fixes). * i2c: nomadik: remove unnecessary goto label (git-fixes). * i2c: nomadik: use devm_clk_get_enabled() (git-fixes). * i40e: fix an null vs is_err() bug for debugfs_create_dir() (git-fixes). * iavf: fix potential races for fdir filters (git-fixes). * ib/hfi1: fix possible panic during hotplug remove (git-fixes) * ib/uverbs: fix an potential error pointer dereference (git-fixes) * ice: fix max_rate check while configuring tx rate limits (git-fixes). * ice: fix memory management in ice_ethtool_fdir.c (git-fixes). * ice: fix rdma vsi removal during queue rebuild (git-fixes). * iio: adc: ina2xx: avoid null pointer dereference on of device match (git- fixes). * iio: adc: stx104: implement and utilize register structures (git-fixes). * iio: adc: stx104: utilize iomap interface (git-fixes). * iio: cros_ec: fix the allocation size for cros_ec_command (git-fixes). * input: exc3000 - properly stop timer on shutdown (git-fixes). * intel/e1000:fix repeated words in comments (jsc#ped-5738). * intel: remove unused macros (jsc#ped-5738). * iommu/amd: add pci segment support for ivrs_ commands (git-fixes). * iommu/amd: fix compile warning in init code (git-fixes). * iommu/amd: fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (git-fixes). * iommu/amd: fix ivrs_acpihid cmdline parsing code (git-fixes). * iommu/amd: fix pci device refcount leak in ppr_notifier() (git-fixes). * iommu/amd: use full 64-bit value in build_completion_wait() (git-fixes). * iommu/arm-smmu-v3: check return value after calling platform_get_resource() (git-fixes). * iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes). * iommu/arm-smmu-v3: make default domain type of hisilicon ptt device to identity (git-fixes). * iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (git- fixes). * iommu/dart: initialize dart_streams_enable (git-fixes). * iommu/dma: fix incorrect error return on iommu deferred attach (git-fixes). * iommu/dma: fix iova map result check bug (git-fixes). * iommu/dma: return error code from iommu_dma_map_sg() (git-fixes). * iommu/fsl_pamu: fix resource leak in fsl_pamu_probe() (git-fixes). * iommu/io-pgtable-arm-v7s: add a quirk to allow pgtable pa up to 35bit (git- fixes). * iommu/iova: fix module config properly (git-fixes). * iommu/omap: fix buffer overflow in debugfs (git-fixes). * iommu/rockchip: fix permission bits in page table entries v2 (git-fixes). * iommu/sun50i: consider all fault sources for reset (git-fixes). * iommu/sun50i: fix flush size (git-fixes). * iommu/sun50i: fix r/w permission check (git-fixes). * iommu/sun50i: fix reset release (git-fixes). * iommu/sun50i: implement .iotlb_sync_map (git-fixes). * iommu/sun50i: remove iommu_domain_identity (git-fixes). * iommu/vt-d: add rpls to quirk list to skip te disabling (git-fixes). * iommu/vt-d: check correct capability for sagaw determination (git-fixes). * iommu/vt-d: clean up si_domain in the init_dmars() error path (git-fixes). * iommu/vt-d: correctly calculate sagaw value of iommu (git-fixes). * iommu/vt-d: fix kdump kernels boot failure with scalable mode (git-fixes). * iommu/vt-d: fix pci device refcount leak in dmar_dev_scope_init() (git- fixes). * iommu/vt-d: fix pci device refcount leak in has_external_pci() (git-fixes). * iommu/vt-d: preset access bit for iova in fl non-leaf paging entries (git- fixes). * iommu/vt-d: set sre bit only when hardware has srs cap (git-fixes). * ipmi:ssif: add check for kstrdup (git-fixes). * ipmi:ssif: fix a memory leak when scanning for an adapter (git-fixes). * ipmi_si: fix a memleak in try_smi_init() (git-fixes). * jffs2: correct logic when creating a hole in jffs2_write_begin (git-fixes). * kabi/severities: ignore newly added srso mitigation functions * kabi: allow extra bugsints (bsc#1213927). * kbuild: add -wno-shift-negative-value where -wextra is used (bsc#1214756). * kbuild: move to -std=gnu11 (bsc#1214756). * kernel-binary: common dependencies cleanup common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there. * kernel-binary: drop code for kerntypes support kerntypes was a suse-specific feature dropped before sle 12. * kunit: make kunit_test_timeout compatible with comment (git-fixes). * kvm: s390: fix sthyi error handling (git-fixes bsc#1214370). * leds: fix bug_on check for led_color_id_multi that is always false (git- fixes). * leds: multicolor: use rounded division when calculating color components (git-fixes). * leds: pwm: fix error code in led_pwm_create_fwnode() (git-fixes). * leds: trigger: tty: do not use led_on/off constants, use led_blink_set_oneshot instead (git-fixes). * leds: turris-omnia: drop unnecessary mutex locking (git-fixes). * lib/test_meminit: allocate pages up to order max_order (git-fixes). * lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test (git-fixes). * libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393). * md/raid0: factor out helper for mapping and submitting a bio (bsc#1213916). * md/raid0: fix performance regression for large sequential writes (bsc#1213916). * media: ad5820: drop unsupported ad5823 from i2c_ and of_device_id tables (git-fixes). * media: cx24120: add retval check for cx24120_message_send() (git-fixes). * media: dib7000p: fix potential division by zero (git-fixes). * media: dvb-usb: m920x: fix a potential memory leak in m920x_i2c_xfer() (git- fixes). * media: go7007: remove redundant if statement (git-fixes). * media: i2c: ccs: check rules is non-null (git-fixes). * media: i2c: rdacm21: fix uninitialized value (git-fixes). * media: i2c: tvp5150: check return value of devm_kasprintf() (git-fixes). * media: ov2680: add ov2680_fill_format() helper function (git-fixes). * media: ov2680: do not take the lock for try_fmt calls (git-fixes). * media: ov2680: fix ov2680_bayer_order() (git-fixes). * media: ov2680: fix ov2680_set_fmt() which == v4l2_subdev_format_try not working (git-fixes). * media: ov2680: fix regulators being left enabled on ov2680_power_on() errors (git-fixes). * media: ov2680: fix vflip / hflip set functions (git-fixes). * media: ov2680: remove video_v4l2_subdev_api ifdef-s (git-fixes). * media: ov5640: enable mipi interface in ov5640_set_power_mipi() (git-fixes). * media: rkvdec: increase max supported height for h.264 (git-fixes). * media: v4l2-core: fix a potential resource leak in v4l2_fwnode_parse_link() (git-fixes). * media: v4l2-mem2mem: add lock to protect parameter num_rdy (git-fixes). * media: venus: hfi_venus: only consider sys_idle_indicator on v1 (git-fixes). * media: venus: hfi_venus: write to vidc_ctrl_init after unmasking interrupts (git-fixes). * misc: rtsx: judge aspm mode to set petxcfg reg (git-fixes). * mkspec: allow unsupported kmps (bsc#1214386) * mlxsw: pci: add shutdown method in pci driver (git-fixes). * mmc: block: fix in_flight[issue_type] value error (git-fixes). * mmc: moxart: read scr register without changing byte order (git-fixes). * mmc: wbsd: fix double mmc_free_host() in wbsd_init() (git-fixes). * module: avoid allocation if module is already present and ready (bsc#1213921). * module: extract patient module check into helper (bsc#1213921). * module: move check_modinfo() early to early_mod_check() (bsc#1213921). * module: move early sanity checks into a helper (bsc#1213921). * move upstreamed hid patch into sorted section * move upstreamed powerpc patches into sorted section * mtd: rawnand: brcmnand: fix crash during the panic_write (git-fixes). * mtd: rawnand: brcmnand: fix mtd oobsize (git-fixes). * mtd: rawnand: brcmnand: fix potential false time out warning (git-fixes). * mtd: rawnand: brcmnand: fix potential out-of-bounds access in oob write (git-fixes). * mtd: rawnand: fsl_upm: fix an off-by one test in fun_exec_op() (git-fixes). * mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() (git- fixes). * mtd: rawnand: omap_elm: fix incorrect type in assignment (git-fixes). * mtd: rawnand: rockchip: align hwecc vs. raw page helper layouts (git-fixes). * mtd: rawnand: rockchip: fix oobfree offset and description (git-fixes). * mtd: spi-nor: check bus width while setting qe bit (git-fixes). * mtd: spinand: toshiba: fix ecc_get_status (git-fixes). * n_tty: rename tail to old_tail in n_tty_read() (git-fixes). * net: hns3: fix wrong bw weight of disabled tc issue (git-fixes). * net: ieee802154: at86rf230: stop leaking skb's (git-fixes). * net: mana: fix mana vf unload when hardware is unresponsive (git-fixes). * net: phy: at803x: remove set/get wol callbacks for ar8032 (git-fixes). * net: phy: broadcom: stub c45 read/write for 54810 (git-fixes). * net: phy: fix irq-based wake-on-lan over hibernate / power off (git-fixes). * net: usb: lan78xx: reorder cleanup operations to avoid uaf bugs (git-fixes). * net: usbnet: fix warning in usbnet_start_xmit/usb_submit_urb (git-fixes). * netfs: fix lockdep warning from taking sb_writers whilst holding mmap_lock (bsc#1214742). * netfs: fix missing xas_retry() calls in xarray iteration (bsc#1213946). * netfs: fix parameter of cleanup() (bsc#1214743). * nfsd: remove incorrect check in nfsd4_validate_stateid (git-fixes). * nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (git- fixes). * nilfs2: fix warning in mark_buffer_dirty due to discarded buffer reuse (git- fixes). * nvme-rdma: fix potential unbalanced freeze & unfreeze (bsc#1208902). * nvme-tcp: fix potential unbalanced freeze & unfreeze (bsc#1208902). * objtool/x86: fix srso mess (git-fixes). * objtool/x86: fixup frame-pointer vs rethunk (git-fixes). * objtool: union instruction::{call_dest,jump_table} (git-fixes). * old-flavors: drop 2.6 kernels. 2.6 based kernels are eol, upgrading from them is no longer suported. * pci/aspm: avoid link retraining race (git-fixes). * pci/aspm: factor out pcie_wait_for_retrain() (git-fixes). * pci/aspm: return 0 or -etimedout from pcie_retrain_link() (git-fixes). * pci: acpiphp: reassign resources on bridge if necessary (git-fixes). * pci: acpiphp: use pci_assign_unassigned_bridge_resources() only for non-root bus (git-fixes). * pci: mark nvidia t4 gpus to avoid bus reset (git-fixes). * pci: meson: remove cast between incompatible function type (git-fixes). * pci: microchip: correct the ded and sec interrupt bit offsets (git-fixes). * pci: microchip: remove cast between incompatible function type (git-fixes). * pci: pciehp: use rmw accessors for changing lnkctl (git-fixes). * pci: rockchip: remove writes to unused registers (git-fixes). * pci: s390: fix use-after-free of pci resources with per-function hotplug (git-fixes). * pci: tegra194: fix possible array out of bounds access (git-fixes). * pcmcia: rsrc_nonstatic: fix memory leak in nonstatic_release_resource_db() (git-fixes). * phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write (git- fixes). * phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate (git- fixes). * phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 (git-fixes). * phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend (git-fixes). * phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes). * phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc (git-fixes). * phy: qcom-snps: use dev_err_probe() to simplify code (git-fixes). * pinctrl: cherryview: fix address_space_handler() argument (git-fixes). * pinctrl: mcp23s08: check return value of devm_kasprintf() (git-fixes). * pinctrl: renesas: rza2: add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function} (git-fixes). * platform/x86: dell-sysman: fix reference leak (git-fixes). * pm / devfreq: fix leak in devfreq_dev_release() (git-fixes). * powerpc/64e: fix kexec build error (bsc#1212091 ltc#199106). * powerpc/iommu: do not set failed sg dma_address to dma_mapping_error (bsc#1212091 ltc#199106). * powerpc/iommu: fix iommu_table_in_use for a small default dma window case (bsc#1212091 ltc#199106). * powerpc/iommu: incorrect ddw table is referenced for sr-iov device (bsc#1212091 ltc#199106). * powerpc/iommu: return error code from .map_sg() ops (bsc#1212091 ltc#199106). * powerpc/iommu: tces are incorrectly manipulated with dlpar add/remove of memory (bsc#1212091 ltc#199106). * powerpc/kernel/iommu: add new iommu_table_in_use() helper (bsc#1212091 ltc#199106). * powerpc/kexec: fix build failure from uninitialised variable (bsc#1212091 ltc#199106). * powerpc/mm/altmap: fix altmap boundary check (bsc#1120059 git-fixes). * powerpc/pseries/ddw: do not try direct mapping with persistent memory and one window (bsc#1212091 ltc#199106). * powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: add ddw_list_new_entry() helper (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: add ddw_property_create() and refactor enable_ddw() (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: add iommu_pseries_alloc_table() helper (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: add of_node_put() before break (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: allow ddw windows starting at 0x00 (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: check if the default window in use before removing it (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: create huge dma window if no mmio32 is present (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: find existing ddw with given property name (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: make use of ddw for indirect mapping (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: print ibm,query-pe-dma-windows parameters (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: rename "direct window" to "dma window" (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: reorganize iommu_table_setparms*() with new helper (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: replace hard-coded page shift (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: update remove_dma_window() to accept property name (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: use correct vfree for it_map (bsc#1212091 ltc#199106). * powerpc/pseries: add __init attribute to eligible functions (bsc#1212091 ltc#199106). * powerpc/pseries: honour current smt state when dlpar onlining cpus (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * powerpc/pseries: initialise cpu hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * powerpc/rtas: block error injection when locked down (bsc#1023051). * powerpc/rtas: enture rtas_call is called with mmu enabled (bsc#1023051). * powerpc/rtas_flash: allow user copy to flash block cache objects (bsc#1194869). * powerpc/security: fix speculation_store_bypass reporting on power10 (bsc#1188885 ltc#193722 git-fixes). * powerpc: add hotplug_smt support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). update config files. * powerpc: fix typos in comments (bsc#1212091 ltc#199106). * powerpc: move dma64_propname define to a header (bsc#1214297 ltc#197503). * pseries/iommu/ddw: fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503). * pstore/ram: check start of empty przs during init (git-fixes). * pwm: add a stub for devm_pwmchip_add() (git-fixes). * pwm: meson: fix handling of period/duty if greater than uint_max (git- fixes). * pwm: meson: simplify duplicated per-channel tracking (git-fixes). * qed: fix scheduling in a tasklet while getting stats (git-fixes). * rdma/bnxt_re: fix error handling in probe failure path (git-fixes) * rdma/bnxt_re: fix max_qp count for virtual functions (git-fixes) * rdma/efa: fix wrong resources deallocation order (git-fixes) * rdma/hns: fix cq and qp cache affinity (git-fixes) * rdma/hns: fix incorrect post-send with direct wqe of wr-list (git-fixes) * rdma/hns: fix port active speed (git-fixes) * rdma/irdma: prevent zero-length stag registration (git-fixes) * rdma/irdma: replace one-element array with flexible-array member (git-fixes) * rdma/mlx5: return the firmware result upon destroying qp/rq (git-fixes) * rdma/qedr: remove a duplicate assignment in irdma_query_ah() (git-fixes) * rdma/siw: balance the reference of cep->kref in the error path (git-fixes) * rdma/siw: correct wrong debug message (git-fixes) * rdma/umem: set iova in odp flow (git-fixes) * readme.branch: add miroslav franc as a sle15-sp4 co-maintainer. * regmap: rbtree: use alloc_flags for memory allocations (git-fixes). * revert "ib/isert: fix incorrect release of isert connection" (git-fixes) * revert "tracing: add "(fault)" name injection to kernel probes" (git-fixes). * ring-buffer: do not swap cpu_buffer during resize process (git-fixes). * ring-buffer: fix deadloop issue on reading trace_pipe (git-fixes). * ring-buffer: fix wrong stat of cpu_buffer->read (git-fixes). * rpmsg: glink: add check for kstrdup (git-fixes). * s390/purgatory: disable branch profiling (git-fixes bsc#1214372). * sched/fair: fix inaccurate tally of ttwu_move_affine (git fixes). * sched/fair: use recent_used_cpu to test p->cpus_ptr (git fixes). * sched/psi: use kernfs polling functions for psi trigger polling (bsc#1209799). * scsi: bsg: increase number of devices (bsc#1210048). * scsi: core: do not wait for quiesce in scsi_device_block() (bsc#1209284). * scsi: core: do not wait for quiesce in scsi_stop_queue() (bsc#1209284). * scsi: core: improve warning message in scsi_device_block() (bsc#1209284). * scsi: core: merge scsi_internal_device_block() and device_block() (bsc#1209284). * scsi: rdma/srp: fix residual handling (git-fixes) * scsi: sg: increase number of devices (bsc#1210048). * scsi: storvsc: always set no_report_opcodes (git-fixes). * scsi: storvsc: fix handling of virtual fibre channel timeouts (git-fixes). * scsi: storvsc: handle srb status value 0x30 (git-fixes). * scsi: storvsc: limit max_sectors for virtual fibre channel devices (git- fixes). * scsi: zfcp: defer fc_rport blocking until after adisc response (git-fixes bsc#1214371). * selftests/futex: order calls to futex_lock_pi (git-fixes). * selftests/harness: actually report skip for signal tests (git-fixes). * selftests/resctrl: close perf value read fd on errors (git-fixes). * selftests/resctrl: do not leak buffer in fill_cache() (git-fixes). * selftests/resctrl: unmount resctrl fs if child fails to run benchmark (git- fixes). * selftests/rseq: check if libc rseq support is registered (git-fixes). * selftests: forwarding: add a helper to skip test when using veth pairs (git- fixes). * selftests: forwarding: ethtool: skip when using veth pairs (git-fixes). * selftests: forwarding: ethtool_extended_state: skip when using veth pairs (git-fixes). * selftests: forwarding: skip test when no interfaces are specified (git- fixes). * selftests: forwarding: switch off timeout (git-fixes). * selftests: forwarding: tc_actions: cleanup temporary files when test is aborted (git-fixes). * selftests: forwarding: tc_actions: use ncat instead of nc (git-fixes). * selftests: forwarding: tc_flower: relax success criterion (git-fixes). * selftests: mirror_gre_changes: tighten up the ttl test match (git-fixes). * serial: sc16is7xx: fix broken port 0 uart init (git-fixes). * serial: sc16is7xx: fix bug when first setting gpio direction (git-fixes). * serial: sprd: assign sprd_port after initialized to avoid wrong access (git- fixes). * serial: sprd: fix dma buffer leak issue (git-fixes). * serial: tegra: handle clk prepare error in tegra_uart_hw_init() (git-fixes). * sfc: fix crash when reading stats while nic is resetting (git-fixes). * smb3: do not send lease break acknowledgment if all file handles have been closed (git-fixes). * smb3: do not set ntlmssp_version flag for negotiate not auth request (bsc#1193629). * smb: client: fix -wstringop-overflow issues (bsc#1193629). * smb: client: fix dfs link mount against w2k8 (bsc#1212142). * smb: client: fix null auth (git-fixes). * soc: aspeed: socinfo: add kfree for kstrdup (git-fixes). * soundwire: bus: pm_runtime_request_resume on peripheral attachment (git- fixes). * soundwire: fix enumeration completion (git-fixes). * spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (git-fixes). * supported.conf: fix typos for -!optional markers * target: compare and write backend driver sense handling (bsc#1177719 bsc#1213026). * target_core_rbd: fix leak and reduce kmalloc calls (bsc#1212873). * target_core_rbd: fix rbd_img_request.snap_id assignment (bsc#1212857). * target_core_rbd: remove snapshot existence validation code (bsc#1212857). * thunderbolt: read retimer nvm authentication status prior tb_retimer_set_inbound_sbtx() (git-fixes). * timers: add shutdown mechanism to the internal functions (bsc#1213970). * timers: provide timer_shutdown_sync (bsc#1213970). * timers: rename del_timer() to timer_delete() (bsc#1213970). * timers: rename del_timer_sync() to timer_delete_sync() (bsc#1213970). * timers: replace bug_on()s (bsc#1213970). * timers: silently ignore timers with a null function (bsc#1213970). * timers: split [try_to_]del_timer_sync to prepare for shutdown mode (bsc#1213970). * timers: update kernel-doc for various functions (bsc#1213970). * timers: use del_timer_sync() even on up (bsc#1213970). * tracing/histograms: add histograms to hist_vars if they have referenced variables (git-fixes). * tracing/histograms: return an error if we fail to add histogram to hist_vars list (git-fixes). * tracing/probes: fix not to count error code to total length (git-fixes). * tracing/probes: fix to avoid double count of the string length on the array (git-fixes). * tracing/probes: fix to record 0-length data_loc in fetch_store_string*() if fails (git-fixes). * tracing: fix cpu buffers unavailable due to 'record_disabled' missed (git- fixes). * tracing: fix memleak due to race between current_tracer and trace (git- fixes). * tracing: fix memory leak of iter->temp when reading trace_pipe (git-fixes). * tracing: fix null pointer dereference in tracing_err_log_open() (git-fixes). * tracing: fix warning in trace_buffered_event_disable() (git-fixes). * tty: fix hang on tty device with no_room set (git-fixes). * tty: n_gsm: fix the uaf caused by race condition in gsm_cleanup_mux (git- fixes). * tty: serial: fsl_lpuart: add i.mxrt1050 support (git-fixes). * tty: serial: fsl_lpuart: clear the error flags by writing 1 for lpuart32 platforms (git-fixes). * tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms (git-fixes). * tty: serial: fsl_lpuart: reduce rx watermark to 0 on ls1028a (git-fixes). * ubifs: fix memleak when insert_old_idx() failed (git-fixes). * update cpufreq-intel_pstate-fix-cpu-pstate.turbo_freq-initi (git-fixes bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). * usb-storage: alauda: fix uninit-value in alauda_check_media() (git-fixes). * usb: chipidea: imx: add missing usb phy dpdm wakeup setting (git-fixes). * usb: chipidea: imx: do not request qos for imx8ulp (git-fixes). * usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 (git- fixes). * usb: common: usb-conn-gpio: prevent bailing out if initial role is none (git-fixes). * usb: dwc3: fix typos in gadget.c (git-fixes). * usb: dwc3: meson-g12a: do post init to fix broken usb after resumption (git- fixes). * usb: dwc3: properly handle processing of pending events (git-fixes). * usb: gadget: f_mass_storage: fix unused variable warning (git-fixes). * usb: gadget: fix the memory leak in raw_gadget driver (git-fixes). * usb: gadget: u_serial: avoid spinlock recursion in __gs_console_push (git- fixes). * usb: ohci-at91: fix the unhandle interrupt when resume (git-fixes). * usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (git- fixes). * usb: quirks: add quirk for focusrite scarlett (git-fixes). * usb: serial: option: add quectel ec200a module support (git-fixes). * usb: serial: option: support quectel em060k_128 (git-fixes). * usb: serial: simple: add kaufmann rks+can vcp (git-fixes). * usb: serial: simple: sort driver entries (git-fixes). * usb: typec: altmodes/displayport: signal hpd when configuring pin assignment (git-fixes). * usb: typec: tcpm: fix response to vsafe0v event (git-fixes). * usb: typec: tcpm: set initial svdm version based on pd revision (git-fixes). * usb: zaurus: add id for a-300/b-500/c-700 (git-fixes). * watchdog: sp5100_tco: support hygon fch/sch (server controller hub) (git- fixes). * wifi: ath10k: use rmw accessors for changing lnkctl (git-fixes). * wifi: ath11k: use rmw accessors for changing lnkctl (git-fixes). * wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx (git- fixes). * wifi: ath9k: protect wmi command response buffer replacement with a lock (git-fixes). * wifi: ath9k: use is_err() with debugfs_create_dir() (git-fixes). * wifi: cfg80211: fix return value in scan logic (git-fixes). * wifi: cfg80211: fix sband iftype data lookup for ap_vlan (git-fixes). * wifi: mt76: mt7615: do not advertise 5 ghz on first phy of mt7615d (dbdc) (git-fixes). * wifi: mt76: mt7915: fix power-limits while chan_switch (git-fixes). * wifi: mt76: mt7921: do not support one stream on secondary antenna only (git-fixes). * wifi: mt76: testmode: add nla_policy for mt76_tm_attr_tx_length (git-fixes). * wifi: mwifiex: avoid possible null skb pointer dereference (git-fixes). * wifi: mwifiex: fix error recovery in pcie buffer descriptor management (git- fixes). * wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (git-fixes). * wifi: mwifiex: fix missed return in oob checks failed path (git-fixes). * wifi: mwifiex: fix oob and integer underflow when rx packets (git-fixes). * wifi: nl80211/cfg80211: add forgotten nla_policy for bss color attribute (git-fixes). * wifi: radiotap: fix kernel-doc notation warnings (git-fixes). * wifi: rtw89: debug: fix error handling in rtw89_debug_priv_btc_manual_set() (git-fixes). * x86/alternative: make custom return thunk unconditional (git-fixes). * x86/cpu/amd: disable xsaves on amd family 0x17 (git-fixes). * x86/cpu/kvm: provide untrain_ret_vm (git-fixes). * x86/cpu: clean up srso return thunk mess (git-fixes). * x86/cpu: cleanup the untrain mess (git-fixes). * x86/cpu: fix __x86_return_thunk symbol type (git-fixes). * x86/cpu: fix up srso_safe_ret() and __x86_return_thunk() (git-fixes). * x86/cpu: rename original retbleed methods (git-fixes). * x86/cpu: rename srso_(.*) _alias to srso_alias_ \1 (git-fixes). * x86/mce: make sure logged mces are processed after sysfs update (git-fixes). * x86/retpoline,kprobes: fix position of thunk sections with config_lto_clang (git-fixes). * x86/retpoline,kprobes: skip optprobe check for indirect jumps with retpolines and ibt (git-fixes). * x86/retpoline: do not clobber rflags during srso_safe_ret() (git-fixes). * x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635). * x86/speculation: add cpu_show_gds() prototype (git-fixes). * x86/speculation: mark all skylake cpus as vulnerable to gds (git-fixes). * x86/srso: correct the mitigation status when smt is disabled (git-fixes). * x86/srso: disable the mitigation on unaffected configurations (git-fixes). * x86/srso: explain the untraining sequences a bit more (git-fixes). * x86/srso: fix build breakage with the llvm linker (git-fixes). * x86/srso: fix return thunks in generated code (git-fixes). * x86/static_call: fix __static_call_fixup() (git-fixes). * xfs: fix sb write verify for lazysbcount (bsc#1214661). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3969=1 openSUSE-SLE-15.4-2023-3969=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3969=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3969=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3969=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3969=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3969=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3969=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-3969=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-3969=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-3969=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-3969=1 ## Package List: * openSUSE Leap 15.4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.88.1 * openSUSE Leap 15.4 (noarch) * kernel-source-5.14.21-150400.24.88.1 * kernel-macros-5.14.21-150400.24.88.1 * kernel-docs-html-5.14.21-150400.24.88.1 * kernel-source-vanilla-5.14.21-150400.24.88.1 * kernel-devel-5.14.21-150400.24.88.1 * openSUSE Leap 15.4 (nosrc ppc64le x86_64) * kernel-debug-5.14.21-150400.24.88.1 * openSUSE Leap 15.4 (ppc64le x86_64) * kernel-debug-debugsource-5.14.21-150400.24.88.1 * kernel-debug-livepatch-devel-5.14.21-150400.24.88.1 * kernel-debug-debuginfo-5.14.21-150400.24.88.1 * kernel-debug-devel-debuginfo-5.14.21-150400.24.88.1 * kernel-debug-devel-5.14.21-150400.24.88.1 * openSUSE Leap 15.4 (aarch64 ppc64le x86_64) * kernel-kvmsmall-debugsource-5.14.21-150400.24.88.1 * kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.88.1 * kernel-default-base-5.14.21-150400.24.88.1.150400.24.40.1 * kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.88.1 * kernel-kvmsmall-devel-5.14.21-150400.24.88.1 * kernel-kvmsmall-debuginfo-5.14.21-150400.24.88.1 * kernel-default-base-rebuild-5.14.21-150400.24.88.1.150400.24.40.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * dlm-kmp-default-5.14.21-150400.24.88.1 * cluster-md-kmp-default-5.14.21-150400.24.88.1 * kernel-default-livepatch-devel-5.14.21-150400.24.88.1 * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.88.1 * kernel-obs-build-debugsource-5.14.21-150400.24.88.1 * kernel-default-optional-debuginfo-5.14.21-150400.24.88.1 * kernel-default-extra-5.14.21-150400.24.88.1 * kernel-obs-qa-5.14.21-150400.24.88.1 * kernel-obs-build-5.14.21-150400.24.88.1 * kselftests-kmp-default-5.14.21-150400.24.88.1 * kernel-default-optional-5.14.21-150400.24.88.1 * kselftests-kmp-default-debuginfo-5.14.21-150400.24.88.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.88.1 * ocfs2-kmp-default-5.14.21-150400.24.88.1 * kernel-syms-5.14.21-150400.24.88.1 * gfs2-kmp-default-5.14.21-150400.24.88.1 * dlm-kmp-default-debuginfo-5.14.21-150400.24.88.1 * kernel-default-debugsource-5.14.21-150400.24.88.1 * kernel-default-debuginfo-5.14.21-150400.24.88.1 * kernel-default-devel-5.14.21-150400.24.88.1 * kernel-default-livepatch-5.14.21-150400.24.88.1 * reiserfs-kmp-default-5.14.21-150400.24.88.1 * kernel-default-extra-debuginfo-5.14.21-150400.24.88.1 * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.88.1 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.88.1 * gfs2-kmp-default-debuginfo-5.14.21-150400.24.88.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150400.24.88.1 * openSUSE Leap 15.4 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-5.14.21-150400.24.88.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_18-debugsource-1-150400.9.3.1 * kernel-livepatch-5_14_21-150400_24_88-default-1-150400.9.3.1 * kernel-livepatch-5_14_21-150400_24_88-default-debuginfo-1-150400.9.3.1 * openSUSE Leap 15.4 (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.88.1 * openSUSE Leap 15.4 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150400.24.88.1 * kernel-zfcpdump-debuginfo-5.14.21-150400.24.88.1 * openSUSE Leap 15.4 (nosrc) * dtb-aarch64-5.14.21-150400.24.88.1 * openSUSE Leap 15.4 (aarch64) * kernel-64kb-debugsource-5.14.21-150400.24.88.1 * ocfs2-kmp-64kb-5.14.21-150400.24.88.1 * dtb-sprd-5.14.21-150400.24.88.1 * kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.88.1 * dtb-freescale-5.14.21-150400.24.88.1 * kernel-64kb-optional-debuginfo-5.14.21-150400.24.88.1 * dtb-cavium-5.14.21-150400.24.88.1 * dlm-kmp-64kb-5.14.21-150400.24.88.1 * ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.88.1 * dtb-renesas-5.14.21-150400.24.88.1 * dtb-amd-5.14.21-150400.24.88.1 * dtb-qcom-5.14.21-150400.24.88.1 * dtb-altera-5.14.21-150400.24.88.1 * dtb-xilinx-5.14.21-150400.24.88.1 * cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.88.1 * dtb-marvell-5.14.21-150400.24.88.1 * reiserfs-kmp-64kb-5.14.21-150400.24.88.1 * dtb-socionext-5.14.21-150400.24.88.1 * dtb-hisilicon-5.14.21-150400.24.88.1 * kernel-64kb-extra-5.14.21-150400.24.88.1 * dtb-rockchip-5.14.21-150400.24.88.1 * dtb-lg-5.14.21-150400.24.88.1 * dtb-mediatek-5.14.21-150400.24.88.1 * dlm-kmp-64kb-debuginfo-5.14.21-150400.24.88.1 * kernel-64kb-extra-debuginfo-5.14.21-150400.24.88.1 * dtb-amlogic-5.14.21-150400.24.88.1 * kernel-64kb-livepatch-devel-5.14.21-150400.24.88.1 * dtb-amazon-5.14.21-150400.24.88.1 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.88.1 * reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.88.1 * kernel-64kb-devel-5.14.21-150400.24.88.1 * kselftests-kmp-64kb-5.14.21-150400.24.88.1 * dtb-broadcom-5.14.21-150400.24.88.1 * gfs2-kmp-64kb-5.14.21-150400.24.88.1 * dtb-apple-5.14.21-150400.24.88.1 * dtb-exynos-5.14.21-150400.24.88.1 * dtb-nvidia-5.14.21-150400.24.88.1 * cluster-md-kmp-64kb-5.14.21-150400.24.88.1 * kernel-64kb-debuginfo-5.14.21-150400.24.88.1 * kernel-64kb-optional-5.14.21-150400.24.88.1 * dtb-allwinner-5.14.21-150400.24.88.1 * gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.88.1 * dtb-apm-5.14.21-150400.24.88.1 * dtb-arm-5.14.21-150400.24.88.1 * openSUSE Leap 15.4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.88.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.88.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.88.1.150400.24.40.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * kernel-default-debugsource-5.14.21-150400.24.88.1 * kernel-default-debuginfo-5.14.21-150400.24.88.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.88.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.88.1.150400.24.40.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * kernel-default-debugsource-5.14.21-150400.24.88.1 * kernel-default-debuginfo-5.14.21-150400.24.88.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.88.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.88.1.150400.24.40.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * kernel-default-debugsource-5.14.21-150400.24.88.1 * kernel-default-debuginfo-5.14.21-150400.24.88.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.88.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.88.1.150400.24.40.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * kernel-default-debugsource-5.14.21-150400.24.88.1 * kernel-default-debuginfo-5.14.21-150400.24.88.1 * Basesystem Module 15-SP4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.88.1 * Basesystem Module 15-SP4 (aarch64) * kernel-64kb-devel-5.14.21-150400.24.88.1 * kernel-64kb-debuginfo-5.14.21-150400.24.88.1 * kernel-64kb-debugsource-5.14.21-150400.24.88.1 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.88.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150400.24.88.1 * Basesystem Module 15-SP4 (aarch64 ppc64le x86_64) * kernel-default-base-5.14.21-150400.24.88.1.150400.24.40.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kernel-default-debugsource-5.14.21-150400.24.88.1 * kernel-default-devel-5.14.21-150400.24.88.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.88.1 * kernel-default-debuginfo-5.14.21-150400.24.88.1 * Basesystem Module 15-SP4 (noarch) * kernel-macros-5.14.21-150400.24.88.1 * kernel-devel-5.14.21-150400.24.88.1 * Basesystem Module 15-SP4 (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.88.1 * Basesystem Module 15-SP4 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150400.24.88.1 * kernel-zfcpdump-debuginfo-5.14.21-150400.24.88.1 * Development Tools Module 15-SP4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.88.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-5.14.21-150400.24.88.1 * kernel-obs-build-debugsource-5.14.21-150400.24.88.1 * kernel-syms-5.14.21-150400.24.88.1 * Development Tools Module 15-SP4 (noarch) * kernel-source-5.14.21-150400.24.88.1 * Legacy Module 15-SP4 (nosrc) * kernel-default-5.14.21-150400.24.88.1 * Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kernel-default-debugsource-5.14.21-150400.24.88.1 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.88.1 * kernel-default-debuginfo-5.14.21-150400.24.88.1 * reiserfs-kmp-default-5.14.21-150400.24.88.1 * SUSE Linux Enterprise Live Patching 15-SP4 (nosrc) * kernel-default-5.14.21-150400.24.88.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_18-debugsource-1-150400.9.3.1 * kernel-default-debugsource-5.14.21-150400.24.88.1 * kernel-default-debuginfo-5.14.21-150400.24.88.1 * kernel-default-livepatch-devel-5.14.21-150400.24.88.1 * kernel-livepatch-5_14_21-150400_24_88-default-1-150400.9.3.1 * kernel-livepatch-5_14_21-150400_24_88-default-debuginfo-1-150400.9.3.1 * kernel-default-livepatch-5.14.21-150400.24.88.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * dlm-kmp-default-5.14.21-150400.24.88.1 * ocfs2-kmp-default-5.14.21-150400.24.88.1 * gfs2-kmp-default-5.14.21-150400.24.88.1 * dlm-kmp-default-debuginfo-5.14.21-150400.24.88.1 * cluster-md-kmp-default-5.14.21-150400.24.88.1 * kernel-default-debugsource-5.14.21-150400.24.88.1 * kernel-default-debuginfo-5.14.21-150400.24.88.1 * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.88.1 * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.88.1 * gfs2-kmp-default-debuginfo-5.14.21-150400.24.88.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (nosrc) * kernel-default-5.14.21-150400.24.88.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (nosrc) * kernel-default-5.14.21-150400.24.88.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * kernel-default-debugsource-5.14.21-150400.24.88.1 * kernel-default-extra-5.14.21-150400.24.88.1 * kernel-default-extra-debuginfo-5.14.21-150400.24.88.1 * kernel-default-debuginfo-5.14.21-150400.24.88.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2007.html * https://www.suse.com/security/cve/CVE-2023-20588.html * https://www.suse.com/security/cve/CVE-2023-34319.html * https://www.suse.com/security/cve/CVE-2023-3610.html * https://www.suse.com/security/cve/CVE-2023-37453.html * https://www.suse.com/security/cve/CVE-2023-3772.html * https://www.suse.com/security/cve/CVE-2023-3863.html * https://www.suse.com/security/cve/CVE-2023-4128.html * https://www.suse.com/security/cve/CVE-2023-4133.html * https://www.suse.com/security/cve/CVE-2023-4134.html * https://www.suse.com/security/cve/CVE-2023-4147.html * https://www.suse.com/security/cve/CVE-2023-4194.html * https://www.suse.com/security/cve/CVE-2023-4273.html * https://www.suse.com/security/cve/CVE-2023-4387.html * https://www.suse.com/security/cve/CVE-2023-4459.html * https://www.suse.com/security/cve/CVE-2023-4569.html * https://bugzilla.suse.com/show_bug.cgi?id=1023051 * https://bugzilla.suse.com/show_bug.cgi?id=1120059 * https://bugzilla.suse.com/show_bug.cgi?id=1177719 * https://bugzilla.suse.com/show_bug.cgi?id=1188885 * https://bugzilla.suse.com/show_bug.cgi?id=1193629 * https://bugzilla.suse.com/show_bug.cgi?id=1194869 * https://bugzilla.suse.com/show_bug.cgi?id=1205462 * https://bugzilla.suse.com/show_bug.cgi?id=1208902 * https://bugzilla.suse.com/show_bug.cgi?id=1208949 * https://bugzilla.suse.com/show_bug.cgi?id=1209284 * https://bugzilla.suse.com/show_bug.cgi?id=1209799 * https://bugzilla.suse.com/show_bug.cgi?id=1210048 * https://bugzilla.suse.com/show_bug.cgi?id=1210448 * https://bugzilla.suse.com/show_bug.cgi?id=1212091 * https://bugzilla.suse.com/show_bug.cgi?id=1212142 * https://bugzilla.suse.com/show_bug.cgi?id=1212526 * https://bugzilla.suse.com/show_bug.cgi?id=1212857 * https://bugzilla.suse.com/show_bug.cgi?id=1212873 * https://bugzilla.suse.com/show_bug.cgi?id=1213026 * https://bugzilla.suse.com/show_bug.cgi?id=1213123 * https://bugzilla.suse.com/show_bug.cgi?id=1213546 * https://bugzilla.suse.com/show_bug.cgi?id=1213580 * https://bugzilla.suse.com/show_bug.cgi?id=1213601 * https://bugzilla.suse.com/show_bug.cgi?id=1213666 * https://bugzilla.suse.com/show_bug.cgi?id=1213757 * https://bugzilla.suse.com/show_bug.cgi?id=1213759 * https://bugzilla.suse.com/show_bug.cgi?id=1213916 * https://bugzilla.suse.com/show_bug.cgi?id=1213921 * https://bugzilla.suse.com/show_bug.cgi?id=1213927 * https://bugzilla.suse.com/show_bug.cgi?id=1213946 * https://bugzilla.suse.com/show_bug.cgi?id=1213968 * https://bugzilla.suse.com/show_bug.cgi?id=1213970 * https://bugzilla.suse.com/show_bug.cgi?id=1213971 * https://bugzilla.suse.com/show_bug.cgi?id=1214000 * https://bugzilla.suse.com/show_bug.cgi?id=1214019 * https://bugzilla.suse.com/show_bug.cgi?id=1214120 * https://bugzilla.suse.com/show_bug.cgi?id=1214149 * https://bugzilla.suse.com/show_bug.cgi?id=1214180 * https://bugzilla.suse.com/show_bug.cgi?id=1214238 * https://bugzilla.suse.com/show_bug.cgi?id=1214285 * https://bugzilla.suse.com/show_bug.cgi?id=1214297 * https://bugzilla.suse.com/show_bug.cgi?id=1214299 * https://bugzilla.suse.com/show_bug.cgi?id=1214350 * https://bugzilla.suse.com/show_bug.cgi?id=1214368 * https://bugzilla.suse.com/show_bug.cgi?id=1214370 * https://bugzilla.suse.com/show_bug.cgi?id=1214371 * https://bugzilla.suse.com/show_bug.cgi?id=1214372 * https://bugzilla.suse.com/show_bug.cgi?id=1214380 * https://bugzilla.suse.com/show_bug.cgi?id=1214386 * https://bugzilla.suse.com/show_bug.cgi?id=1214392 * https://bugzilla.suse.com/show_bug.cgi?id=1214393 * https://bugzilla.suse.com/show_bug.cgi?id=1214397 * https://bugzilla.suse.com/show_bug.cgi?id=1214428 * https://bugzilla.suse.com/show_bug.cgi?id=1214451 * https://bugzilla.suse.com/show_bug.cgi?id=1214635 * https://bugzilla.suse.com/show_bug.cgi?id=1214659 * https://bugzilla.suse.com/show_bug.cgi?id=1214661 * https://bugzilla.suse.com/show_bug.cgi?id=1214729 * https://bugzilla.suse.com/show_bug.cgi?id=1214742 * https://bugzilla.suse.com/show_bug.cgi?id=1214743 * https://bugzilla.suse.com/show_bug.cgi?id=1214756 * https://bugzilla.suse.com/show_bug.cgi?id=1215522 * https://bugzilla.suse.com/show_bug.cgi?id=1215523 * https://bugzilla.suse.com/show_bug.cgi?id=1215552 * https://bugzilla.suse.com/show_bug.cgi?id=1215553 * https://jira.suse.com/browse/PED-4579 * https://jira.suse.com/browse/PED-4759 * https://jira.suse.com/browse/PED-4927 * https://jira.suse.com/browse/PED-4929 * https://jira.suse.com/browse/PED-5738 * https://jira.suse.com/browse/PED-6003 * https://jira.suse.com/browse/PED-6004 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 5 07:05:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Oct 2023 09:05:30 +0200 (CEST) Subject: SUSE-CU-2023:3236-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20231005070530.24FBFFCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3236-1 Container Tags : suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.62 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.62 Severity : important Type : security References : 1211078 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) The following package changes have been done: - libeconf0-0.5.2-150400.3.6.1 updated - container:sles15-image-15.0.0-36.5.38 updated From sle-updates at lists.suse.com Thu Oct 5 07:07:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Oct 2023 09:07:10 +0200 (CEST) Subject: SUSE-CU-2023:3238-1: Security update of bci/bci-init Message-ID: <20231005070710.8CCF3FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3238-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.29.64 Container Release : 29.64 Severity : important Type : security References : 1211078 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) The following package changes have been done: - libeconf0-0.5.2-150400.3.6.1 updated - container:sles15-image-15.0.0-27.14.102 updated From sle-updates at lists.suse.com Thu Oct 5 07:08:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Oct 2023 09:08:36 +0200 (CEST) Subject: SUSE-CU-2023:3239-1: Security update of suse/pcp Message-ID: <20231005070836.6C252FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3239-1 Container Tags : suse/pcp:5 , suse/pcp:5-17.136 , suse/pcp:5.2 , suse/pcp:5.2-17.136 , suse/pcp:5.2.5 , suse/pcp:5.2.5-17.136 Container Release : 17.136 Severity : important Type : security References : 1211078 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) The following package changes have been done: - libeconf0-0.5.2-150400.3.6.1 updated - container:bci-bci-init-15.4-15.4-29.64 updated From sle-updates at lists.suse.com Thu Oct 5 07:09:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Oct 2023 09:09:31 +0200 (CEST) Subject: SUSE-CU-2023:3240-1: Security update of suse/sle15 Message-ID: <20231005070931.2672CFCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3240-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.102 , suse/sle15:15.4 , suse/sle15:15.4.27.14.102 Container Release : 27.14.102 Severity : important Type : security References : 1211078 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) The following package changes have been done: - libeconf0-0.5.2-150400.3.6.1 updated From sle-updates at lists.suse.com Thu Oct 5 07:09:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Oct 2023 09:09:47 +0200 (CEST) Subject: SUSE-CU-2023:3241-1: Security update of suse/389-ds Message-ID: <20231005070947.25E0DFCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3241-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-16.3 , suse/389-ds:latest Container Release : 16.3 Severity : important Type : security References : 1211078 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) The following package changes have been done: - libeconf0-0.5.2-150400.3.6.1 updated - container:sles15-image-15.0.0-36.5.38 updated From sle-updates at lists.suse.com Thu Oct 5 07:10:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Oct 2023 09:10:05 +0200 (CEST) Subject: SUSE-CU-2023:3242-1: Security update of bci/dotnet-aspnet Message-ID: <20231005071005.29131FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3242-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-15.3 , bci/dotnet-aspnet:6.0.22 , bci/dotnet-aspnet:6.0.22-15.3 Container Release : 15.3 Severity : important Type : security References : 1211078 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) The following package changes have been done: - libeconf0-0.5.2-150400.3.6.1 updated - container:sles15-image-15.0.0-36.5.38 updated From sle-updates at lists.suse.com Thu Oct 5 07:10:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Oct 2023 09:10:22 +0200 (CEST) Subject: SUSE-CU-2023:3243-1: Security update of bci/dotnet-aspnet Message-ID: <20231005071022.46098FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3243-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-15.3 , bci/dotnet-aspnet:7.0.11 , bci/dotnet-aspnet:7.0.11-15.3 , bci/dotnet-aspnet:latest Container Release : 15.3 Severity : important Type : security References : 1211078 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) The following package changes have been done: - libeconf0-0.5.2-150400.3.6.1 updated - container:sles15-image-15.0.0-36.5.38 updated From sle-updates at lists.suse.com Thu Oct 5 07:10:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Oct 2023 09:10:34 +0200 (CEST) Subject: SUSE-CU-2023:3244-1: Security update of suse/registry Message-ID: <20231005071034.88963FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3244-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-15.2 , suse/registry:latest Container Release : 15.2 Severity : important Type : security References : 1211078 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) The following package changes have been done: - libeconf0-0.5.2-150400.3.6.1 updated From sle-updates at lists.suse.com Thu Oct 5 07:10:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Oct 2023 09:10:51 +0200 (CEST) Subject: SUSE-CU-2023:3245-1: Security update of bci/dotnet-runtime Message-ID: <20231005071051.437A7FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3245-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-14.3 , bci/dotnet-runtime:6.0.22 , bci/dotnet-runtime:6.0.22-14.3 Container Release : 14.3 Severity : important Type : security References : 1211078 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) The following package changes have been done: - libeconf0-0.5.2-150400.3.6.1 updated - container:sles15-image-15.0.0-36.5.38 updated From sle-updates at lists.suse.com Thu Oct 5 07:11:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Oct 2023 09:11:09 +0200 (CEST) Subject: SUSE-CU-2023:3246-1: Security update of bci/dotnet-runtime Message-ID: <20231005071109.B5F30FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3246-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-16.3 , bci/dotnet-runtime:7.0.11 , bci/dotnet-runtime:7.0.11-16.3 , bci/dotnet-runtime:latest Container Release : 16.3 Severity : important Type : security References : 1211078 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) The following package changes have been done: - libeconf0-0.5.2-150400.3.6.1 updated - container:sles15-image-15.0.0-36.5.38 updated From sle-updates at lists.suse.com Thu Oct 5 07:11:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Oct 2023 09:11:27 +0200 (CEST) Subject: SUSE-CU-2023:3247-1: Security update of bci/golang Message-ID: <20231005071127.6090DFCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3247-1 Container Tags : bci/golang:1.21 , bci/golang:1.21-1.4.3 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.4.3 Container Release : 4.3 Severity : important Type : security References : 1173407 1211078 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1906-1 Released: Tue Jul 14 15:58:16 2020 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: 1173407 This update for lifecycle-data-sle-module-development-tools fixes the following issue: - Ensure package is installed with its corresponding module when lifecycle package is installed. (bsc#1173407) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3603-1 Released: Wed Dec 2 15:11:46 2020 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Added expiration data for the GCC 9 yearly update for the Toolchain/Development modules. (jsc#ECO-2373, jsc#SLE-10950, jsc#SLE-10951) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2245-1 Released: Mon Jul 5 12:14:52 2021 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - mark go1.14 as 'end of life' as go1.16 was released and we only support 2 go versions parallel (jsc#ECO-1484) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:950-1 Released: Fri Mar 25 12:47:04 2022 Summary: Feature update for lifecycle-data-sle-module-development-tools Type: feature Severity: moderate References: This feature update for lifecycle-data-sle-module-development-tools fixes the following issues: - Added expiration data for GCC 10 yearly update for the Toolchain/Development modules (jsc#ECO-2373, jsc#SLE-16821, jsc#SLE-16822) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:2523-1 Released: Fri Jun 16 11:15:25 2023 Summary: Feature update for lifecycle-data-sle-module-development-tools Type: feature Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Added expiration data for GCC 11 yearly update for the Toolchain/Development modules (jsc#SLE-25046, jsc#SLE-25045, jsc#SLE-25044, jsc#PED-2030, jsc#PED-2033, jsc#PED-2035) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) The following package changes have been done: - libeconf0-0.5.2-150400.3.6.1 updated - lifecycle-data-sle-module-development-tools-1-150200.3.16.1 added - container:sles15-image-15.0.0-36.5.38 updated From sle-updates at lists.suse.com Thu Oct 5 07:11:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Oct 2023 09:11:31 +0200 (CEST) Subject: SUSE-CU-2023:3248-1: Security update of bci/golang Message-ID: <20231005071131.33A4BFCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3248-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-7.3 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-7.3 Container Release : 7.3 Severity : important Type : security References : 1173407 1211078 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1906-1 Released: Tue Jul 14 15:58:16 2020 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: 1173407 This update for lifecycle-data-sle-module-development-tools fixes the following issue: - Ensure package is installed with its corresponding module when lifecycle package is installed. (bsc#1173407) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3603-1 Released: Wed Dec 2 15:11:46 2020 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Added expiration data for the GCC 9 yearly update for the Toolchain/Development modules. (jsc#ECO-2373, jsc#SLE-10950, jsc#SLE-10951) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2245-1 Released: Mon Jul 5 12:14:52 2021 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - mark go1.14 as 'end of life' as go1.16 was released and we only support 2 go versions parallel (jsc#ECO-1484) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:950-1 Released: Fri Mar 25 12:47:04 2022 Summary: Feature update for lifecycle-data-sle-module-development-tools Type: feature Severity: moderate References: This feature update for lifecycle-data-sle-module-development-tools fixes the following issues: - Added expiration data for GCC 10 yearly update for the Toolchain/Development modules (jsc#ECO-2373, jsc#SLE-16821, jsc#SLE-16822) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:2523-1 Released: Fri Jun 16 11:15:25 2023 Summary: Feature update for lifecycle-data-sle-module-development-tools Type: feature Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Added expiration data for GCC 11 yearly update for the Toolchain/Development modules (jsc#SLE-25046, jsc#SLE-25045, jsc#SLE-25044, jsc#PED-2030, jsc#PED-2033, jsc#PED-2035) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) The following package changes have been done: - libeconf0-0.5.2-150400.3.6.1 updated - lifecycle-data-sle-module-development-tools-1-150200.3.16.1 added - container:sles15-image-15.0.0-36.5.38 updated From sle-updates at lists.suse.com Thu Oct 5 07:11:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Oct 2023 09:11:48 +0200 (CEST) Subject: SUSE-CU-2023:3249-1: Security update of bci/bci-init Message-ID: <20231005071148.A2DFDFCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3249-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.10.3 , bci/bci-init:latest Container Release : 10.3 Severity : important Type : security References : 1211078 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) The following package changes have been done: - libeconf0-0.5.2-150400.3.6.1 updated - container:sles15-image-15.0.0-36.5.38 updated From sle-updates at lists.suse.com Thu Oct 5 07:12:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Oct 2023 09:12:02 +0200 (CEST) Subject: SUSE-CU-2023:3251-1: Security update of suse/nginx Message-ID: <20231005071202.DCFACFCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3251-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-5.4 , suse/nginx:latest Container Release : 5.4 Severity : important Type : security References : 1211078 1215683 1215684 1215685 1215686 1215687 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 CVE-2023-43785 CVE-2023-43786 CVE-2023-43787 CVE-2023-43788 CVE-2023-43789 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3963-1 Released: Wed Oct 4 09:24:32 2023 Summary: Security update for libX11 Type: security Severity: moderate References: 1215683,1215684,1215685,CVE-2023-43785,CVE-2023-43786,CVE-2023-43787 This update for libX11 fixes the following issues: - CVE-2023-43786: Fixed stack exhaustion from infinite recursion in PutSubImage() (bsc#1215684). - CVE-2023-43787: Fixed integer overflow in XCreateImage() leading to a heap overflow (bsc#1215685). - CVE-2023-43785: Fixed out-of-bounds memory access in _XkbReadKeySyms() (bsc#1215683). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3965-1 Released: Wed Oct 4 09:47:23 2023 Summary: Security update for libXpm Type: security Severity: moderate References: 1215686,1215687,CVE-2023-43788,CVE-2023-43789 This update for libXpm fixes the following issues: - CVE-2023-43788: Fixed an out of bounds read when creating an image (bsc#1215686). - CVE-2023-43789: Fixed an out of bounds read when parsing an XPM file with a corrupted colormap (bsc#1215687). The following package changes have been done: - libeconf0-0.5.2-150400.3.6.1 updated - libX11-data-1.6.5-150000.3.33.1 updated - libX11-6-1.6.5-150000.3.33.1 updated - libXpm4-3.5.12-150000.3.10.1 updated - container:sles15-image-15.0.0-36.5.38 updated From sle-updates at lists.suse.com Thu Oct 5 07:12:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Oct 2023 09:12:21 +0200 (CEST) Subject: SUSE-CU-2023:3252-1: Security update of bci/nodejs Message-ID: <20231005071221.4CD61FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3252-1 Container Tags : bci/node:18 , bci/node:18-11.3 , bci/node:latest , bci/nodejs:18 , bci/nodejs:18-11.3 , bci/nodejs:latest Container Release : 11.3 Severity : important Type : security References : 1211078 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) The following package changes have been done: - libeconf0-0.5.2-150400.3.6.1 updated - container:sles15-image-15.0.0-36.5.38 updated From sle-updates at lists.suse.com Thu Oct 5 07:12:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Oct 2023 09:12:43 +0200 (CEST) Subject: SUSE-CU-2023:3253-1: Security update of bci/openjdk-devel Message-ID: <20231005071243.442F7FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3253-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-10.9 Container Release : 10.9 Severity : important Type : security References : 1211078 1215683 1215684 1215685 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 CVE-2023-43785 CVE-2023-43786 CVE-2023-43787 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3963-1 Released: Wed Oct 4 09:24:32 2023 Summary: Security update for libX11 Type: security Severity: moderate References: 1215683,1215684,1215685,CVE-2023-43785,CVE-2023-43786,CVE-2023-43787 This update for libX11 fixes the following issues: - CVE-2023-43786: Fixed stack exhaustion from infinite recursion in PutSubImage() (bsc#1215684). - CVE-2023-43787: Fixed integer overflow in XCreateImage() leading to a heap overflow (bsc#1215685). - CVE-2023-43785: Fixed out-of-bounds memory access in _XkbReadKeySyms() (bsc#1215683). The following package changes have been done: - libeconf0-0.5.2-150400.3.6.1 updated - libX11-data-1.6.5-150000.3.33.1 updated - libX11-6-1.6.5-150000.3.33.1 updated - container:bci-openjdk-11-15.5.11-11.4 updated From sle-updates at lists.suse.com Thu Oct 5 07:13:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Oct 2023 09:13:03 +0200 (CEST) Subject: SUSE-CU-2023:3254-1: Security update of bci/openjdk-devel Message-ID: <20231005071303.CB576FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3254-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-12.8 , bci/openjdk-devel:latest Container Release : 12.8 Severity : important Type : security References : 1211078 1215683 1215684 1215685 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 CVE-2023-43785 CVE-2023-43786 CVE-2023-43787 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3963-1 Released: Wed Oct 4 09:24:32 2023 Summary: Security update for libX11 Type: security Severity: moderate References: 1215683,1215684,1215685,CVE-2023-43785,CVE-2023-43786,CVE-2023-43787 This update for libX11 fixes the following issues: - CVE-2023-43786: Fixed stack exhaustion from infinite recursion in PutSubImage() (bsc#1215684). - CVE-2023-43787: Fixed integer overflow in XCreateImage() leading to a heap overflow (bsc#1215685). - CVE-2023-43785: Fixed out-of-bounds memory access in _XkbReadKeySyms() (bsc#1215683). The following package changes have been done: - libeconf0-0.5.2-150400.3.6.1 updated - libX11-data-1.6.5-150000.3.33.1 updated - libX11-6-1.6.5-150000.3.33.1 updated - container:bci-openjdk-17-15.5.17-12.4 updated From sle-updates at lists.suse.com Thu Oct 5 07:13:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Oct 2023 09:13:21 +0200 (CEST) Subject: SUSE-CU-2023:3255-1: Security update of bci/openjdk Message-ID: <20231005071321.296CEFCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3255-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-12.4 , bci/openjdk:latest Container Release : 12.4 Severity : important Type : security References : 1211078 1215683 1215684 1215685 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 CVE-2023-43785 CVE-2023-43786 CVE-2023-43787 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3963-1 Released: Wed Oct 4 09:24:32 2023 Summary: Security update for libX11 Type: security Severity: moderate References: 1215683,1215684,1215685,CVE-2023-43785,CVE-2023-43786,CVE-2023-43787 This update for libX11 fixes the following issues: - CVE-2023-43786: Fixed stack exhaustion from infinite recursion in PutSubImage() (bsc#1215684). - CVE-2023-43787: Fixed integer overflow in XCreateImage() leading to a heap overflow (bsc#1215685). - CVE-2023-43785: Fixed out-of-bounds memory access in _XkbReadKeySyms() (bsc#1215683). The following package changes have been done: - libeconf0-0.5.2-150400.3.6.1 updated - libX11-data-1.6.5-150000.3.33.1 updated - libX11-6-1.6.5-150000.3.33.1 updated - container:sles15-image-15.0.0-36.5.38 updated From sle-updates at lists.suse.com Thu Oct 5 07:13:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Oct 2023 09:13:40 +0200 (CEST) Subject: SUSE-CU-2023:3256-1: Security update of suse/pcp Message-ID: <20231005071340.1C573FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3256-1 Container Tags : suse/pcp:5 , suse/pcp:5-15.8 , suse/pcp:5.2 , suse/pcp:5.2-15.8 , suse/pcp:5.2.5 , suse/pcp:5.2.5-15.8 , suse/pcp:latest Container Release : 15.8 Severity : important Type : security References : 1211078 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) The following package changes have been done: - libeconf0-0.5.2-150400.3.6.1 updated - container:bci-bci-init-15.5-15.5-10.3 updated From sle-updates at lists.suse.com Thu Oct 5 07:13:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Oct 2023 09:13:55 +0200 (CEST) Subject: SUSE-CU-2023:3257-1: Security update of bci/php-apache Message-ID: <20231005071355.228CDFCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3257-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-8.3 Container Release : 8.3 Severity : important Type : security References : 1211078 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) The following package changes have been done: - libeconf0-0.5.2-150400.3.6.1 updated - container:sles15-image-15.0.0-36.5.38 updated From sle-updates at lists.suse.com Thu Oct 5 07:14:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Oct 2023 09:14:11 +0200 (CEST) Subject: SUSE-CU-2023:3258-1: Security update of bci/php-fpm Message-ID: <20231005071411.40AE9FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3258-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-8.3 Container Release : 8.3 Severity : important Type : security References : 1211078 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) The following package changes have been done: - libeconf0-0.5.2-150400.3.6.1 updated - container:sles15-image-15.0.0-36.5.38 updated From sle-updates at lists.suse.com Thu Oct 5 07:20:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Oct 2023 09:20:49 +0200 (CEST) Subject: SUSE-CU-2023:3258-1: Security update of bci/php-fpm Message-ID: <20231005072049.DED0CFCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3258-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-8.3 Container Release : 8.3 Severity : important Type : security References : 1211078 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) The following package changes have been done: - libeconf0-0.5.2-150400.3.6.1 updated - container:sles15-image-15.0.0-36.5.38 updated From sle-updates at lists.suse.com Thu Oct 5 07:21:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Oct 2023 09:21:08 +0200 (CEST) Subject: SUSE-CU-2023:3259-1: Security update of bci/php Message-ID: <20231005072108.30A70FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3259-1 Container Tags : bci/php:8 , bci/php:8-8.3 Container Release : 8.3 Severity : important Type : security References : 1211078 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) The following package changes have been done: - libeconf0-0.5.2-150400.3.6.1 updated - container:sles15-image-15.0.0-36.5.38 updated From sle-updates at lists.suse.com Thu Oct 5 07:21:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Oct 2023 09:21:24 +0200 (CEST) Subject: SUSE-CU-2023:3260-1: Security update of suse/postgres Message-ID: <20231005072124.D7781FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3260-1 Container Tags : suse/postgres:15 , suse/postgres:15-11.3 , suse/postgres:15.4 , suse/postgres:15.4-11.3 , suse/postgres:latest Container Release : 11.3 Severity : important Type : security References : 1211078 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) The following package changes have been done: - libeconf0-0.5.2-150400.3.6.1 updated - container:sles15-image-15.0.0-36.5.38 updated From sle-updates at lists.suse.com Thu Oct 5 07:21:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Oct 2023 09:21:44 +0200 (CEST) Subject: SUSE-CU-2023:3261-1: Security update of bci/python Message-ID: <20231005072144.16EFDFCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3261-1 Container Tags : bci/python:3 , bci/python:3-11.4 , bci/python:3.11 , bci/python:3.11-11.4 , bci/python:latest Container Release : 11.4 Severity : important Type : security References : 1211078 1214692 1214693 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 CVE-2023-40217 CVE-2023-41105 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3943-1 Released: Tue Oct 3 18:05:10 2023 Summary: Security update for python311 Type: security Severity: important References: 1214692,1214693,CVE-2023-40217,CVE-2023-41105 This update for python311 fixes the following issues: Update to 3.11.5. - CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692). - CVE-2023-41105: Fixed input truncation on null bytes in os.path.normpath (bsc#1214693). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) The following package changes have been done: - libeconf0-0.5.2-150400.3.6.1 updated - libpython3_11-1_0-3.11.5-150400.9.20.2 updated - python311-base-3.11.5-150400.9.20.2 updated - python311-3.11.5-150400.9.20.1 updated - python311-devel-3.11.5-150400.9.20.2 updated - container:sles15-image-15.0.0-36.5.38 updated From sle-updates at lists.suse.com Thu Oct 5 07:22:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Oct 2023 09:22:05 +0200 (CEST) Subject: SUSE-CU-2023:3262-1: Security update of bci/python Message-ID: <20231005072205.15C1EFCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3262-1 Container Tags : bci/python:3 , bci/python:3-13.3 , bci/python:3.6 , bci/python:3.6-13.3 Container Release : 13.3 Severity : important Type : security References : 1211078 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) The following package changes have been done: - libeconf0-0.5.2-150400.3.6.1 updated - container:sles15-image-15.0.0-36.5.38 updated From sle-updates at lists.suse.com Thu Oct 5 07:22:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Oct 2023 09:22:08 +0200 (CEST) Subject: SUSE-CU-2023:3263-1: Security update of suse/rmt-server Message-ID: <20231005072208.4CE88FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3263-1 Container Tags : suse/rmt-server:2.14 , suse/rmt-server:2.14-11.3 , suse/rmt-server:latest Container Release : 11.3 Severity : important Type : security References : 1211078 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) The following package changes have been done: - libeconf0-0.5.2-150400.3.6.1 updated - container:sles15-image-15.0.0-36.5.38 updated From sle-updates at lists.suse.com Thu Oct 5 07:22:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Oct 2023 09:22:26 +0200 (CEST) Subject: SUSE-CU-2023:3264-1: Security update of bci/ruby Message-ID: <20231005072226.05016FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3264-1 Container Tags : bci/ruby:2 , bci/ruby:2-12.3 , bci/ruby:2.5 , bci/ruby:2.5-12.3 , bci/ruby:latest Container Release : 12.3 Severity : important Type : security References : 1211078 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) The following package changes have been done: - libeconf0-0.5.2-150400.3.6.1 updated - container:sles15-image-15.0.0-36.5.38 updated From sle-updates at lists.suse.com Thu Oct 5 07:22:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Oct 2023 09:22:44 +0200 (CEST) Subject: SUSE-CU-2023:3265-1: Security update of bci/rust Message-ID: <20231005072244.D58BBFCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3265-1 Container Tags : bci/rust:1.71 , bci/rust:1.71-2.4.3 , bci/rust:oldstable , bci/rust:oldstable-2.4.3 Container Release : 4.3 Severity : important Type : security References : 1173407 1211078 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1906-1 Released: Tue Jul 14 15:58:16 2020 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: 1173407 This update for lifecycle-data-sle-module-development-tools fixes the following issue: - Ensure package is installed with its corresponding module when lifecycle package is installed. (bsc#1173407) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3603-1 Released: Wed Dec 2 15:11:46 2020 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Added expiration data for the GCC 9 yearly update for the Toolchain/Development modules. (jsc#ECO-2373, jsc#SLE-10950, jsc#SLE-10951) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2245-1 Released: Mon Jul 5 12:14:52 2021 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - mark go1.14 as 'end of life' as go1.16 was released and we only support 2 go versions parallel (jsc#ECO-1484) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:950-1 Released: Fri Mar 25 12:47:04 2022 Summary: Feature update for lifecycle-data-sle-module-development-tools Type: feature Severity: moderate References: This feature update for lifecycle-data-sle-module-development-tools fixes the following issues: - Added expiration data for GCC 10 yearly update for the Toolchain/Development modules (jsc#ECO-2373, jsc#SLE-16821, jsc#SLE-16822) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:2523-1 Released: Fri Jun 16 11:15:25 2023 Summary: Feature update for lifecycle-data-sle-module-development-tools Type: feature Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Added expiration data for GCC 11 yearly update for the Toolchain/Development modules (jsc#SLE-25046, jsc#SLE-25045, jsc#SLE-25044, jsc#PED-2030, jsc#PED-2033, jsc#PED-2035) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) The following package changes have been done: - libeconf0-0.5.2-150400.3.6.1 updated - lifecycle-data-sle-module-development-tools-1-150200.3.16.1 added - container:sles15-image-15.0.0-36.5.38 updated From sle-updates at lists.suse.com Thu Oct 5 07:23:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Oct 2023 09:23:03 +0200 (CEST) Subject: SUSE-CU-2023:3266-1: Security update of bci/rust Message-ID: <20231005072303.78784FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3266-1 Container Tags : bci/rust:1.72 , bci/rust:1.72-1.4.3 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.4.3 Container Release : 4.3 Severity : important Type : security References : 1173407 1211078 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1906-1 Released: Tue Jul 14 15:58:16 2020 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: 1173407 This update for lifecycle-data-sle-module-development-tools fixes the following issue: - Ensure package is installed with its corresponding module when lifecycle package is installed. (bsc#1173407) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3603-1 Released: Wed Dec 2 15:11:46 2020 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Added expiration data for the GCC 9 yearly update for the Toolchain/Development modules. (jsc#ECO-2373, jsc#SLE-10950, jsc#SLE-10951) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2245-1 Released: Mon Jul 5 12:14:52 2021 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - mark go1.14 as 'end of life' as go1.16 was released and we only support 2 go versions parallel (jsc#ECO-1484) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:950-1 Released: Fri Mar 25 12:47:04 2022 Summary: Feature update for lifecycle-data-sle-module-development-tools Type: feature Severity: moderate References: This feature update for lifecycle-data-sle-module-development-tools fixes the following issues: - Added expiration data for GCC 10 yearly update for the Toolchain/Development modules (jsc#ECO-2373, jsc#SLE-16821, jsc#SLE-16822) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:2523-1 Released: Fri Jun 16 11:15:25 2023 Summary: Feature update for lifecycle-data-sle-module-development-tools Type: feature Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Added expiration data for GCC 11 yearly update for the Toolchain/Development modules (jsc#SLE-25046, jsc#SLE-25045, jsc#SLE-25044, jsc#PED-2030, jsc#PED-2033, jsc#PED-2035) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) The following package changes have been done: - libeconf0-0.5.2-150400.3.6.1 updated - lifecycle-data-sle-module-development-tools-1-150200.3.16.1 added - container:sles15-image-15.0.0-36.5.38 updated From sle-updates at lists.suse.com Thu Oct 5 07:23:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Oct 2023 09:23:53 +0200 (CEST) Subject: SUSE-CU-2023:3267-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20231005072353.0328CFCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3267-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.466 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.466 Severity : important Type : security References : 1214922 1214924 1214925 1215004 1215006 1215033 CVE-2023-4733 CVE-2023-4734 CVE-2023-4735 CVE-2023-4738 CVE-2023-4752 CVE-2023-4781 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3955-1 Released: Tue Oct 3 21:27:58 2023 Summary: Security update for vim Type: security Severity: important References: 1214922,1214924,1214925,1215004,1215006,1215033,CVE-2023-4733,CVE-2023-4734,CVE-2023-4735,CVE-2023-4738,CVE-2023-4752,CVE-2023-4781 This update for vim fixes the following issues: Security fixes: - CVE-2023-4733: Fixed use-after-free in function buflist_altfpos (bsc#1215004). - CVE-2023-4734: Fixed segmentation fault in function f_fullcommand (bsc#1214925). - CVE-2023-4735: Fixed out of bounds write in ops.c (bsc#1214924). - CVE-2023-4738: Fixed heap buffer overflow in vim_regsub_both (bsc#1214922). - CVE-2023-4752: Fixed heap use-after-free in function ins_compl_get_exp (bsc#1215006). - CVE-2023-4781: Fixed heap buffer overflow in function vim_regsub_both (bsc#1215033). Other fixes: - Update to version 9.0 with patch level 1894, for the complete list of changes see https://github.com/vim/vim/compare/v9.0.1443...v9.0.1894 - Use app icons generated from vimlogo.eps in the source tarball; add higher resolution icons of sizes 128x128, 256x256, and 512x512 as png sources The following package changes have been done: - vim-data-common-9.0.1894-150000.5.54.1 updated - vim-9.0.1894-150000.5.54.1 updated From sle-updates at lists.suse.com Thu Oct 5 07:26:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Oct 2023 09:26:20 +0200 (CEST) Subject: SUSE-CU-2023:3269-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20231005072620.29A96FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3269-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.288 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.288 Severity : important Type : security References : 1214922 1214924 1214925 1215004 1215006 1215033 CVE-2023-4733 CVE-2023-4734 CVE-2023-4735 CVE-2023-4738 CVE-2023-4752 CVE-2023-4781 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3955-1 Released: Tue Oct 3 21:27:58 2023 Summary: Security update for vim Type: security Severity: important References: 1214922,1214924,1214925,1215004,1215006,1215033,CVE-2023-4733,CVE-2023-4734,CVE-2023-4735,CVE-2023-4738,CVE-2023-4752,CVE-2023-4781 This update for vim fixes the following issues: Security fixes: - CVE-2023-4733: Fixed use-after-free in function buflist_altfpos (bsc#1215004). - CVE-2023-4734: Fixed segmentation fault in function f_fullcommand (bsc#1214925). - CVE-2023-4735: Fixed out of bounds write in ops.c (bsc#1214924). - CVE-2023-4738: Fixed heap buffer overflow in vim_regsub_both (bsc#1214922). - CVE-2023-4752: Fixed heap use-after-free in function ins_compl_get_exp (bsc#1215006). - CVE-2023-4781: Fixed heap buffer overflow in function vim_regsub_both (bsc#1215033). Other fixes: - Update to version 9.0 with patch level 1894, for the complete list of changes see https://github.com/vim/vim/compare/v9.0.1443...v9.0.1894 - Use app icons generated from vimlogo.eps in the source tarball; add higher resolution icons of sizes 128x128, 256x256, and 512x512 as png sources The following package changes have been done: - vim-data-common-9.0.1894-150000.5.54.1 updated - vim-9.0.1894-150000.5.54.1 updated From sle-updates at lists.suse.com Thu Oct 5 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 05 Oct 2023 12:30:02 -0000 Subject: SUSE-SU-2023:3984-1: important: Security update for ghostscript Message-ID: <169650900227.8617.6381644762375053586@smelt2.prg2.suse.org> # Security update for ghostscript Announcement ID: SUSE-SU-2023:3984-1 Rating: important References: * #1215466 Cross-References: * CVE-2023-43115 CVSS scores: * CVE-2023-43115 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-43115 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for ghostscript fixes the following issues: * CVE-2023-43115: Fixed remote code execution via crafted PostScript documents in gdevijs.c (bsc#1215466). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3984=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3984=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3984=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3984=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3984=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3984=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3984=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3984=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3984=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3984=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3984=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3984=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3984=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3984=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3984=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3984=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3984=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3984=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * ghostscript-devel-9.52-150000.173.2 * ghostscript-debugsource-9.52-150000.173.2 * ghostscript-debuginfo-9.52-150000.173.2 * ghostscript-9.52-150000.173.2 * ghostscript-x11-debuginfo-9.52-150000.173.2 * ghostscript-x11-9.52-150000.173.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * ghostscript-devel-9.52-150000.173.2 * ghostscript-debugsource-9.52-150000.173.2 * ghostscript-debuginfo-9.52-150000.173.2 * ghostscript-9.52-150000.173.2 * ghostscript-x11-debuginfo-9.52-150000.173.2 * ghostscript-x11-9.52-150000.173.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * ghostscript-devel-9.52-150000.173.2 * ghostscript-debugsource-9.52-150000.173.2 * ghostscript-debuginfo-9.52-150000.173.2 * ghostscript-9.52-150000.173.2 * ghostscript-x11-debuginfo-9.52-150000.173.2 * ghostscript-x11-9.52-150000.173.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * ghostscript-devel-9.52-150000.173.2 * ghostscript-debugsource-9.52-150000.173.2 * ghostscript-debuginfo-9.52-150000.173.2 * ghostscript-9.52-150000.173.2 * ghostscript-x11-debuginfo-9.52-150000.173.2 * ghostscript-x11-9.52-150000.173.2 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * ghostscript-devel-9.52-150000.173.2 * ghostscript-debugsource-9.52-150000.173.2 * ghostscript-debuginfo-9.52-150000.173.2 * ghostscript-9.52-150000.173.2 * ghostscript-x11-debuginfo-9.52-150000.173.2 * ghostscript-x11-9.52-150000.173.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * ghostscript-devel-9.52-150000.173.2 * ghostscript-debugsource-9.52-150000.173.2 * ghostscript-debuginfo-9.52-150000.173.2 * ghostscript-9.52-150000.173.2 * ghostscript-x11-debuginfo-9.52-150000.173.2 * ghostscript-x11-9.52-150000.173.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * ghostscript-devel-9.52-150000.173.2 * ghostscript-debugsource-9.52-150000.173.2 * ghostscript-debuginfo-9.52-150000.173.2 * ghostscript-9.52-150000.173.2 * ghostscript-x11-debuginfo-9.52-150000.173.2 * ghostscript-x11-9.52-150000.173.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * ghostscript-devel-9.52-150000.173.2 * ghostscript-debugsource-9.52-150000.173.2 * ghostscript-debuginfo-9.52-150000.173.2 * ghostscript-9.52-150000.173.2 * ghostscript-x11-debuginfo-9.52-150000.173.2 * ghostscript-x11-9.52-150000.173.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * ghostscript-devel-9.52-150000.173.2 * ghostscript-debugsource-9.52-150000.173.2 * ghostscript-debuginfo-9.52-150000.173.2 * ghostscript-9.52-150000.173.2 * ghostscript-x11-debuginfo-9.52-150000.173.2 * ghostscript-x11-9.52-150000.173.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * ghostscript-devel-9.52-150000.173.2 * ghostscript-debugsource-9.52-150000.173.2 * ghostscript-debuginfo-9.52-150000.173.2 * ghostscript-9.52-150000.173.2 * ghostscript-x11-debuginfo-9.52-150000.173.2 * ghostscript-x11-9.52-150000.173.2 * SUSE Manager Proxy 4.2 (x86_64) * ghostscript-devel-9.52-150000.173.2 * ghostscript-debugsource-9.52-150000.173.2 * ghostscript-debuginfo-9.52-150000.173.2 * ghostscript-9.52-150000.173.2 * ghostscript-x11-debuginfo-9.52-150000.173.2 * ghostscript-x11-9.52-150000.173.2 * SUSE Manager Retail Branch Server 4.2 (x86_64) * ghostscript-devel-9.52-150000.173.2 * ghostscript-debugsource-9.52-150000.173.2 * ghostscript-debuginfo-9.52-150000.173.2 * ghostscript-9.52-150000.173.2 * ghostscript-x11-debuginfo-9.52-150000.173.2 * ghostscript-x11-9.52-150000.173.2 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * ghostscript-devel-9.52-150000.173.2 * ghostscript-debugsource-9.52-150000.173.2 * ghostscript-debuginfo-9.52-150000.173.2 * ghostscript-9.52-150000.173.2 * ghostscript-x11-debuginfo-9.52-150000.173.2 * ghostscript-x11-9.52-150000.173.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * ghostscript-devel-9.52-150000.173.2 * ghostscript-debugsource-9.52-150000.173.2 * ghostscript-debuginfo-9.52-150000.173.2 * ghostscript-9.52-150000.173.2 * ghostscript-x11-debuginfo-9.52-150000.173.2 * ghostscript-x11-9.52-150000.173.2 * SUSE CaaS Platform 4.0 (x86_64) * ghostscript-devel-9.52-150000.173.2 * ghostscript-debugsource-9.52-150000.173.2 * ghostscript-debuginfo-9.52-150000.173.2 * ghostscript-9.52-150000.173.2 * ghostscript-x11-debuginfo-9.52-150000.173.2 * ghostscript-x11-9.52-150000.173.2 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * ghostscript-devel-9.52-150000.173.2 * ghostscript-debugsource-9.52-150000.173.2 * ghostscript-debuginfo-9.52-150000.173.2 * ghostscript-9.52-150000.173.2 * ghostscript-x11-debuginfo-9.52-150000.173.2 * ghostscript-x11-9.52-150000.173.2 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * ghostscript-devel-9.52-150000.173.2 * ghostscript-debugsource-9.52-150000.173.2 * ghostscript-debuginfo-9.52-150000.173.2 * ghostscript-9.52-150000.173.2 * ghostscript-x11-debuginfo-9.52-150000.173.2 * ghostscript-x11-9.52-150000.173.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * ghostscript-devel-9.52-150000.173.2 * ghostscript-debugsource-9.52-150000.173.2 * ghostscript-debuginfo-9.52-150000.173.2 * ghostscript-9.52-150000.173.2 * ghostscript-x11-debuginfo-9.52-150000.173.2 * ghostscript-x11-9.52-150000.173.2 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * ghostscript-devel-9.52-150000.173.2 * ghostscript-debugsource-9.52-150000.173.2 * ghostscript-debuginfo-9.52-150000.173.2 * ghostscript-9.52-150000.173.2 * ghostscript-x11-debuginfo-9.52-150000.173.2 * ghostscript-x11-9.52-150000.173.2 ## References: * https://www.suse.com/security/cve/CVE-2023-43115.html * https://bugzilla.suse.com/show_bug.cgi?id=1215466 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 5 12:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 05 Oct 2023 12:30:06 -0000 Subject: SUSE-SU-2023:3983-1: important: Security update for poppler Message-ID: <169650900636.8617.17688643175067294933@smelt2.prg2.suse.org> # Security update for poppler Announcement ID: SUSE-SU-2023:3983-1 Rating: important References: * #1214257 * #1214618 * #1214621 * #1214622 * #1215422 Cross-References: * CVE-2020-23804 * CVE-2020-36024 * CVE-2022-37050 * CVE-2022-37051 * CVE-2022-38349 CVSS scores: * CVE-2020-23804 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2020-23804 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2020-36024 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2020-36024 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-37050 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-37050 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-37051 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-37051 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-38349 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2022-38349 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves five vulnerabilities can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2020-23804: Fixed uncontrolled recursion in pdfinfo and pdftops (bsc#1215422). * CVE-2020-36024: Fixed NULL Pointer Deference in `FoFiType1C:convertToType1` (bsc#1214257). * CVE-2022-37050: Fixed denial-of-service via savePageAs in PDFDoc.c (bsc#1214622). * CVE-2022-37051: Fixed abort in main() in pdfunite.cc (bsc#1214621). * CVE-2022-38349: Fixed reachable assertion in Object.h that will lead to denial of service (bsc#1214618). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3983=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3983=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3983=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3983=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libpoppler73-debuginfo-0.62.0-150000.4.25.2 * libpoppler73-0.62.0-150000.4.25.2 * openSUSE Leap 15.4 (x86_64) * libpoppler73-32bit-0.62.0-150000.4.25.2 * libpoppler73-32bit-debuginfo-0.62.0-150000.4.25.2 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libpoppler-devel-0.62.0-150000.4.25.2 * libpoppler-glib8-0.62.0-150000.4.25.2 * libpoppler73-debuginfo-0.62.0-150000.4.25.2 * libpoppler-cpp0-debuginfo-0.62.0-150000.4.25.2 * poppler-tools-0.62.0-150000.4.25.2 * libpoppler-glib-devel-0.62.0-150000.4.25.2 * libpoppler73-0.62.0-150000.4.25.2 * poppler-tools-debuginfo-0.62.0-150000.4.25.2 * typelib-1_0-Poppler-0_18-0.62.0-150000.4.25.2 * libpoppler-glib8-debuginfo-0.62.0-150000.4.25.2 * poppler-debugsource-0.62.0-150000.4.25.2 * libpoppler-cpp0-0.62.0-150000.4.25.2 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libpoppler-devel-0.62.0-150000.4.25.2 * libpoppler-glib8-0.62.0-150000.4.25.2 * libpoppler73-debuginfo-0.62.0-150000.4.25.2 * libpoppler-cpp0-debuginfo-0.62.0-150000.4.25.2 * poppler-tools-0.62.0-150000.4.25.2 * libpoppler-glib-devel-0.62.0-150000.4.25.2 * libpoppler73-0.62.0-150000.4.25.2 * poppler-tools-debuginfo-0.62.0-150000.4.25.2 * typelib-1_0-Poppler-0_18-0.62.0-150000.4.25.2 * libpoppler-glib8-debuginfo-0.62.0-150000.4.25.2 * poppler-debugsource-0.62.0-150000.4.25.2 * libpoppler-cpp0-0.62.0-150000.4.25.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libpoppler-devel-0.62.0-150000.4.25.2 * libpoppler-glib8-0.62.0-150000.4.25.2 * libpoppler73-debuginfo-0.62.0-150000.4.25.2 * libpoppler-cpp0-debuginfo-0.62.0-150000.4.25.2 * poppler-tools-0.62.0-150000.4.25.2 * libpoppler-glib-devel-0.62.0-150000.4.25.2 * libpoppler73-0.62.0-150000.4.25.2 * poppler-tools-debuginfo-0.62.0-150000.4.25.2 * typelib-1_0-Poppler-0_18-0.62.0-150000.4.25.2 * libpoppler-glib8-debuginfo-0.62.0-150000.4.25.2 * poppler-debugsource-0.62.0-150000.4.25.2 * libpoppler-cpp0-0.62.0-150000.4.25.2 * SUSE CaaS Platform 4.0 (x86_64) * libpoppler-devel-0.62.0-150000.4.25.2 * libpoppler-glib8-0.62.0-150000.4.25.2 * libpoppler73-debuginfo-0.62.0-150000.4.25.2 * libpoppler-cpp0-debuginfo-0.62.0-150000.4.25.2 * poppler-tools-0.62.0-150000.4.25.2 * libpoppler-glib-devel-0.62.0-150000.4.25.2 * libpoppler73-0.62.0-150000.4.25.2 * poppler-tools-debuginfo-0.62.0-150000.4.25.2 * typelib-1_0-Poppler-0_18-0.62.0-150000.4.25.2 * libpoppler-glib8-debuginfo-0.62.0-150000.4.25.2 * poppler-debugsource-0.62.0-150000.4.25.2 * libpoppler-cpp0-0.62.0-150000.4.25.2 ## References: * https://www.suse.com/security/cve/CVE-2020-23804.html * https://www.suse.com/security/cve/CVE-2020-36024.html * https://www.suse.com/security/cve/CVE-2022-37050.html * https://www.suse.com/security/cve/CVE-2022-37051.html * https://www.suse.com/security/cve/CVE-2022-38349.html * https://bugzilla.suse.com/show_bug.cgi?id=1214257 * https://bugzilla.suse.com/show_bug.cgi?id=1214618 * https://bugzilla.suse.com/show_bug.cgi?id=1214621 * https://bugzilla.suse.com/show_bug.cgi?id=1214622 * https://bugzilla.suse.com/show_bug.cgi?id=1215422 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 5 12:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 05 Oct 2023 12:30:08 -0000 Subject: SUSE-SU-2023:3982-1: important: Security update for poppler Message-ID: <169650900889.8617.17735556085813913141@smelt2.prg2.suse.org> # Security update for poppler Announcement ID: SUSE-SU-2023:3982-1 Rating: important References: * #1214257 * #1214618 * #1214621 * #1214622 * #1215422 Cross-References: * CVE-2020-23804 * CVE-2020-36024 * CVE-2022-37050 * CVE-2022-37051 * CVE-2022-38349 CVSS scores: * CVE-2020-23804 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2020-23804 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2020-36024 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2020-36024 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-37050 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-37050 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-37051 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-37051 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-38349 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2022-38349 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2020-23804: Fixed uncontrolled recursion in pdfinfo and pdftops (bsc#1215422). * CVE-2020-36024: Fixed NULL Pointer Deference in `FoFiType1C:convertToType1` (bsc#1214257). * CVE-2022-37050: Fixed denial-of-service via savePageAs in PDFDoc.c (bsc#1214622). * CVE-2022-37051: Fixed abort in main() in pdfunite.cc (bsc#1214621). * CVE-2022-38349: Fixed reachable assertion in Object.h that will lead to denial of service (bsc#1214618). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3982=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3982=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3982=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3982=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libpoppler-cpp0-0.43.0-16.35.2 * libpoppler-glib-devel-0.43.0-16.35.2 * libpoppler-devel-0.43.0-16.35.2 * poppler-debugsource-0.43.0-16.35.2 * typelib-1_0-Poppler-0_18-0.43.0-16.35.2 * libpoppler-qt4-devel-0.43.0-16.35.2 * SUSE Linux Enterprise Software Development Kit 12 SP5 (ppc64le s390x x86_64) * libpoppler-cpp0-debuginfo-0.43.0-16.35.2 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libpoppler-qt4-4-0.43.0-16.35.2 * libpoppler60-0.43.0-16.35.2 * poppler-tools-0.43.0-16.35.2 * libpoppler-glib8-0.43.0-16.35.2 * libpoppler60-debuginfo-0.43.0-16.35.2 * poppler-tools-debuginfo-0.43.0-16.35.2 * poppler-debugsource-0.43.0-16.35.2 * libpoppler-glib8-debuginfo-0.43.0-16.35.2 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libpoppler-qt4-4-debuginfo-0.43.0-16.35.2 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libpoppler-qt4-4-0.43.0-16.35.2 * libpoppler60-0.43.0-16.35.2 * poppler-tools-0.43.0-16.35.2 * libpoppler-glib8-0.43.0-16.35.2 * libpoppler60-debuginfo-0.43.0-16.35.2 * poppler-tools-debuginfo-0.43.0-16.35.2 * poppler-debugsource-0.43.0-16.35.2 * libpoppler-glib8-debuginfo-0.43.0-16.35.2 * SUSE Linux Enterprise Server 12 SP5 (ppc64le s390x x86_64) * libpoppler-qt4-4-debuginfo-0.43.0-16.35.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libpoppler-qt4-4-0.43.0-16.35.2 * libpoppler60-0.43.0-16.35.2 * libpoppler-qt4-4-debuginfo-0.43.0-16.35.2 * poppler-tools-0.43.0-16.35.2 * libpoppler-glib8-0.43.0-16.35.2 * libpoppler60-debuginfo-0.43.0-16.35.2 * poppler-tools-debuginfo-0.43.0-16.35.2 * poppler-debugsource-0.43.0-16.35.2 * libpoppler-glib8-debuginfo-0.43.0-16.35.2 ## References: * https://www.suse.com/security/cve/CVE-2020-23804.html * https://www.suse.com/security/cve/CVE-2020-36024.html * https://www.suse.com/security/cve/CVE-2022-37050.html * https://www.suse.com/security/cve/CVE-2022-37051.html * https://www.suse.com/security/cve/CVE-2022-38349.html * https://bugzilla.suse.com/show_bug.cgi?id=1214257 * https://bugzilla.suse.com/show_bug.cgi?id=1214618 * https://bugzilla.suse.com/show_bug.cgi?id=1214621 * https://bugzilla.suse.com/show_bug.cgi?id=1214622 * https://bugzilla.suse.com/show_bug.cgi?id=1215422 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 5 12:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 05 Oct 2023 12:30:10 -0000 Subject: SUSE-SU-2023:3981-1: important: Security update for poppler Message-ID: <169650901088.8617.13704702926493986132@smelt2.prg2.suse.org> # Security update for poppler Announcement ID: SUSE-SU-2023:3981-1 Rating: important References: * #1214257 * #1214618 * #1214622 * #1215422 Cross-References: * CVE-2020-23804 * CVE-2020-36024 * CVE-2022-37050 * CVE-2022-38349 CVSS scores: * CVE-2020-23804 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2020-23804 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2020-36024 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2020-36024 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-37050 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-37050 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-38349 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2022-38349 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2020-23804: Fixed uncontrolled recursion in pdfinfo and pdftops (bsc#1215422). * CVE-2020-36024: Fixed NULL Pointer Deference in `FoFiType1C:convertToType1` (bsc#1214257). * CVE-2022-37050: Fixed denial-of-service via savePageAs in PDFDoc.c (bsc#1214622). * CVE-2022-38349: Fixed reachable assertion in Object.h that will lead to denial of service (bsc#1214618). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3981=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libpoppler44-0.24.4-14.36.2 * libpoppler44-debuginfo-0.24.4-14.36.2 ## References: * https://www.suse.com/security/cve/CVE-2020-23804.html * https://www.suse.com/security/cve/CVE-2020-36024.html * https://www.suse.com/security/cve/CVE-2022-37050.html * https://www.suse.com/security/cve/CVE-2022-38349.html * https://bugzilla.suse.com/show_bug.cgi?id=1214257 * https://bugzilla.suse.com/show_bug.cgi?id=1214618 * https://bugzilla.suse.com/show_bug.cgi?id=1214622 * https://bugzilla.suse.com/show_bug.cgi?id=1215422 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 5 12:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 05 Oct 2023 12:30:12 -0000 Subject: SUSE-RU-2023:3980-1: moderate: Recommended update for postfix Message-ID: <169650901281.8617.13620821584718925397@smelt2.prg2.suse.org> # Recommended update for postfix Announcement ID: SUSE-RU-2023:3980-1 Rating: moderate References: * #1215372 Affected Products: * Basesystem Module 15-SP5 * Legacy Module 15-SP5 * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one fix can now be installed. ## Description: This update for postfix fixes the following issues: * Script config.postfix causes too tight permission on main.cf (bsc#1215372) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3980=1 SUSE-2023-3980=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3980=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-3980=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-3980=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * postfix-devel-3.7.3-150500.3.8.1 * postfix-bdb-lmdb-debuginfo-3.7.3-150500.3.8.1 * postfix-ldap-3.7.3-150500.3.8.1 * postfix-3.7.3-150500.3.8.1 * postfix-postgresql-debuginfo-3.7.3-150500.3.8.1 * postfix-bdb-debuginfo-3.7.3-150500.3.8.1 * postfix-postgresql-3.7.3-150500.3.8.1 * postfix-mysql-3.7.3-150500.3.8.1 * postfix-ldap-debuginfo-3.7.3-150500.3.8.1 * postfix-mysql-debuginfo-3.7.3-150500.3.8.1 * postfix-debuginfo-3.7.3-150500.3.8.1 * postfix-debugsource-3.7.3-150500.3.8.1 * postfix-bdb-lmdb-3.7.3-150500.3.8.1 * postfix-bdb-3.7.3-150500.3.8.1 * postfix-bdb-debugsource-3.7.3-150500.3.8.1 * openSUSE Leap 15.5 (noarch) * postfix-doc-3.7.3-150500.3.8.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * postfix-devel-3.7.3-150500.3.8.1 * postfix-ldap-3.7.3-150500.3.8.1 * postfix-3.7.3-150500.3.8.1 * postfix-ldap-debuginfo-3.7.3-150500.3.8.1 * postfix-debugsource-3.7.3-150500.3.8.1 * postfix-debuginfo-3.7.3-150500.3.8.1 * Basesystem Module 15-SP5 (noarch) * postfix-doc-3.7.3-150500.3.8.1 * Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) * postfix-bdb-lmdb-debuginfo-3.7.3-150500.3.8.1 * postfix-bdb-debuginfo-3.7.3-150500.3.8.1 * postfix-bdb-lmdb-3.7.3-150500.3.8.1 * postfix-bdb-3.7.3-150500.3.8.1 * postfix-bdb-debugsource-3.7.3-150500.3.8.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * postfix-mysql-3.7.3-150500.3.8.1 * postfix-debugsource-3.7.3-150500.3.8.1 * postfix-debuginfo-3.7.3-150500.3.8.1 * postfix-mysql-debuginfo-3.7.3-150500.3.8.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215372 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 5 12:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 05 Oct 2023 12:30:14 -0000 Subject: SUSE-RU-2023:3979-1: moderate: Recommended update for mariadb Message-ID: <169650901414.8617.8267559358440836259@smelt2.prg2.suse.org> # Recommended update for mariadb Announcement ID: SUSE-RU-2023:3979-1 Rating: moderate References: Affected Products: * Galera for Ericsson 15 SP4 * Galera for Ericsson 15 SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that can now be installed. ## Description: This update for mariadb fixes the following issues: * Update mariadb to 10.6.15: https://mariadb.com/kb/en/mariadb-10-6-15-release-notes/ https://mariadb.com/kb/en/mariadb-10-6-15-changelog/ ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3979=1 openSUSE-SLE-15.4-2023-3979=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3979=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3979=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3979=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-3979=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-3979=1 * Galera for Ericsson 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-ERICSSON-2023-3979=1 * Galera for Ericsson 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-ERICSSON-2023-3979=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * mariadb-bench-10.6.15-150400.3.29.3 * mariadb-test-10.6.15-150400.3.29.3 * libmariadbd-devel-10.6.15-150400.3.29.3 * mariadb-tools-debuginfo-10.6.15-150400.3.29.3 * mariadb-rpm-macros-10.6.15-150400.3.29.3 * mariadb-debugsource-10.6.15-150400.3.29.3 * libmariadbd19-10.6.15-150400.3.29.3 * mariadb-client-10.6.15-150400.3.29.3 * mariadb-tools-10.6.15-150400.3.29.3 * libmariadbd19-debuginfo-10.6.15-150400.3.29.3 * mariadb-galera-10.6.15-150400.3.29.3 * mariadb-bench-debuginfo-10.6.15-150400.3.29.3 * mariadb-test-debuginfo-10.6.15-150400.3.29.3 * mariadb-client-debuginfo-10.6.15-150400.3.29.3 * mariadb-10.6.15-150400.3.29.3 * mariadb-debuginfo-10.6.15-150400.3.29.3 * openSUSE Leap 15.4 (noarch) * mariadb-errormessages-10.6.15-150400.3.29.3 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * mariadb-bench-10.6.15-150400.3.29.3 * mariadb-test-10.6.15-150400.3.29.3 * libmariadbd-devel-10.6.15-150400.3.29.3 * mariadb-tools-debuginfo-10.6.15-150400.3.29.3 * mariadb-rpm-macros-10.6.15-150400.3.29.3 * mariadb-debugsource-10.6.15-150400.3.29.3 * libmariadbd19-10.6.15-150400.3.29.3 * mariadb-client-10.6.15-150400.3.29.3 * mariadb-tools-10.6.15-150400.3.29.3 * libmariadbd19-debuginfo-10.6.15-150400.3.29.3 * mariadb-galera-10.6.15-150400.3.29.3 * mariadb-bench-debuginfo-10.6.15-150400.3.29.3 * mariadb-test-debuginfo-10.6.15-150400.3.29.3 * mariadb-client-debuginfo-10.6.15-150400.3.29.3 * mariadb-10.6.15-150400.3.29.3 * mariadb-debuginfo-10.6.15-150400.3.29.3 * openSUSE Leap 15.5 (noarch) * mariadb-errormessages-10.6.15-150400.3.29.3 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * mariadb-debugsource-10.6.15-150400.3.29.3 * mariadb-galera-10.6.15-150400.3.29.3 * mariadb-debuginfo-10.6.15-150400.3.29.3 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * mariadb-debugsource-10.6.15-150400.3.29.3 * mariadb-galera-10.6.15-150400.3.29.3 * mariadb-debuginfo-10.6.15-150400.3.29.3 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libmariadbd-devel-10.6.15-150400.3.29.3 * mariadb-tools-debuginfo-10.6.15-150400.3.29.3 * mariadb-debugsource-10.6.15-150400.3.29.3 * libmariadbd19-10.6.15-150400.3.29.3 * mariadb-client-10.6.15-150400.3.29.3 * mariadb-tools-10.6.15-150400.3.29.3 * libmariadbd19-debuginfo-10.6.15-150400.3.29.3 * mariadb-client-debuginfo-10.6.15-150400.3.29.3 * mariadb-10.6.15-150400.3.29.3 * mariadb-debuginfo-10.6.15-150400.3.29.3 * Server Applications Module 15-SP4 (noarch) * mariadb-errormessages-10.6.15-150400.3.29.3 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libmariadbd-devel-10.6.15-150400.3.29.3 * mariadb-tools-debuginfo-10.6.15-150400.3.29.3 * mariadb-debugsource-10.6.15-150400.3.29.3 * libmariadbd19-10.6.15-150400.3.29.3 * mariadb-client-10.6.15-150400.3.29.3 * mariadb-tools-10.6.15-150400.3.29.3 * libmariadbd19-debuginfo-10.6.15-150400.3.29.3 * mariadb-client-debuginfo-10.6.15-150400.3.29.3 * mariadb-10.6.15-150400.3.29.3 * mariadb-debuginfo-10.6.15-150400.3.29.3 * Server Applications Module 15-SP5 (noarch) * mariadb-errormessages-10.6.15-150400.3.29.3 * Galera for Ericsson 15 SP4 (x86_64) * galera-4-wsrep-provider-26.4.14-150300.1.14.1 * galera-4-debuginfo-26.4.14-150300.1.14.1 * mariadb-galera-10.6.15-150400.3.29.3 * galera-4-debugsource-26.4.14-150300.1.14.1 * galera-4-wsrep-provider-debuginfo-26.4.14-150300.1.14.1 * galera-4-26.4.14-150300.1.14.1 * Galera for Ericsson 15 SP5 (x86_64) * galera-4-wsrep-provider-26.4.14-150300.1.14.1 * galera-4-debuginfo-26.4.14-150300.1.14.1 * mariadb-debugsource-10.6.15-150400.3.29.3 * mariadb-galera-10.6.15-150400.3.29.3 * galera-4-debugsource-26.4.14-150300.1.14.1 * galera-4-wsrep-provider-debuginfo-26.4.14-150300.1.14.1 * galera-4-26.4.14-150300.1.14.1 * mariadb-debuginfo-10.6.15-150400.3.29.3 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 5 12:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 05 Oct 2023 12:30:16 -0000 Subject: SUSE-RU-2023:3978-1: moderate: Recommended update for nfs-utils Message-ID: <169650901670.8617.9614348521324455711@smelt2.prg2.suse.org> # Recommended update for nfs-utils Announcement ID: SUSE-RU-2023:3978-1 Rating: moderate References: * #1157881 * #1200710 * #1209859 * #1212594 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has four fixes can now be installed. ## Description: This update for nfs-utils fixes the following issues: * SLE15-SP5 and earlier don't use /usr/lib/modprobe.d (bsc#1200710) * Avoid unhelpful warnings (bsc#1157881) * Fix rpc.nfsd man pages (bsc#1209859) * Cope better with duplicate entries in /etc/exports (bsc#1212594) * Allow scope to be set in sysconfig: NFSD_SCOPE ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3978=1 openSUSE-SLE-15.5-2023-3978=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3978=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * nfs-kernel-server-2.1.1-150500.22.3.1 * nfs-client-2.1.1-150500.22.3.1 * nfs-doc-2.1.1-150500.22.3.1 * nfs-utils-debuginfo-2.1.1-150500.22.3.1 * nfs-kernel-server-debuginfo-2.1.1-150500.22.3.1 * nfs-utils-debugsource-2.1.1-150500.22.3.1 * nfs-client-debuginfo-2.1.1-150500.22.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * nfs-kernel-server-2.1.1-150500.22.3.1 * nfs-client-2.1.1-150500.22.3.1 * nfs-doc-2.1.1-150500.22.3.1 * nfs-utils-debuginfo-2.1.1-150500.22.3.1 * nfs-kernel-server-debuginfo-2.1.1-150500.22.3.1 * nfs-utils-debugsource-2.1.1-150500.22.3.1 * nfs-client-debuginfo-2.1.1-150500.22.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1157881 * https://bugzilla.suse.com/show_bug.cgi?id=1200710 * https://bugzilla.suse.com/show_bug.cgi?id=1209859 * https://bugzilla.suse.com/show_bug.cgi?id=1212594 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 5 12:30:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 05 Oct 2023 12:30:18 -0000 Subject: SUSE-RU-2023:3977-1: important: Maintenance update for SUSE Manager 4.3.8 Release Notes Message-ID: <169650901871.8617.14885392984672830902@smelt2.prg2.suse.org> # Maintenance update for SUSE Manager 4.3.8 Release Notes Announcement ID: SUSE-RU-2023:3977-1 Rating: important References: * #1210253 * #1215820 * #1215857 * MSQA-704 Affected Products: * openSUSE Leap 15.4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature and has three fixes can now be installed. ## Recommended update for SUSE Manager Proxy and Retail Branch Server 4.3 ### Description: This update fixes the following issues: release-notes-susemanager-proxy: * Update to SUSE Manager 4.3.8.2 * Bugs mentioned bsc#1210253, bsc#1215820 ## Recommended update for SUSE Manager Server 4.3 ### Description: This update fixes the following issues: release-notes-susemanager: * Update to SUSE Manager 4.3.8.2 * Bugs mentioned bsc#1215857, bsc#1210253, bsc#1215820 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2023-3977=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2023-3977=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2023-3977=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3977=1 ## Package List: * SUSE Manager Proxy 4.3 (noarch) * release-notes-susemanager-proxy-4.3.8.2-150400.3.64.3 * SUSE Manager Retail Branch Server 4.3 (noarch) * release-notes-susemanager-proxy-4.3.8.2-150400.3.64.3 * SUSE Manager Server 4.3 (noarch) * release-notes-susemanager-4.3.8.2-150400.3.83.3 * openSUSE Leap 15.4 (noarch) * release-notes-susemanager-4.3.8.2-150400.3.83.3 * release-notes-susemanager-proxy-4.3.8.2-150400.3.64.3 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210253 * https://bugzilla.suse.com/show_bug.cgi?id=1215820 * https://bugzilla.suse.com/show_bug.cgi?id=1215857 * https://jira.suse.com/browse/MSQA-704 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 5 12:30:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 05 Oct 2023 12:30:20 -0000 Subject: SUSE-RU-2023:3976-1: important: Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server Message-ID: <169650902071.8617.972667464503172482@smelt2.prg2.suse.org> # Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server Announcement ID: SUSE-RU-2023:3976-1 Rating: important References: * #1210253 * #1215820 * #1215857 * MSQA-704 Affected Products: * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 Module 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 Module 4.3 An update that contains one feature and has three fixes can now be installed. ## Recommended update for SUSE Manager Proxy and Retail Branch Server 4.3 ### Description: This update fixes the following issues: spacewalk-web: * Version 4.3.34-1 * Fix datetimepicker erroneously updating the date field (bsc#1210253, bsc#1215820) How to apply this update: 1. Log in as root user to the SUSE Manager Proxy or Retail Branch Server. 2. Stop the proxy service: `spacewalk-proxy stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-proxy start` ## Recommended update for SUSE Manager Server 4.3 ### Description: This update fixes the following issues: spacewalk-java: * Version 4.3.67-1 * Do not call SCC when updating the repositories authentication for PAYG (bsc#1215857) spacewalk-web: * Version 4.3.34-1 * Fix datetimepicker erroneously updating the date field (bsc#1210253, bsc#1215820) How to apply this update: 1. Log in as root user to the SUSE Manager Server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Proxy 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2023-3976=1 * SUSE Manager Server 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-3976=1 ## Package List: * SUSE Manager Proxy 4.3 Module 4.3 (noarch) * spacewalk-base-minimal-config-4.3.34-150400.3.30.4 * spacewalk-base-minimal-4.3.34-150400.3.30.4 * SUSE Manager Server 4.3 Module 4.3 (noarch) * spacewalk-base-minimal-config-4.3.34-150400.3.30.4 * spacewalk-base-4.3.34-150400.3.30.4 * spacewalk-html-4.3.34-150400.3.30.4 * spacewalk-java-lib-4.3.67-150400.3.63.4 * spacewalk-taskomatic-4.3.67-150400.3.63.4 * spacewalk-java-4.3.67-150400.3.63.4 * spacewalk-base-minimal-4.3.34-150400.3.30.4 * spacewalk-java-config-4.3.67-150400.3.63.4 * spacewalk-java-postgresql-4.3.67-150400.3.63.4 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210253 * https://bugzilla.suse.com/show_bug.cgi?id=1215820 * https://bugzilla.suse.com/show_bug.cgi?id=1215857 * https://jira.suse.com/browse/MSQA-704 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 5 12:30:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 05 Oct 2023 12:30:23 -0000 Subject: SUSE-SU-2023:3975-1: important: Security update for python-gevent Message-ID: <169650902358.8617.680056277156108469@smelt2.prg2.suse.org> # Security update for python-gevent Announcement ID: SUSE-SU-2023:3975-1 Rating: important References: * #1215469 Cross-References: * CVE-2023-41419 CVSS scores: * CVE-2023-41419 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-41419 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 12 SP4 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability can now be installed. ## Description: This update for python-gevent fixes the following issues: * CVE-2023-41419: Fixed a http request smuggling (bsc#1215469). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-3975=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-3975=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * python-gevent-debugsource-1.3.5-3.3.1 * python-gevent-1.3.5-3.3.1 * python-gevent-debuginfo-1.3.5-3.3.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * python-gevent-debugsource-1.3.5-3.3.1 * python-gevent-1.3.5-3.3.1 * python-gevent-debuginfo-1.3.5-3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41419.html * https://bugzilla.suse.com/show_bug.cgi?id=1215469 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 5 12:30:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 05 Oct 2023 12:30:22 -0000 Subject: SUSE-RU-2023:3663-2: important: Recommended update for perl-Bootloader Message-ID: <169650902223.8617.17515414550849311183@smelt2.prg2.suse.org> # Recommended update for perl-Bootloader Announcement ID: SUSE-RU-2023:3663-2 Rating: important References: * #1215064 Affected Products: * SUSE Linux Enterprise Micro 5.5 An update that has one fix can now be installed. ## Description: This update for perl-Bootloader fixes the following issues: * bootloader_entry script can have an optional 'force-default' argument (bsc#1215064) * skip warning about unsupported options when in compat mode ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-3663=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * perl-Bootloader-0.945-150400.3.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215064 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 5 12:30:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 05 Oct 2023 12:30:25 -0000 Subject: SUSE-RU-2023:3974-1: moderate: Recommended update for lvm2 Message-ID: <169650902531.8617.156456754427045689@smelt2.prg2.suse.org> # Recommended update for lvm2 Announcement ID: SUSE-RU-2023:3974-1 Rating: moderate References: * #1214071 Affected Products: * SUSE Linux Enterprise High Availability Extension 12 SP5 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that has one fix can now be installed. ## Description: This update for lvm2 fixes the following issues: * blkdeactivate calls wrong mountpoint cmd (bsc#1214071) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3974=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3974=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3974=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3974=1 SUSE-SLE- HA-12-SP5-2023-3974=1 * SUSE Linux Enterprise High Availability Extension 12 SP5 zypper in -t patch SUSE-SLE-HA-12-SP5-2023-3974=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * lvm2-debuginfo-2.02.188-12.9.4 * lvm2-debugsource-2.02.188-12.9.4 * lvm2-devel-2.02.188-12.9.4 * device-mapper-devel-1.02.172-12.9.4 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * lvm2-debuginfo-2.02.188-12.9.4 * device-mapper-debuginfo-1.02.172-12.9.4 * lvm2-debugsource-2.02.188-12.9.4 * device-mapper-1.02.172-12.9.4 * lvm2-2.02.188-12.9.4 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * device-mapper-debuginfo-32bit-1.02.172-12.9.4 * device-mapper-32bit-1.02.172-12.9.4 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * lvm2-debuginfo-2.02.188-12.9.4 * device-mapper-debuginfo-1.02.172-12.9.4 * lvm2-debugsource-2.02.188-12.9.4 * device-mapper-1.02.172-12.9.4 * lvm2-2.02.188-12.9.4 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * device-mapper-debuginfo-32bit-1.02.172-12.9.4 * device-mapper-32bit-1.02.172-12.9.4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * lvm2-cmirrord-2.02.188-12.9.4 * lvm2-cmirrord-debuginfo-2.02.188-12.9.4 * lvm2-debuginfo-2.02.188-12.9.4 * lvm2-clvm-debuginfo-2.02.188-12.9.4 * device-mapper-debuginfo-1.02.172-12.9.4 * lvm2-debugsource-2.02.188-12.9.4 * lvm2-clvm-2.02.188-12.9.4 * device-mapper-1.02.172-12.9.4 * lvm2-2.02.188-12.9.4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * device-mapper-debuginfo-32bit-1.02.172-12.9.4 * device-mapper-32bit-1.02.172-12.9.4 * SUSE Linux Enterprise High Availability Extension 12 SP5 (ppc64le s390x x86_64) * lvm2-cmirrord-2.02.188-12.9.4 * lvm2-cmirrord-debuginfo-2.02.188-12.9.4 * lvm2-debuginfo-2.02.188-12.9.4 * lvm2-clvm-debuginfo-2.02.188-12.9.4 * lvm2-debugsource-2.02.188-12.9.4 * lvm2-clvm-2.02.188-12.9.4 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214071 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 5 12:30:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 05 Oct 2023 12:30:26 -0000 Subject: SUSE-RU-2023:3973-1: moderate: Recommended update for zypper Message-ID: <169650902697.8617.12894824764020606261@smelt2.prg2.suse.org> # Recommended update for zypper Announcement ID: SUSE-RU-2023:3973-1 Rating: moderate References: * #1213854 * #1214292 * #1214395 * #1215007 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has four fixes can now be installed. ## Description: This update for zypper fixes the following issues: * Fix name of the bash completion script (bsc#1215007) * Update notes about failing signature checks (bsc#1214395) * Improve the SIGINT handler to be signal safe (bsc#1214292) * Update to version 1.14.64 * Changed location of bash completion script (bsc#1213854). ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3973=1 SUSE-2023-3973=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3973=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3973=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3973=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3973=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3973=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3973=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3973=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * zypper-debugsource-1.14.64-150400.3.32.1 * zypper-1.14.64-150400.3.32.1 * zypper-debuginfo-1.14.64-150400.3.32.1 * openSUSE Leap 15.4 (noarch) * zypper-aptitude-1.14.64-150400.3.32.1 * zypper-log-1.14.64-150400.3.32.1 * zypper-needs-restarting-1.14.64-150400.3.32.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * zypper-debugsource-1.14.64-150400.3.32.1 * zypper-1.14.64-150400.3.32.1 * zypper-debuginfo-1.14.64-150400.3.32.1 * openSUSE Leap 15.5 (noarch) * zypper-aptitude-1.14.64-150400.3.32.1 * zypper-log-1.14.64-150400.3.32.1 * zypper-needs-restarting-1.14.64-150400.3.32.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * zypper-debugsource-1.14.64-150400.3.32.1 * zypper-1.14.64-150400.3.32.1 * zypper-debuginfo-1.14.64-150400.3.32.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * zypper-needs-restarting-1.14.64-150400.3.32.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * zypper-debugsource-1.14.64-150400.3.32.1 * zypper-1.14.64-150400.3.32.1 * zypper-debuginfo-1.14.64-150400.3.32.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * zypper-needs-restarting-1.14.64-150400.3.32.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * zypper-debugsource-1.14.64-150400.3.32.1 * zypper-1.14.64-150400.3.32.1 * zypper-debuginfo-1.14.64-150400.3.32.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * zypper-needs-restarting-1.14.64-150400.3.32.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * zypper-debugsource-1.14.64-150400.3.32.1 * zypper-1.14.64-150400.3.32.1 * zypper-debuginfo-1.14.64-150400.3.32.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * zypper-needs-restarting-1.14.64-150400.3.32.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * zypper-debugsource-1.14.64-150400.3.32.1 * zypper-1.14.64-150400.3.32.1 * zypper-debuginfo-1.14.64-150400.3.32.1 * Basesystem Module 15-SP4 (noarch) * zypper-log-1.14.64-150400.3.32.1 * zypper-needs-restarting-1.14.64-150400.3.32.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * zypper-debugsource-1.14.64-150400.3.32.1 * zypper-1.14.64-150400.3.32.1 * zypper-debuginfo-1.14.64-150400.3.32.1 * Basesystem Module 15-SP5 (noarch) * zypper-log-1.14.64-150400.3.32.1 * zypper-needs-restarting-1.14.64-150400.3.32.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213854 * https://bugzilla.suse.com/show_bug.cgi?id=1214292 * https://bugzilla.suse.com/show_bug.cgi?id=1214395 * https://bugzilla.suse.com/show_bug.cgi?id=1215007 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 5 12:35:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Oct 2023 14:35:57 +0200 (CEST) Subject: SUSE-CU-2023:3270-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20231005123557.747AFFCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3270-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.222 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.222 Severity : important Type : security References : 1211078 1214922 1214924 1214925 1215004 1215006 1215033 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 CVE-2023-4733 CVE-2023-4734 CVE-2023-4735 CVE-2023-4738 CVE-2023-4752 CVE-2023-4781 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3955-1 Released: Tue Oct 3 21:27:58 2023 Summary: Security update for vim Type: security Severity: important References: 1214922,1214924,1214925,1215004,1215006,1215033,CVE-2023-4733,CVE-2023-4734,CVE-2023-4735,CVE-2023-4738,CVE-2023-4752,CVE-2023-4781 This update for vim fixes the following issues: Security fixes: - CVE-2023-4733: Fixed use-after-free in function buflist_altfpos (bsc#1215004). - CVE-2023-4734: Fixed segmentation fault in function f_fullcommand (bsc#1214925). - CVE-2023-4735: Fixed out of bounds write in ops.c (bsc#1214924). - CVE-2023-4738: Fixed heap buffer overflow in vim_regsub_both (bsc#1214922). - CVE-2023-4752: Fixed heap use-after-free in function ins_compl_get_exp (bsc#1215006). - CVE-2023-4781: Fixed heap buffer overflow in function vim_regsub_both (bsc#1215033). Other fixes: - Update to version 9.0 with patch level 1894, for the complete list of changes see https://github.com/vim/vim/compare/v9.0.1443...v9.0.1894 - Use app icons generated from vimlogo.eps in the source tarball; add higher resolution icons of sizes 128x128, 256x256, and 512x512 as png sources The following package changes have been done: - libeconf0-0.5.2-150400.3.6.1 updated - vim-data-common-9.0.1894-150000.5.54.1 updated - vim-9.0.1894-150000.5.54.1 updated - container:sles15-image-15.0.0-27.14.102 updated From sle-updates at lists.suse.com Thu Oct 5 12:36:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Oct 2023 14:36:50 +0200 (CEST) Subject: SUSE-CU-2023:3271-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20231005123650.A2E51FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3271-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.120 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.120 Severity : important Type : security References : 1211078 1214922 1214924 1214925 1215004 1215006 1215033 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 CVE-2023-4733 CVE-2023-4734 CVE-2023-4735 CVE-2023-4738 CVE-2023-4752 CVE-2023-4781 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3955-1 Released: Tue Oct 3 21:27:58 2023 Summary: Security update for vim Type: security Severity: important References: 1214922,1214924,1214925,1215004,1215006,1215033,CVE-2023-4733,CVE-2023-4734,CVE-2023-4735,CVE-2023-4738,CVE-2023-4752,CVE-2023-4781 This update for vim fixes the following issues: Security fixes: - CVE-2023-4733: Fixed use-after-free in function buflist_altfpos (bsc#1215004). - CVE-2023-4734: Fixed segmentation fault in function f_fullcommand (bsc#1214925). - CVE-2023-4735: Fixed out of bounds write in ops.c (bsc#1214924). - CVE-2023-4738: Fixed heap buffer overflow in vim_regsub_both (bsc#1214922). - CVE-2023-4752: Fixed heap use-after-free in function ins_compl_get_exp (bsc#1215006). - CVE-2023-4781: Fixed heap buffer overflow in function vim_regsub_both (bsc#1215033). Other fixes: - Update to version 9.0 with patch level 1894, for the complete list of changes see https://github.com/vim/vim/compare/v9.0.1443...v9.0.1894 - Use app icons generated from vimlogo.eps in the source tarball; add higher resolution icons of sizes 128x128, 256x256, and 512x512 as png sources The following package changes have been done: - libeconf0-0.5.2-150400.3.6.1 updated - vim-data-common-9.0.1894-150000.5.54.1 updated - vim-9.0.1894-150000.5.54.1 updated - container:sles15-image-15.0.0-27.14.102 updated From sle-updates at lists.suse.com Thu Oct 5 12:40:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Oct 2023 14:40:31 +0200 (CEST) Subject: SUSE-CU-2023:3272-1: Security update of suse/sle15 Message-ID: <20231005124031.76623FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3272-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.825 Container Release : 6.2.825 Severity : moderate Type : security References : 1213853 CVE-2023-3817 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3958-1 Released: Wed Oct 4 09:16:06 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) The following package changes have been done: - libopenssl1_1-1.1.0i-150100.14.65.6 updated - openssl-1_1-1.1.0i-150100.14.65.6 updated From sle-updates at lists.suse.com Thu Oct 5 16:30:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 05 Oct 2023 16:30:21 -0000 Subject: SUSE-SU-2023:3988-1: important: Security update for the Linux Kernel Message-ID: <169652342192.12971.5342276318519186502@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:3988-1 Rating: important References: * #1023051 * #1065729 * #1120059 * #1177719 * #1187236 * #1188885 * #1193629 * #1194869 * #1203329 * #1203330 * #1205462 * #1206453 * #1208902 * #1208949 * #1208995 * #1209284 * #1209799 * #1210048 * #1210169 * #1210448 * #1210643 * #1211220 * #1212091 * #1212142 * #1212423 * #1212526 * #1212857 * #1212873 * #1213026 * #1213123 * #1213546 * #1213580 * #1213601 * #1213666 * #1213733 * #1213757 * #1213759 * #1213916 * #1213921 * #1213927 * #1213946 * #1213949 * #1213968 * #1213970 * #1213971 * #1214000 * #1214019 * #1214073 * #1214120 * #1214149 * #1214180 * #1214233 * #1214238 * #1214285 * #1214297 * #1214299 * #1214305 * #1214350 * #1214368 * #1214370 * #1214371 * #1214372 * #1214380 * #1214386 * #1214392 * #1214393 * #1214397 * #1214404 * #1214428 * #1214451 * #1214635 * #1214659 * #1214661 * #1214727 * #1214729 * #1214742 * #1214743 * #1214756 * #1214813 * #1214873 * #1214928 * #1214976 * #1214988 * #1215123 * #1215124 * #1215148 * #1215221 * #1215523 * PED-2023 * PED-2025 * PED-3924 * PED-4579 * PED-4759 * PED-4927 * PED-4929 * PED-5738 * PED-6003 * PED-6004 Cross-References: * CVE-2022-38457 * CVE-2022-40133 * CVE-2023-1192 * CVE-2023-1859 * CVE-2023-2007 * CVE-2023-20588 * CVE-2023-2177 * CVE-2023-34319 * CVE-2023-3610 * CVE-2023-37453 * CVE-2023-3772 * CVE-2023-3863 * CVE-2023-40283 * CVE-2023-4128 * CVE-2023-4133 * CVE-2023-4134 * CVE-2023-4147 * CVE-2023-4194 * CVE-2023-4273 * CVE-2023-4387 * CVE-2023-4459 * CVE-2023-4563 * CVE-2023-4569 * CVE-2023-4881 CVSS scores: * CVE-2022-38457 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-38457 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H * CVE-2022-40133 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-40133 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H * CVE-2023-1192 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1859 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L * CVE-2023-1859 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2007 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2007 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-20588 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20588 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2177 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2177 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34319 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-34319 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3610 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3610 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-37453 ( SUSE ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-37453 ( NVD ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3772 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3772 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3863 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-40283 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-40283 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4128 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4128 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4133 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4133 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4134 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4147 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4147 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4194 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-4194 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2023-4273 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4273 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-4387 ( SUSE ): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4387 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-4459 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4569 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-4569 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-4881 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-4881 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Real Time Module 15-SP5 An update that solves 24 vulnerabilities, contains 10 features and has 64 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2022-38457: Fixed a use-after-free vulnerability in vmwgfx driver that allowed a local attacker to cause a denial of service (bsc#1203330). * CVE-2022-40133: Fixed a use-after-free vulnerability in vmwgfx driver that allowed a local attacker to cause a denial of service (bsc#1203329). * CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995 CVE-2023-1192). * CVE-2023-1859: Fixed a use-after-free flaw in xen_9pfs_front_removet that could lead to system crash and kernel information leak (bsc#1210169). * CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448). * CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927). * CVE-2023-2177: Fixed null pointer dereference issue in the sctp network protocol that could lead to system crash or DoS (bsc#1210643). * CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546). * CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580). * CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123). * CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666). * CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). * CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233). * CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149). * CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970). * CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971). * CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968). * CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019). * CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120). * CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350). * CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451). * CVE-2023-4563: Fixed use-after-free in nft_verdict_dump due to a race between set GC and transaction (bsc#1214727). * CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c (bsc#1214729). * CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). The following non-security bugs were fixed: * ACPI/IORT: Update SMMUv3 DeviceID support (bsc#1214305). * ACPI: processor: perflib: Avoid updating frequency QoS unnecessarily (git- fixes). * ACPI: processor: perflib: Use the "no limit" frequency QoS (git-fixes). * ACPI: x86: s2idle: Fix a logic error parsing AMD constraints table (git- fixes). * ALSA: ac97: Fix possible error value of *rac97 (git-fixes). * ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs (git- fixes). * ALSA: hda/cs8409: Support new Dell Dolphin Variants (git-fixes). * ALSA: hda/realtek - Remodified 3k pull low procedure (git-fixes). * ALSA: hda/realtek: Add quirk for HP Victus 16-d1xxx to enable mute LED (git- fixes). * ALSA: hda/realtek: Add quirk for mute LEDs on HP ENVY x360 15-eu0xxx (git- fixes). * ALSA: hda/realtek: Add quirks for HP G11 Laptops (git-fixes). * ALSA: hda/realtek: Switch Dell Oasis models to use SPI (git-fixes). * ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl (git-fixes). * ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces (git-fixes). * ALSA: usb-audio: Fix init call orders for UAC1 (git-fixes). * ALSA: ymfpci: Fix the missing snd_card_free() call at probe error (git- fixes). * ARM: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix USB related warnings (git-fixes). * ARM: dts: imx6sll: fixup of operating points (git-fixes). * ARM: pxa: remove use of symbol_get() (git-fixes). * ARM: spear: Do not use timer namespace for timer_shutdown() function (bsc#1213970). * ASoC: SOF: Intel: fix SoundWire/HDaudio mutual exclusion (git-fixes). * ASoC: amd: yc: Fix a non-functional mic on Lenovo 82SJ (git-fixes). * ASoC: lower "no backend DAIs enabled for ... Port" log severity (git-fixes). * ASoC: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes). * ASoC: rt5665: add missed regulator_bulk_disable (git-fixes). * ASoC: stac9766: fix build errors with REGMAP_AC97 (git-fixes). * ASoC: tegra: Fix SFC conversion for few rates (git-fixes). * Bluetooth: Fix potential use-after-free when clear keys (git-fixes). * Bluetooth: L2CAP: Fix use-after-free (git-fixes). * Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (git-fixes). * Bluetooth: Remove unused declaration amp_read_loc_info() (git-fixes). * Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (git-fixes). * Bluetooth: btusb: Add MT7922 bluetooth ID for the Asus Ally (git-fixes). * Bluetooth: btusb: Do not call kfree_skb() under spin_lock_irqsave() (git- fixes). * Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git- fixes). * CONFIG_NVME_VERBOSE_ERRORS=y gone with a82baa8083b * CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13 gone with 7e152d55123 * Documentation: devices.txt: Fix minors for ttyCPM* (git-fixes). * Documentation: devices.txt: Remove ttyIOC* (git-fixes). * Documentation: devices.txt: Remove ttySIOC* (git-fixes). * Drivers: hv: Do not remap addresses that are above shared_gpa_boundary (bsc#1206453). * Drivers: hv: Enable vmbus driver for nested root partition (bsc#1206453). * Drivers: hv: Explicitly request decrypted in vmap_pfn() calls (bsc#1206453). * Drivers: hv: Setup synic registers in case of nested root partition (bsc#1206453). * Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (bsc#1206453). * Drivers: hv: vmbus: Remove second mapping of VMBus monitor pages (bsc#1206453). * Drivers: hv: vmbus: Remove second way of mapping ring buffers (bsc#1206453). * Drivers: hv: vmbus: Remove the per-CPU post_msg_page (bsc#1206453). * Drop amdgpu patch causing spamming (bsc#1215523) * Drop cfg80211 lock fix patches that caused a regression (bsc#1213757) * Drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428) * Enable Analog Devices Industrial Ethernet PHY driver (jsc#PED-4759) * HID: add quirk for 03f0:464a HP Elite Presenter Mouse (git-fixes). * HID: logitech-dj: Fix error handling in logi_dj_recv_switch_to_dj_mode() (git-fixes). * HID: logitech-hidpp: Add USB and Bluetooth IDs for the Logitech G915 TKL Keyboard (git-fixes). * HID: multitouch: Correct devm device reference for hidinput input_dev name (git-fixes). * HID: wacom: remove the battery when the EKR is off (git-fixes). * HWPOISON: offline support: fix spelling in Documentation/ABI/ (git-fixes). * IB/hfi1: Fix possible panic during hotplug remove (git-fixes) * IB/uverbs: Fix an potential error pointer dereference (git-fixes) * Input: exc3000 - properly stop timer on shutdown (git-fixes). * Input: tca6416-keypad - fix interrupt enable disbalance (git-fixes). * KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git- fixes). * KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes). * KVM: s390: fix sthyi error handling (git-fixes bsc#1214370). * Kbuild: add -Wno-shift-negative-value where -Wextra is used (bsc#1214756). * Kbuild: move to -std=gnu11 (bsc#1214756). * PCI/ASPM: Avoid link retraining race (git-fixes). * PCI/ASPM: Factor out pcie_wait_for_retrain() (git-fixes). * PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link() (git-fixes). * PCI: Free released resource after coalescing (git-fixes). * PCI: Mark NVIDIA T4 GPUs to avoid bus reset (git-fixes). * PCI: acpiphp: Reassign resources on bridge if necessary (git-fixes). * PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus (git-fixes). * PCI: hv: Enable PCI pass-thru devices in Confidential VMs (bsc#1206453). * PCI: hv: Replace retarget_msi_interrupt_params with (bsc#1206453). * PCI: meson: Remove cast between incompatible function type (git-fixes). * PCI: microchip: Correct the DED and SEC interrupt bit offsets (git-fixes). * PCI: microchip: Remove cast between incompatible function type (git-fixes). * PCI: pciehp: Use RMW accessors for changing LNKCTL (git-fixes). * PCI: rockchip: Remove writes to unused registers (git-fixes). * PCI: s390: Fix use-after-free of PCI resources with per-function hotplug (git-fixes). * PCI: tegra194: Fix possible array out of bounds access (git-fixes). * PM / devfreq: Fix leak in devfreq_dev_release() (git-fixes). * RDMA/bnxt_re: Fix error handling in probe failure path (git-fixes) * RDMA/bnxt_re: Fix max_qp count for virtual functions (git-fixes) * RDMA/efa: Fix wrong resources deallocation order (git-fixes) * RDMA/hns: Fix CQ and QP cache affinity (git-fixes) * RDMA/hns: Fix incorrect post-send with direct wqe of wr-list (git-fixes) * RDMA/hns: Fix port active speed (git-fixes) * RDMA/irdma: Prevent zero-length STAG registration (git-fixes) * RDMA/irdma: Replace one-element array with flexible-array member (git-fixes) * RDMA/mlx5: Return the firmware result upon destroying QP/RQ (git-fixes) * RDMA/qedr: Remove a duplicate assignment in irdma_query_ah() (git-fixes) * RDMA/siw: Balance the reference of cep->kref in the error path (git-fixes) * RDMA/siw: Correct wrong debug message (git-fixes) * RDMA/umem: Set iova in ODP flow (git-fixes) * README.BRANCH: Add Miroslav Franc as a SLE15-SP4 co-maintainer. * Revert "IB/isert: Fix incorrect release of isert connection" (git-fixes) * Revert "PCI: Mark NVIDIA T4 GPUs to avoid bus reset" (git-fixes). * Revert "scsi: qla2xxx: Fix buffer overrun" (bsc#1214928). * Revert "tracing: Add "(fault)" name injection to kernel probes" (git-fixes). * Update patches.suse/cpufreq-intel_pstate-Fix-cpu-pstate.turbo_freq- initi.patch (git-fixes bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). * amba: bus: fix refcount leak (git-fixes). * arm64/hyperv: Use CPUHP_AP_HYPERV_ONLINE state to fix CPU online sequencing (bsc#1206453). * arm64: csum: Fix OoB access in IP checksum code for negative lengths (git- fixes). * arm64: dts: imx8mn-var-som: add missing pull-up for onboard PHY reset pinmux (git-fixes). * arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (git-fixes). * arm64: dts: rockchip: Disable HS400 for eMMC on ROCK Pi 4 (git-fixes). * ata: libata: disallow dev-initiated LPM transitions to unsupported states (git-fixes). * ata: pata_falcon: fix IO base selection for Q40 (git-fixes). * ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes). * ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes). * audit: fix possible soft lockup in __audit_inode_child() (git-fixes). * backlight/bd6107: Compare against struct fb_info.device (git-fixes). * backlight/gpio_backlight: Compare against struct fb_info.device (git-fixes). * backlight/lv5207lp: Compare against struct fb_info.device (git-fixes). * backlight: gpio_backlight: Drop output GPIO direction check for initial power state (git-fixes). * batman-adv: Do not get eth header before batadv_check_management_packet (git-fixes). * batman-adv: Do not increase MTU when set by user (git-fixes). * batman-adv: Fix TT global entry leak when client roamed back (git-fixes). * batman-adv: Fix batadv_v_ogm_aggr_send memory leak (git-fixes). * batman-adv: Hold rtnl lock during MTU update via netlink (git-fixes). * batman-adv: Trigger events for auto adjusted MTU (git-fixes). * bnx2x: fix page fault following EEH recovery (bsc#1214299). * bpf: Clear the probe_addr for uprobe (git-fixes). * bpf: Disable preemption in bpf_event_output (git-fixes). * bpftool: Print newline before '}' for struct with padding only fields (bsc#1211220 jsc#PED-3924). * btrfs: do not hold CPU for too long when defragging a file (bsc#1214988). * bus: mhi: host: Skip MHI reset if device is in RDDM (git-fixes). * bus: ti-sysc: Fix build warning for 64-bit build (git-fixes). * bus: ti-sysc: Fix cast to enum warning (git-fixes). * bus: ti-sysc: Flush posted write on enable before reset (git-fixes). * can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM (git-fixes). * ceph: defer stopping mdsc delayed_work (bsc#1214392). * ceph: do not check for quotas on MDS stray dirs (bsc#1214238). * ceph: never send metrics if disable_send_metrics is set (bsc#1214180). * check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380). gcc7 on SLE 15 does not support this while later gcc does. * cifs: add missing return value check for cifs_sb_tlink (bsc#1193629). * cifs: allow dumping keys for directories too (bsc#1193629). * cifs: fix mid leak during reconnection after timeout threshold (git-fixes). * cifs: if deferred close is disabled then close files immediately (git- fixes). * cifs: is_network_name_deleted should return a bool (bsc#1193629). * cifs: update internal module version number for cifs.ko (bsc#1193629). * clk: Fix slab-out-of-bounds error in devm_clk_release() (git-fixes). * clk: Fix undefined reference to `clk_rate_exclusive_{get,put}' (git-fixes). * clk: imx8mp: fix sai4 clock (git-fixes). * clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op (git-fixes). * clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz (git- fixes). * clk: qcom: camcc-sc7180: fix async resume during probe (git-fixes). * clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (git-fixes). * clk: qcom: gcc-sc7180: Fix up gcc_sdcc2_apps_clk_src (git-fixes). * clk: qcom: gcc-sm8250: Fix gcc_sdcc2_apps_clk_src (git-fixes). * clk: sunxi-ng: Modify mismatched function name (git-fixes). * clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function (bsc#1213970). * clocksource/drivers/hyper-v: Rework clocksource and sched clock setup (bsc#1206453). * clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function (bsc#1213970). * clocksource: hyper-v: Add TSC page support for root partition (bsc#1206453). * clocksource: hyper-v: Introduce TSC PFN getter (bsc#1206453). * clocksource: hyper-v: Introduce a pointer to TSC page (bsc#1206453). * clocksource: hyper-v: Use TSC PFN getter to map vvar page (bsc#1206453). * clocksource: hyper-v: make sure Invariant-TSC is used if it is (bsc#1206453). * cpu/SMT: Allow enabling partial SMT states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/SMT: Create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/SMT: Move SMT prototypes into cpu_smt.h (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/SMT: Move smt/control simple exit cases earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/SMT: Remove topology_smt_supported() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpu/SMT: Store the current/max number of threads (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * cpufreq: Fix the race condition while updating the transition_task of policy (git-fixes). * cpufreq: intel_pstate: Adjust balance_performance EPP for Sapphire Rapids (bsc#1214659). * cpufreq: intel_pstate: Enable HWP IO boost for all servers (bsc#1208949 jsc#PED-6003 jsc#PED-6004). * cpufreq: intel_pstate: Fix scaling for hybrid-capable systems with disabled E-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). * cpufreq: intel_pstate: Read all MSRs on the target CPU (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). * cpufreq: intel_pstate: hybrid: Rework HWP calibration (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). * cpufreq: intel_pstate: hybrid: Use known scaling factor for P-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). * crypto: caam - fix unchecked return value error (git-fixes). * crypto: stm32 - Properly handle pm_runtime_get failing (git-fixes). * define more Hyper-V related constants (bsc#1206453). * dma-buf/sw_sync: Avoid recursive lock during fence signal (git-fixes). * dma-buf/sync_file: Fix docs syntax (git-fixes). * dmaengine: idxd: Modify the dependence of attribute pasid_enabled (git- fixes). * dmaengine: mcf-edma: Fix a potential un-allocated memory access (git-fixes). * dmaengine: pl330: Return DMA_PAUSED when transaction is paused (git-fixes). * dmaengine: ste_dma40: Add missing IRQ check in d40_probe (git-fixes). * docs/process/howto: Replace C89 with C11 (bsc#1214756). * docs: kernel-parameters: Refer to the correct bitmap function (git-fixes). * docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx (git-fixes). * docs: printk-formats: Fix hex printing of signed values (git-fixes). * driver core: test_async: fix an error code (git-fixes). * drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init() (git- fixes). * drivers: usb: smsusb: fix error handling code in smsusb_init_device (git- fixes). * drm/amd/display: Add smu write msg id fail retry process (git-fixes). * drm/amd/display: Apply 60us prefetch for DCFCLK <= 300Mhz (git-fixes). * drm/amd/display: Disable phantom OTG after enable for plane disable (git- fixes). * drm/amd/display: Do not set drr on pipe commit (git-fixes). * drm/amd/display: Enable dcn314 DPP RCO (git-fixes). * drm/amd/display: Ensure that planes are in the same order (git-fixes). * drm/amd/display: Implement workaround for writing to OTG_PIXEL_RATE_DIV register (git-fixes). * drm/amd/display: Remove wait while locked (git-fixes). * drm/amd/display: Retain phantom plane/stream if validation fails (git- fixes). * drm/amd/display: Skip DPP DTO update if root clock is gated (git-fixes). * drm/amd/display: Use update plane and stream routine for DCN32x (git-fixes). * drm/amd/display: check TG is non-null before checking if enabled (git- fixes). * drm/amd/display: check attr flag before set cursor degamma on DCN3+ (git- fixes). * drm/amd/display: disable RCO for DCN314 (git-fixes). * drm/amd/display: do not wait for mpc idle if tg is disabled (git-fixes). * drm/amd/display: enable cursor degamma for DCN3+ DRM legacy gamma (git- fixes). * drm/amd/display: fix access hdcp_workqueue assert (git-fixes). * drm/amd/display: fix the build when DRM_AMD_DC_DCN is not set (git-fixes). * drm/amd/display: fix the white screen issue when >= 64GB DRAM (git-fixes). * drm/amd/display: limit DPIA link rate to HBR3 (git-fixes). * drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes). * drm/amd/display: prevent potential division by zero errors (git-fixes). * drm/amd/display: register edp_backlight_control() for DCN301 (git-fixes). * drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes). * drm/amd/display: trigger timing sync only if TG is running (git-fixes). * drm/amd/pm/smu7: move variables to where they are used (git-fixes). * drm/amd/pm: avoid unintentional shutdown due to temperature momentary fluctuation (git-fixes). * drm/amd/pm: expose swctf threshold setting for legacy powerplay (git-fixes). * drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create() (git-fixes). * drm/amd/pm: fulfill powerplay peak profiling mode shader/memory clock settings (git-fixes). * drm/amd/pm: fulfill swsmu peak profiling mode shader/memory clock settings (git-fixes). * drm/amd/pm: skip the RLC stop when S0i3 suspend for SMU v13.0.4/11 (git- fixes). * drm/amd: Disable S/G for APUs when 64GB or more host memory (git-fixes). * drm/amd: flush any delayed gfxoff on suspend entry (git-fixes). * drm/amdgpu/pm: fix throttle_status for other than MP1 11.0.7 (git-fixes). * drm/amdgpu: Fix integer overflow in amdgpu_cs_pass1 (git-fixes). * drm/amdgpu: Fix potential fence use-after-free v2 (git-fixes). * drm/amdgpu: Remove unnecessary domain argument (git-fixes). * drm/amdgpu: Use RMW accessors for changing LNKCTL (git-fixes). * drm/amdgpu: add S/G display parameter (git-fixes). * drm/amdgpu: add vram reservation based on vram_usagebyfirmware_v2_2 (git- fixes). * drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() (git-fixes). * drm/amdgpu: fix calltrace warning in amddrm_buddy_fini (git-fixes). * drm/amdgpu: fix memory leak in mes self test (git-fixes). * drm/amdgpu: fix possible UAF in amdgpu_cs_pass1() (git-fixes). * drm/amdgpu: install stub fence into potential unused fence pointers (git- fixes). * drm/amdgpu: keep irq count in amdgpu_irq_disable_all (git-fixes). * drm/amdgpu: skip fence GFX interrupts disable/enable for S0ix (git-fixes). * drm/armada: Fix off-by-one error in armada_overlay_get_property() (git- fixes). * drm/ast: Fix DRAM init on AST2200 (git-fixes). * drm/atomic-helper: Update reference to drm_crtc_force_disable_all() (git- fixes). * drm/bridge: anx7625: Drop device lock before drm_helper_hpd_irq_event() (git-fixes). * drm/bridge: anx7625: Use common macros for DP power sequencing commands (git-fixes). * drm/bridge: anx7625: Use common macros for HDCP capabilities (git-fixes). * drm/bridge: fix -Wunused-const-variable= warning (git-fixes). * drm/bridge: tc358764: Fix debug print parameter order (git-fixes). * drm/etnaviv: fix dumping of active MMU context (git-fixes). * drm/gma500: Use drm_aperture_remove_conflicting_pci_framebuffers (git- fixes). * drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (git-fixes). * drm/i915/gvt: Put the page reference obtained by KVM's gfn_to_pfn() (git- fixes). * drm/i915/gvt: Verify pfn is "valid" before dereferencing "struct page" (git- fixes). * drm/i915/sdvo: fix panel_type initialization (git-fixes). * drm/i915: Fix premature release of request's reusable memory (git-fixes). * drm/i915: mark requests for GuC virtual engines to avoid use-after-free (git-fixes). * drm/mediatek: Fix dereference before null check (git-fixes). * drm/mediatek: Fix potential memory leak if vmap() fail (git-fixes). * drm/mediatek: Remove freeing not dynamic allocated memory (git-fixes). * drm/msm/a2xx: Call adreno_gpu_init() earlier (git-fixes). * drm/msm/dpu: fix the irq index in dpu_encoder_phys_wb_wait_for_commit_done (git-fixes). * drm/msm/mdp5: Do not leak some plane state (git-fixes). * drm/msm: Update dev core dump to not print backwards (git-fixes). * drm/mxsfb: Disable overlay plane in mxsfb_plane_overlay_atomic_disable() (git-fixes). * drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes (git-fixes). * drm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create (bsc#1214073). * drm/nouveau/gr: enable memory loads on helper invocation on all channels (git-fixes). * drm/nouveau/nvkm/dp: Add workaround to fix DP 1.3+ DPCD issues (git-fixes). * drm/panel: simple: Add missing connector type and pixel format for AUO T215HVN01 (git-fixes). * drm/panel: simple: Fix AUO G121EAN01 panel timings according to the docs (git-fixes). * drm/qxl: fix UAF on handle creation (git-fixes). * drm/radeon: Use RMW accessors for changing LNKCTL (git-fixes). * drm/repaper: Reduce temporary buffer size in repaper_fb_dirty() (git-fixes). * drm/rockchip: Do not spam logs in atomic check (git-fixes). * drm/shmem-helper: Reset vma->vm_ops before calling dma_buf_mmap() (git- fixes). * drm/stm: ltdc: fix late dereference check (git-fixes). * drm/tegra: dpaux: Fix incorrect return value of platform_get_irq (git- fixes). * drm/ttm: check null pointer before accessing when swapping (git-fixes). * drm/ttm: never consider pinned BOs for eviction&swap (git-fixes). * drm/vmwgfx: Fix shader stage validation (git-fixes). * drm: adv7511: Fix low refresh rate register for ADV7533/5 (git-fixes). * drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (git-fixes). * drm: rcar-du: remove R-Car H3 ES1.* workarounds (git-fixes). * drm: xlnx: zynqmp_dpsub: Add missing check for dma_set_mask (git-fixes). * dt-bindings: clock: xlnx,versal-clk: drop select:false (git-fixes). * dt-bindings: clocks: imx8mp: make sai4 a dummy clock (git-fixes). * dt-bindings: crypto: ti,sa2ul: make power-domains conditional (git-fixes). * e1000: Fix typos in comments (jsc#PED-5738). * e1000: Remove unnecessary use of kmap_atomic() (jsc#PED-5738). * e1000: switch to napi_build_skb() (jsc#PED-5738). * e1000: switch to napi_consume_skb() (jsc#PED-5738). * exfat: fix unexpected EOF while reading dir (bsc#1214000). * exfat: release s_lock before calling dir_emit() (bsc#1214000). * exfat_iterate(): do not open-code file_inode(file) (bsc#1214000). * fbdev/ep93xx-fb: Do not assign to struct fb_info.dev (git-fixes). * fbdev: Fix sys_imageblit() for arbitrary image widths (git-fixes). * fbdev: Improve performance of sys_imageblit() (git-fixes). * fbdev: Update fbdev source file paths (git-fixes). * fbdev: fix potential OOB read in fast_imageblit() (git-fixes). * fbdev: mmp: fix value check in mmphw_probe() (git-fixes). * file: reinstate f_pos locking optimization for regular files (bsc#1213759). * firmware: arm_scmi: Drop OF node reference in the transport channel setup (git-fixes). * firmware: cs_dsp: Fix new control name check (git-fixes). * firmware: meson_sm: fix to avoid potential NULL pointer dereference (git- fixes). * firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes). * fprobe: Release rethook after the ftrace_ops is unregistered (git-fixes). * fprobe: add unlock to match a succeeded ftrace_test_recursion_trylock (git- fixes). * fs/sysv: Null check to prevent null-ptr-deref bug (git-fixes). * fs: do not update freeing inode i_io_list (bsc#1214813). * fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE (bsc#1214813). * fsi: aspeed: Reset master errors after CFAM reset (git-fixes). * fsi: master-ast-cf: Add MODULE_FIRMWARE macro (git-fixes). * ftrace: Fix possible warning on checking all pages used in ftrace_process_locs() (git-fixes). * gpio: mvebu: Make use of devm_pwmchip_add (git-fixes). * gpio: mvebu: fix irq domain leak (git-fixes). * gpio: tps68470: Make tps68470_gpio_output() always set the initial value (git-fixes). * hv_netvsc: Remove second mapping of send and recv buffers (bsc#1206453). * hwmon: (pmbus/bel-pfe) Enable PMBUS_SKIP_STATUS_CHECK for pfe1100 (git- fixes). * hwmon: (tmp513) Fix the channel number in tmp51x_is_visible() (git-fixes). * hwrng: iproc-rng200 - Implement suspend and resume calls (git-fixes). * hwrng: nomadik - keep clock enabled while hwrng is registered (git-fixes). * hwrng: pic32 - use devm_clk_get_enabled (git-fixes). * i2c: Delete error messages for failed memory allocations (git-fixes). * i2c: Improve size determinations (git-fixes). * i2c: aspeed: Reset the i2c controller when timeout occurs (git-fixes). * i2c: bcm-iproc: Fix bcm_iproc_i2c_isr deadlock issue (git-fixes). * i2c: designware: Correct length byte validation logic (git-fixes). * i2c: designware: Handle invalid SMBus block data response length value (git- fixes). * i2c: hisi: Only handle the interrupt of the driver's transfer (git-fixes). * i2c: nomadik: Remove a useless call in the remove function (git-fixes). * i2c: nomadik: Remove unnecessary goto label (git-fixes). * i2c: nomadik: Use devm_clk_get_enabled() (git-fixes). * i3c: master: svc: fix probe failure when no i3c device exist (git-fixes). * i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes). * iavf: fix potential races for FDIR filters (git-fixes). * ice: Fix RDMA VSI removal during queue rebuild (git-fixes). * ice: Fix crash by keep old cfg when update TCs more than queues (git-fixes). * ice: Fix max_rate check while configuring TX rate limits (git-fixes). * ice: Fix memory management in ice_ethtool_fdir.c (git-fixes). * idr: fix param name in idr_alloc_cyclic() doc (git-fixes). * iio: adc: ina2xx: avoid NULL pointer dereference on OF device match (git- fixes). * iio: adc: stx104: Implement and utilize register structures (git-fixes). * iio: adc: stx104: Utilize iomap interface (git-fixes). * iio: cros_ec: Fix the allocation size for cros_ec_command (git-fixes). * intel/e1000:fix repeated words in comments (jsc#PED-5738). * intel: remove unused macros (jsc#PED-5738). * iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423). * iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423). * iommu/amd: Add PCI segment support for ivrs_ commands (git-fixes). * iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423). * iommu/amd: Do not identity map v2 capable device when snp is enabled (git- fixes). * iommu/amd: Fix compile warning in init code (git-fixes). * iommu/amd: Fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (git-fixes). * iommu/amd: Fix ivrs_acpihid cmdline parsing code (git-fixes). * iommu/amd: Fix pci device refcount leak in ppr_notifier() (git-fixes). * iommu/amd: use full 64-bit value in build_completion_wait() (git-fixes). * iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT device to identity (git-fixes). * iommu/arm-smmu-v3: check return value after calling platform_get_resource() (git-fixes). * iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes). * iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (git- fixes). * iommu/dart: Initialize DART_STREAMS_ENABLE (git-fixes). * iommu/dma: Fix incorrect error return on iommu deferred attach (git-fixes). * iommu/dma: Fix iova map result check bug (git-fixes). * iommu/dma: return error code from iommu_dma_map_sg() (git-fixes). * iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe() (git-fixes). * iommu/io-pgtable-arm-v7s: Add a quirk to allow pgtable PA up to 35bit (git- fixes). * iommu/iova: Fix module config properly (git-fixes). * iommu/mediatek: Add error path for loop of mm_dts_parse (git-fixes). * iommu/mediatek: Add platform_device_put for recovering the device refcnt (git-fixes). * iommu/mediatek: Check return value after calling platform_get_resource() (git-fixes). * iommu/mediatek: Set dma_mask for PGTABLE_PA_35_EN (git-fixes). * iommu/mediatek: Use component_match_add (git-fixes). * iommu/mediatek: Validate number of phandles associated with "mediatek,larbs" (git-fixes). * iommu/omap: Fix buffer overflow in debugfs (git-fixes). * iommu/rockchip: fix permission bits in page table entries v2 (git-fixes). * iommu/s390: Fix duplicate domain attachments (git-fixes). * iommu/sun50i: Consider all fault sources for reset (git-fixes). * iommu/sun50i: Fix R/W permission check (git-fixes). * iommu/sun50i: Fix flush size (git-fixes). * iommu/sun50i: Fix reset release (git-fixes). * iommu/sun50i: Implement .iotlb_sync_map (git-fixes). * iommu/sun50i: Remove IOMMU_DOMAIN_IDENTITY (git-fixes). * iommu/vt-d: Add RPLS to quirk list to skip TE disabling (git-fixes). * iommu/vt-d: Check correct capability for sagaw determination (git-fixes). * iommu/vt-d: Clean up si_domain in the init_dmars() error path (git-fixes). * iommu/vt-d: Correctly calculate sagaw value of IOMMU (git-fixes). * iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init() (git- fixes). * iommu/vt-d: Fix PCI device refcount leak in has_external_pci() (git-fixes). * iommu/vt-d: Fix kdump kernels boot failure with scalable mode (git-fixes). * iommu/vt-d: Preset Access bit for IOVA in FL non-leaf paging entries (git- fixes). * iommu/vt-d: Set SRE bit only when hardware has SRS cap (git-fixes). * ipmi:ssif: Add check for kstrdup (git-fixes). * ipmi:ssif: Fix a memory leak when scanning for an adapter (git-fixes). * ipmi_si: fix a memleak in try_smi_init() (git-fixes). * jffs2: correct logic when creating a hole in jffs2_write_begin (git-fixes). * kabi/severities: Ignore newly added SRSO mitigation functions * kabi/severities: ignore mlx4 internal symbols * kabi: Allow extra bugsints (bsc#1213927). * kabi: hide changes in enum ipl_type and struct sclp_info (jsc#PED-2023 jsc#PED-2025). * kconfig: fix possible buffer overflow (git-fixes). * kernel-binary: Common dependencies cleanup Common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there. * kernel-binary: Drop code for kerntypes support Kerntypes was a SUSE-specific feature dropped before SLE 12. * kselftest/runner.sh: Propagate SIGTERM to runner child (git-fixes). * kunit: make kunit_test_timeout compatible with comment (git-fixes). * leds: Fix BUG_ON check for LED_COLOR_ID_MULTI that is always false (git- fixes). * leds: multicolor: Use rounded division when calculating color components (git-fixes). * leds: pwm: Fix error code in led_pwm_create_fwnode() (git-fixes). * leds: trigger: tty: Do not use LED_ON/OFF constants, use led_blink_set_oneshot instead (git-fixes). * leds: turris-omnia: Drop unnecessary mutex locking (git-fixes). * lib/test_meminit: allocate pages up to order MAX_ORDER (git-fixes). * lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test (git-fixes). * libbpf: Fix BTF-to-C converter's padding logic (bsc#1211220 jsc#PED-3924). * libbpf: Fix btf_dump's packed struct determination (bsc#1211220 jsc#PED-3924). * libbpf: Fix single-line struct definition output in btf_dump (bsc#1211220 jsc#PED-3924). * libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393). * md/raid0: Factor out helper for mapping and submitting a bio (bsc#1213916). * md/raid0: Fix performance regression for large sequential writes (bsc#1213916). * media: ad5820: Drop unsupported ad5823 from i2c_ and of_device_id tables (git-fixes). * media: cx24120: Add retval check for cx24120_message_send() (git-fixes). * media: dib7000p: Fix potential division by zero (git-fixes). * media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() (git- fixes). * media: go7007: Remove redundant if statement (git-fixes). * media: i2c: ccs: Check rules is non-NULL (git-fixes). * media: i2c: rdacm21: Fix uninitialized value (git-fixes). * media: i2c: tvp5150: check return value of devm_kasprintf() (git-fixes). * media: ov2680: Add ov2680_fill_format() helper function (git-fixes). * media: ov2680: Do not take the lock for try_fmt calls (git-fixes). * media: ov2680: Fix ov2680_bayer_order() (git-fixes). * media: ov2680: Fix ov2680_set_fmt() which == V4L2_SUBDEV_FORMAT_TRY not working (git-fixes). * media: ov2680: Fix regulators being left enabled on ov2680_power_on() errors (git-fixes). * media: ov2680: Fix vflip / hflip set functions (git-fixes). * media: ov2680: Remove VIDEO_V4L2_SUBDEV_API ifdef-s (git-fixes). * media: ov5640: Enable MIPI interface in ov5640_set_power_mipi() (git-fixes). * media: rkvdec: increase max supported height for H.264 (git-fixes). * media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link() (git-fixes). * media: v4l2-mem2mem: add lock to protect parameter num_rdy (git-fixes). * media: venus: hfi_venus: Only consider sys_idle_indicator on V1 (git-fixes). * media: venus: hfi_venus: Write to VIDC_CTRL_INIT after unmasking interrupts (git-fixes). * misc: rtsx: judge ASPM Mode to set PETXCFG Reg (git-fixes). * mkspec: Allow unsupported KMPs (bsc#1214386) * mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (bsc#1187236). * mlx4: Connect the ethernet part to the auxiliary bus (bsc#1187236). * mlx4: Connect the infiniband part to the auxiliary bus (bsc#1187236). * mlx4: Delete custom device management logic (bsc#1187236). * mlx4: Get rid of the mlx4_interface.activate callback (bsc#1187236). * mlx4: Get rid of the mlx4_interface.get_dev callback (bsc#1187236). * mlx4: Move the bond work to the core driver (bsc#1187236). * mlx4: Register mlx4 devices to an auxiliary virtual bus (bsc#1187236). * mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236). * mlx4: Replace the mlx4_interface.event callback with a notifier (bsc#1187236). * mlx4: Use 'void *' as the event param of mlx4_dispatch_event() (bsc#1187236). * mlxsw: pci: Add shutdown method in PCI driver (git-fixes). * mmc: block: Fix in_flight[issue_type] value error (git-fixes). * mmc: moxart: read scr register without changing byte order (git-fixes). * mmc: wbsd: fix double mmc_free_host() in wbsd_init() (git-fixes). * module: avoid allocation if module is already present and ready (bsc#1213921). * module: extract patient module check into helper (bsc#1213921). * module: move check_modinfo() early to early_mod_check() (bsc#1213921). * module: move early sanity checks into a helper (bsc#1213921). * mtd: rawnand: brcmnand: Fix crash during the panic_write (git-fixes). * mtd: rawnand: brcmnand: Fix mtd oobsize (git-fixes). * mtd: rawnand: brcmnand: Fix potential false time out warning (git-fixes). * mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write (git-fixes). * mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op() (git-fixes). * mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() (git- fixes). * mtd: rawnand: omap_elm: Fix incorrect type in assignment (git-fixes). * mtd: rawnand: rockchip: Align hwecc vs. raw page helper layouts (git-fixes). * mtd: rawnand: rockchip: fix oobfree offset and description (git-fixes). * mtd: spi-nor: Check bus width while setting QE bit (git-fixes). * mtd: spinand: toshiba: Fix ecc_get_status (git-fixes). * n_tty: Rename tail to old_tail in n_tty_read() (git-fixes). * net/mlx4: Remove many unnecessary NULL values (bsc#1187236). * net: hns3: fix wrong bw weight of disabled tc issue (git-fixes). * net: ieee802154: at86rf230: Stop leaking skb's (git-fixes). * net: mana: Fix MANA VF unload when hardware is unresponsive (git-fixes). * net: phy: at803x: remove set/get wol callbacks for AR8032 (git-fixes). * net: phy: broadcom: stub c45 read/write for 54810 (git-fixes). * net: phy: fix IRQ-based wake-on-lan over hibernate / power off (git-fixes). * net: phy: micrel: Correct bit assignments for phy_device flags (git-fixes). * net: stmmac: tegra: Properly allocate clock bulk data (bsc#1213733) * net: usb: lan78xx: reorder cleanup operations to avoid UAF bugs (git-fixes). * net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb (git-fixes). * netfs: Fix lockdep warning from taking sb_writers whilst holding mmap_lock (bsc#1214742). * netfs: Fix missing xas_retry() calls in xarray iteration (bsc#1213946 bsc#1214404). * netfs: Fix missing xas_retry() calls in xarray iteration (bsc#1213946). * netfs: fix parameter of cleanup() (bsc#1214743). * nfsd: Remove incorrect check in nfsd4_validate_stateid (git-fixes). * nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse (git- fixes). * nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (git- fixes). * ntb: Clean up tx tail index on link down (git-fixes). * ntb: Drop packets when qp link is down (git-fixes). * ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes). * nvme-rdma: fix potential unbalanced freeze & unfreeze (bsc#1208902). * nvme-tcp: fix potential unbalanced freeze & unfreeze (bsc#1208902). * objtool/x86: Fix SRSO mess (git-fixes). * objtool/x86: Fixup frame-pointer vs rethunk (git-fixes). * objtool: Union instruction::{call_dest,jump_table} (git-fixes). * old-flavors: Drop 2.6 kernels. 2.6 based kernels are EOL, upgrading from them is no longer suported. * pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() (git-fixes). * phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write (git- fixes). * phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate (git- fixes). * phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 (git-fixes). * phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend (git-fixes). * phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes). * phy: qcom-snps: Use dev_err_probe() to simplify code (git-fixes). * phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc (git-fixes). * pinctrl: amd: Mask wake bits on probe again (git-fixes). * pinctrl: amd: Revert "pinctrl: amd: disable and mask interrupts on probe" (git-fixes). * pinctrl: cherryview: fix address_space_handler() argument (git-fixes). * pinctrl: mcp23s08: check return value of devm_kasprintf() (git-fixes). * pinctrl: renesas: rza2: Add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function} (git-fixes). * platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (git-fixes). * platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (git- fixes). * platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes). * platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors (git-fixes). * platform/x86: dell-sysman: Fix reference leak (git-fixes). * powerpc/64e: Fix kexec build error (bsc#1212091 ltc#199106). * powerpc/iommu: Fix iommu_table_in_use for a small default DMA window case (bsc#1212091 ltc#199106). * powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729). * powerpc/iommu: Incorrect DDW Table is referenced for SR-IOV device (bsc#1212091 ltc#199106). * powerpc/iommu: TCEs are incorrectly manipulated with DLPAR add/remove of memory (bsc#1212091 ltc#199106). * powerpc/iommu: do not set failed sg dma_address to DMA_MAPPING_ERROR (bsc#1212091 ltc#199106). * powerpc/iommu: return error code from .map_sg() ops (bsc#1212091 ltc#199106). * powerpc/kernel/iommu: Add new iommu_table_in_use() helper (bsc#1212091 ltc#199106). * powerpc/kexec: Fix build failure from uninitialised variable (bsc#1212091 ltc#199106). * powerpc/mm/altmap: Fix altmap boundary check (bsc#1120059 git-fixes). * powerpc/pseries/ddw: Do not try direct mapping with persistent memory and one window (bsc#1212091 ltc#199106). * powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Add ddw_list_new_entry() helper (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Add ddw_property_create() and refactor enable_ddw() (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Add iommu_pseries_alloc_table() helper (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Add of_node_put() before break (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Allow DDW windows starting at 0x00 (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Check if the default window in use before removing it (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Create huge DMA window if no MMIO32 is present (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Find existing DDW with given property name (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Make use of DDW for indirect mapping (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Print ibm,query-pe-dma-windows parameters (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Rename "direct window" to "dma window" (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Reorganize iommu_table_setparms*() with new helper (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Replace hard-coded page shift (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Update remove_dma_window() to accept property name (bsc#1212091 ltc#199106). * powerpc/pseries/iommu: Use correct vfree for it_map (bsc#1212091 ltc#199106). * powerpc/pseries: Add __init attribute to eligible functions (bsc#1212091 ltc#199106). * powerpc/pseries: Honour current SMT state when DLPAR onlining CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * powerpc/pseries: Initialise CPU hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). * powerpc/rtas: block error injection when locked down (bsc#1023051). * powerpc/rtas: enture rtas_call is called with MMU enabled (bsc#1023051). * powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051). * powerpc/rtas_flash: allow user copy to flash block cache objects (bsc#1194869). * powerpc/security: Fix Speculation_Store_Bypass reporting on Power10 (bsc#1188885 ltc#193722 git-fixes). * powerpc/xics: Remove unnecessary endian conversion (bsc#1065729). * powerpc: Add HOTPLUG_SMT support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). Update config files. * powerpc: Move DMA64_PROPNAME define to a header (bsc#1214297 ltc#197503). * powerpc: fix typos in comments (bsc#1212091 ltc#199106). * pseries/iommu/ddw: Fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503). * pstore/ram: Check start of empty przs during init (git-fixes). * pwm: Add a stub for devm_pwmchip_add() (git-fixes). * pwm: lpc32xx: Remove handling of PWM channels (git-fixes). * pwm: meson: Simplify duplicated per-channel tracking (git-fixes). * pwm: meson: fix handling of period/duty if greater than UINT_MAX (git- fixes). * qed: Fix scheduling in a tasklet while getting stats (git-fixes). * regmap: rbtree: Use alloc_flags for memory allocations (git-fixes). * ring-buffer: Do not swap cpu_buffer during resize process (git-fixes). * ring-buffer: Fix deadloop issue on reading trace_pipe (git-fixes). * ring-buffer: Fix wrong stat of cpu_buffer->read (git-fixes). * rpm/mkspec-dtb: support for nested subdirs. * rpmsg: glink: Add check for kstrdup (git-fixes). * rt: Add helper script to refresh RT configs based on the parent (SLE Realtime Extension). * s390/dasd: fix command reject error on ESE devices (LTC#203630 bsc#1215123 git-fixes). * s390/dasd: fix hanging device after request requeue (git-fixes LTC#203629 bsc#1215124). * s390/ipl: add DEFINE_GENERIC_LOADPARM() (jsc#PED-2023). * s390/ipl: add eckd dump support (jsc#PED-2025). * s390/ipl: add eckd support (jsc#PED-2023). * s390/ipl: add loadparm parameter to eckd ipl/reipl data (jsc#PED-2023). * s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976). * s390/ipl: use octal values instead of S_* macros (jsc#PED-2023). * s390/purgatory: disable branch profiling (git-fixes bsc#1214372). * s390/qeth: Do not call dev_close/dev_open (DOWN/UP) (bsc#1214873 git-fixes). * s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215148). * s390/zcrypt: fix reply buffer calculations for CCA replies (bsc#1213949). * sched/fair: Fix inaccurate tally of ttwu_move_affine (git fixes). * sched/fair: Use recent_used_cpu to test p->cpus_ptr (git fixes). * sched/psi: use kernfs polling functions for PSI trigger polling (bsc#1209799). * scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes). * scsi: 53c700: Check that command slot is not NULL (git-fixes). * scsi: RDMA/srp: Fix residual handling (git-fixes) * scsi: bsg: Increase number of devices (bsc#1210048). * scsi: core: Do not wait for quiesce in scsi_device_block() (bsc#1209284). * scsi: core: Do not wait for quiesce in scsi_stop_queue() (bsc#1209284). * scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes). * scsi: core: Fix possible memory leak if device_add() fails (git-fixes). * scsi: core: Improve warning message in scsi_device_block() (bsc#1209284). * scsi: core: Merge scsi_internal_device_block() and device_block() (bsc#1209284). * scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes). * scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE (git-fixes). * scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (git-fixes). * scsi: lpfc: Remove reftag check in DIF paths (git-fixes). * scsi: qedf: Fix NULL dereference in error handling (git-fixes). * scsi: qedf: Fix firmware halt over suspend and resume (git-fixes). * scsi: qedi: Fix firmware halt over suspend and resume (git-fixes). * scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928). * scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928). * scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928). * scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928). * scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928). * scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928). * scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928). * scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928). * scsi: qla2xxx: Remove unused declarations (bsc#1214928). * scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928). * scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928). * scsi: scsi_debug: Remove dead code (git-fixes). * scsi: sg: Increase number of devices (bsc#1210048). * scsi: snic: Fix double free in snic_tgt_create() (git-fixes). * scsi: snic: Fix possible memory leak if device_add() fails (git-fixes). * scsi: storvsc: Always set no_report_opcodes (git-fixes). * scsi: storvsc: Fix handling of virtual Fibre Channel timeouts (git-fixes). * scsi: storvsc: Handle SRB status value 0x30 (git-fixes). * scsi: storvsc: Limit max_sectors for virtual Fibre Channel devices (git- fixes). * scsi: zfcp: Defer fc_rport blocking until after ADISC response (git-fixes bsc#1214371). * selftests/bpf: Test btf dump for struct with padding only fields (bsc#1211220 jsc#PED-3924). * selftests/futex: Order calls to futex_lock_pi (git-fixes). * selftests/harness: Actually report SKIP for signal tests (git-fixes). * selftests/resctrl: Close perf value read fd on errors (git-fixes). * selftests/resctrl: Do not leak buffer in fill_cache() (git-fixes). * selftests/resctrl: Unmount resctrl FS if child fails to run benchmark (git- fixes). * selftests/rseq: check if libc rseq support is registered (git-fixes). * selftests: forwarding: Add a helper to skip test when using veth pairs (git- fixes). * selftests: forwarding: Skip test when no interfaces are specified (git- fixes). * selftests: forwarding: Switch off timeout (git-fixes). * selftests: forwarding: ethtool: Skip when using veth pairs (git-fixes). * selftests: forwarding: ethtool_extended_state: Skip when using veth pairs (git-fixes). * selftests: forwarding: tc_actions: Use ncat instead of nc (git-fixes). * selftests: forwarding: tc_actions: cleanup temporary files when test is aborted (git-fixes). * selftests: forwarding: tc_flower: Relax success criterion (git-fixes). * selftests: mirror_gre_changes: Tighten up the TTL test match (git-fixes). * selftests: tracing: Fix to unmount tracefs for recovering environment (git- fixes). * serial: sc16is7xx: fix broken port 0 uart init (git-fixes). * serial: sc16is7xx: fix bug when first setting GPIO direction (git-fixes). * serial: sprd: Assign sprd_port after initialized to avoid wrong access (git- fixes). * serial: sprd: Fix DMA buffer leak issue (git-fixes). * serial: tegra: handle clk prepare error in tegra_uart_hw_init() (git-fixes). * sfc: fix crash when reading stats while NIC is resetting (git-fixes). * smb3: Do not send lease break acknowledgment if all file handles have been closed (git-fixes). * smb3: do not set NTLMSSP_VERSION flag for negotiate not auth request (bsc#1193629). * smb: client: Fix -Wstringop-overflow issues (bsc#1193629). * smb: client: fix dfs link mount against w2k8 (bsc#1212142). * smb: client: fix null auth (git-fixes). * soc: aspeed: socinfo: Add kfree for kstrdup (git-fixes). * soundwire: bus: pm_runtime_request_resume on peripheral attachment (git- fixes). * soundwire: fix enumeration completion (git-fixes). * spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (git-fixes). * supported.conf: fix typos for -!optional markers * swiotlb: Remove bounce buffer remapping for Hyper-V (bsc#1206453). * target: compare and write backend driver sense handling (bsc#1177719 bsc#1213026). * target_core_rbd: fix leak and reduce kmalloc calls (bsc#1212873). * target_core_rbd: fix rbd_img_request.snap_id assignment (bsc#1212857). * target_core_rbd: remove snapshot existence validation code (bsc#1212857). * tcpm: Avoid soft reset when partner does not support get_status (git-fixes). * thunderbolt: Read retimer NVM authentication status prior tb_retimer_set_inbound_sbtx() (git-fixes). * timers: Add shutdown mechanism to the internal functions (bsc#1213970). * timers: Provide timer_shutdown_sync (bsc#1213970). * timers: Rename del_timer() to timer_delete() (bsc#1213970). * timers: Rename del_timer_sync() to timer_delete_sync() (bsc#1213970). * timers: Replace BUG_ON()s (bsc#1213970). * timers: Silently ignore timers with a NULL function (bsc#1213970). * timers: Split [try_to_]del_timer_sync to prepare for shutdown mode (bsc#1213970). * timers: Update kernel-doc for various functions (bsc#1213970). * timers: Use del_timer_sync() even on UP (bsc#1213970). * tracing/histograms: Add histograms to hist_vars if they have referenced variables (git-fixes). * tracing/histograms: Return an error if we fail to add histogram to hist_vars list (git-fixes). * tracing/probes: Fix not to count error code to total length (git-fixes). * tracing/probes: Fix to avoid double count of the string length on the array (git-fixes). * tracing/probes: Fix to record 0-length data_loc in fetch_store_string*() if fails (git-fixes). * tracing/probes: Fix to update dynamic data counter if fetcharg uses it (git- fixes). * tracing: Fix cpu buffers unavailable due to 'record_disabled' missed (git- fixes). * tracing: Fix memleak due to race between current_tracer and trace (git- fixes). * tracing: Fix memory leak of iter->temp when reading trace_pipe (git-fixes). * tracing: Fix null pointer dereference in tracing_err_log_open() (git-fixes). * tracing: Fix race issue between cpu buffer write and swap (git-fixes). * tracing: Fix warning in trace_buffered_event_disable() (git-fixes). * tracing: Remove extra space at the end of hwlat_detector/mode (git-fixes). * tracing: Remove unnecessary copying of tr->current_trace (git-fixes). * tty: fix hang on tty device with no_room set (git-fixes). * tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux (git- fixes). * tty: serial: fsl_lpuart: Add i.MXRT1050 support (git-fixes). * tty: serial: fsl_lpuart: Clear the error flags by writing 1 for lpuart32 platforms (git-fixes). * tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms (git-fixes). * tty: serial: fsl_lpuart: reduce RX watermark to 0 on LS1028A (git-fixes). * ubifs: Fix memleak when insert_old_idx() failed (git-fixes). * uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes). * usb-storage: alauda: Fix uninit-value in alauda_check_media() (git-fixes). * usb: chipidea: imx: add missing USB PHY DPDM wakeup setting (git-fixes). * usb: chipidea: imx: do not request QoS for imx8ulp (git-fixes). * usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 (git- fixes). * usb: common: usb-conn-gpio: Prevent bailing out if initial role is none (git-fixes). * usb: dwc3: Fix typos in gadget.c (git-fixes). * usb: dwc3: Properly handle processing of pending events (git-fixes). * usb: dwc3: meson-g12a: do post init to fix broken usb after resumption (git- fixes). * usb: gadget: Fix the memory leak in raw_gadget driver (git-fixes). * usb: gadget: f_mass_storage: Fix unused variable warning (git-fixes). * usb: gadget: u_serial: Avoid spinlock recursion in __gs_console_push (git- fixes). * usb: ohci-at91: Fix the unhandle interrupt when resume (git-fixes). * usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (git- fixes). * usb: quirks: add quirk for Focusrite Scarlett (git-fixes). * usb: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes). * usb: serial: option: add Quectel EC200A module support (git-fixes). * usb: serial: option: add Quectel EM05G variant (0x030e) (git-fixes). * usb: serial: option: support Quectel EM060K_128 (git-fixes). * usb: serial: simple: add Kaufmann RKS+CAN VCP (git-fixes). * usb: serial: simple: sort driver entries (git-fixes). * usb: typec: altmodes/displayport: Signal hpd when configuring pin assignment (git-fixes). * usb: typec: tcpci: clear the fault status bit (git-fixes). * usb: typec: tcpci: move tcpci.h to include/linux/usb/ (git-fixes). * usb: typec: tcpm: Fix response to vsafe0V event (git-fixes). * usb: typec: tcpm: set initial svdm version based on pd revision (git-fixes). * usb: zaurus: Add ID for A-300/B-500/C-700 (git-fixes). * watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (git-fixes). * watchdog: sp5100_tco: support Hygon FCH/SCH (Server Controller Hub) (git- fixes). * wifi: ath10k: Use RMW accessors for changing LNKCTL (git-fixes). * wifi: ath11k: Use RMW accessors for changing LNKCTL (git-fixes). * wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx (git- fixes). * wifi: ath9k: protect WMI command response buffer replacement with a lock (git-fixes). * wifi: ath9k: use IS_ERR() with debugfs_create_dir() (git-fixes). * wifi: cfg80211: Fix return value in scan logic (git-fixes). * wifi: cfg80211: fix sband iftype data lookup for AP_VLAN (git-fixes). * wifi: mt76: mt7615: do not advertise 5 GHz on first phy of MT7615D (DBDC) (git-fixes). * wifi: mt76: mt7915: fix power-limits while chan_switch (git-fixes). * wifi: mt76: mt7921: do not support one stream on secondary antenna only (git-fixes). * wifi: mt76: mt7921: fix non-PSC channel scan fail (git-fixes). * wifi: mt76: testmode: add nla_policy for MT76_TM_ATTR_TX_LENGTH (git-fixes). * wifi: mwifiex: Fix OOB and integer underflow when rx packets (git-fixes). * wifi: mwifiex: Fix missed return in oob checks failed path (git-fixes). * wifi: mwifiex: avoid possible NULL skb pointer dereference (git-fixes). * wifi: mwifiex: fix error recovery in PCIE buffer descriptor management (git- fixes). * wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (git-fixes). * wifi: nl80211/cfg80211: add forgotten nla_policy for BSS color attribute (git-fixes). * wifi: radiotap: fix kernel-doc notation warnings (git-fixes). * wifi: rtw89: debug: Fix error handling in rtw89_debug_priv_btc_manual_set() (git-fixes). * word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729). * x86/CPU/AMD: Disable XSAVES on AMD family 0x17 (git-fixes). * x86/alternative: Fix race in try_get_desc() (git-fixes). * x86/alternative: Make custom return thunk unconditional (git-fixes). * x86/boot/e820: Fix typo in e820.c comment (git-fixes). * x86/bugs: Reset speculation control settings on init (git-fixes). * x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes). * x86/cpu: Add Lunar Lake M (git-fixes). * x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes). * x86/cpu: Clean up SRSO return thunk mess (git-fixes). * x86/cpu: Cleanup the untrain mess (git-fixes). * x86/cpu: Fix __x86_return_thunk symbol type (git-fixes). * x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (git-fixes). * x86/cpu: Rename original retbleed methods (git-fixes). * x86/cpu: Rename srso_(.*) _alias to srso_alias_ \1 (git-fixes). * x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git- fixes). * x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git- fixes). * x86/hyperv: Add an interface to do nested hypercalls (bsc#1206453). * x86/hyperv: Add hv_isolation_type_tdx() to detect TDX guests (bsc#1206453). * x86/hyperv: Add support for detecting nested hypervisor (bsc#1206453). * x86/hyperv: Change vTOM handling to use standard coco mechanisms (bsc#1206453). * x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline (bsc#1206453). * x86/hyperv: Remove BUG_ON() for kmap_local_page() (bsc#1206453). * x86/hyperv: Reorder code to facilitate future work (bsc#1206453). * x86/hyperv: Replace kmap() with kmap_local_page() (bsc#1206453). * x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes). * x86/ioapic: Do not return 0 from arch_dynirq_lower_bound() (git-fixes). * x86/ioremap: Add hypervisor callback for private MMIO mapping in coco (bsc#1206453). * x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git- fixes). * x86/mce: Make sure logged MCEs are processed after sysfs update (git-fixes). * x86/mce: Retrieve poison range from hardware (git-fixes). * x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes). * x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes). * x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes). * x86/mm: Handle decryption/re-encryption of bss_decrypted consistently (bsc#1206453). * x86/purgatory: remove PGO flags (git-fixes). * x86/reboot: Disable virtualization in an emergency if SVM is supported (git- fixes). * x86/resctl: fix scheduler confusion with 'current' (git-fixes). * x86/resctrl: Fix task CLOSID/RMID update race (git-fixes). * x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes). * x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (git-fixes). * x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (git-fixes). * x86/retpoline: Do not clobber RFLAGS during srso_safe_ret() (git-fixes). * x86/rtc: Remove __init for runtime functions (git-fixes). * x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635). * x86/sgx: Reduce delay and interference of enclave release (git-fixes). * x86/speculation: Add cpu_show_gds() prototype (git-fixes). * x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes). * x86/srso: Correct the mitigation status when SMT is disabled (git-fixes). * x86/srso: Disable the mitigation on unaffected configurations (git-fixes). * x86/srso: Explain the untraining sequences a bit more (git-fixes). * x86/srso: Fix build breakage with the LLVM linker (git-fixes). * x86/srso: Fix return thunks in generated code (git-fixes). * x86/static_call: Fix __static_call_fixup() (git-fixes). * x86/tdx: Add more registers to struct tdx_hypercall_args (bsc#1206453). * x86/tdx: Do not corrupt frame-pointer in __tdx_hypercall() (bsc#1206453). * x86/tdx: Expand __tdx_hypercall() to handle more arguments (bsc#1206453). * x86/tdx: Fix typo in comment in __tdx_hypercall() (bsc#1206453). * x86/tdx: Refactor __tdx_hypercall() to allow pass down more arguments (bsc#1206453). * x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes). * xfs: fix sb write verify for lazysbcount (bsc#1214661). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Real Time Module 15-SP5 zypper in -t patch SUSE-SLE-Module-RT-15-SP5-2023-3988=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3988=1 openSUSE-SLE-15.5-2023-3988=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-3988=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-3988=1 ## Package List: * SUSE Real Time Module 15-SP5 (x86_64) * kernel-rt-debugsource-5.14.21-150500.13.18.1 * gfs2-kmp-rt-debuginfo-5.14.21-150500.13.18.1 * ocfs2-kmp-rt-5.14.21-150500.13.18.1 * dlm-kmp-rt-debuginfo-5.14.21-150500.13.18.1 * ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.18.1 * kernel-rt_debug-debuginfo-5.14.21-150500.13.18.1 * kernel-rt-debuginfo-5.14.21-150500.13.18.1 * cluster-md-kmp-rt-5.14.21-150500.13.18.1 * dlm-kmp-rt-5.14.21-150500.13.18.1 * cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.18.1 * kernel-rt_debug-devel-5.14.21-150500.13.18.1 * kernel-rt_debug-debugsource-5.14.21-150500.13.18.1 * kernel-rt-devel-5.14.21-150500.13.18.1 * kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.18.1 * kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.18.1 * kernel-syms-rt-5.14.21-150500.13.18.1 * kernel-rt-devel-debuginfo-5.14.21-150500.13.18.1 * kernel-rt-vdso-debuginfo-5.14.21-150500.13.18.1 * kernel-rt-vdso-5.14.21-150500.13.18.1 * kernel-rt_debug-vdso-5.14.21-150500.13.18.1 * gfs2-kmp-rt-5.14.21-150500.13.18.1 * SUSE Real Time Module 15-SP5 (noarch) * kernel-devel-rt-5.14.21-150500.13.18.1 * kernel-source-rt-5.14.21-150500.13.18.1 * SUSE Real Time Module 15-SP5 (nosrc x86_64) * kernel-rt_debug-5.14.21-150500.13.18.1 * kernel-rt-5.14.21-150500.13.18.1 * openSUSE Leap 15.5 (noarch) * kernel-devel-rt-5.14.21-150500.13.18.1 * kernel-source-rt-5.14.21-150500.13.18.1 * openSUSE Leap 15.5 (x86_64) * kernel-rt-debugsource-5.14.21-150500.13.18.1 * reiserfs-kmp-rt-debuginfo-5.14.21-150500.13.18.1 * gfs2-kmp-rt-debuginfo-5.14.21-150500.13.18.1 * ocfs2-kmp-rt-5.14.21-150500.13.18.1 * kernel-rt_debug-livepatch-devel-5.14.21-150500.13.18.1 * dlm-kmp-rt-debuginfo-5.14.21-150500.13.18.1 * ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.18.1 * kernel-rt-optional-debuginfo-5.14.21-150500.13.18.1 * kernel-livepatch-5_14_21-150500_13_18-rt-debuginfo-1-150500.11.3.1 * kernel-livepatch-5_14_21-150500_13_18-rt-1-150500.11.3.1 * kernel-rt_debug-debuginfo-5.14.21-150500.13.18.1 * kernel-rt-debuginfo-5.14.21-150500.13.18.1 * kernel-livepatch-SLE15-SP5-RT_Update_5-debugsource-1-150500.11.3.1 * cluster-md-kmp-rt-5.14.21-150500.13.18.1 * cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.18.1 * dlm-kmp-rt-5.14.21-150500.13.18.1 * kernel-rt-optional-5.14.21-150500.13.18.1 * kselftests-kmp-rt-5.14.21-150500.13.18.1 * kernel-rt_debug-devel-5.14.21-150500.13.18.1 * kernel-rt_debug-debugsource-5.14.21-150500.13.18.1 * kernel-rt-extra-debuginfo-5.14.21-150500.13.18.1 * kernel-rt-devel-5.14.21-150500.13.18.1 * kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.18.1 * kernel-rt-livepatch-devel-5.14.21-150500.13.18.1 * kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.18.1 * kernel-rt-extra-5.14.21-150500.13.18.1 * kernel-syms-rt-5.14.21-150500.13.18.1 * kernel-rt-livepatch-5.14.21-150500.13.18.1 * kernel-rt-devel-debuginfo-5.14.21-150500.13.18.1 * kernel-rt-vdso-debuginfo-5.14.21-150500.13.18.1 * kernel-rt-vdso-5.14.21-150500.13.18.1 * reiserfs-kmp-rt-5.14.21-150500.13.18.1 * kernel-rt_debug-vdso-5.14.21-150500.13.18.1 * kselftests-kmp-rt-debuginfo-5.14.21-150500.13.18.1 * gfs2-kmp-rt-5.14.21-150500.13.18.1 * openSUSE Leap 15.5 (nosrc x86_64) * kernel-rt_debug-5.14.21-150500.13.18.1 * kernel-rt-5.14.21-150500.13.18.1 * SUSE Linux Enterprise Micro 5.5 (nosrc x86_64) * kernel-rt-5.14.21-150500.13.18.1 * SUSE Linux Enterprise Micro 5.5 (x86_64) * kernel-rt-debugsource-5.14.21-150500.13.18.1 * kernel-rt-debuginfo-5.14.21-150500.13.18.1 * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-5_14_21-150500_13_18-rt-debuginfo-1-150500.11.3.1 * kernel-livepatch-SLE15-SP5-RT_Update_5-debugsource-1-150500.11.3.1 * kernel-livepatch-5_14_21-150500_13_18-rt-1-150500.11.3.1 ## References: * https://www.suse.com/security/cve/CVE-2022-38457.html * https://www.suse.com/security/cve/CVE-2022-40133.html * https://www.suse.com/security/cve/CVE-2023-1192.html * https://www.suse.com/security/cve/CVE-2023-1859.html * https://www.suse.com/security/cve/CVE-2023-2007.html * https://www.suse.com/security/cve/CVE-2023-20588.html * https://www.suse.com/security/cve/CVE-2023-2177.html * https://www.suse.com/security/cve/CVE-2023-34319.html * https://www.suse.com/security/cve/CVE-2023-3610.html * https://www.suse.com/security/cve/CVE-2023-37453.html * https://www.suse.com/security/cve/CVE-2023-3772.html * https://www.suse.com/security/cve/CVE-2023-3863.html * https://www.suse.com/security/cve/CVE-2023-40283.html * https://www.suse.com/security/cve/CVE-2023-4128.html * https://www.suse.com/security/cve/CVE-2023-4133.html * https://www.suse.com/security/cve/CVE-2023-4134.html * https://www.suse.com/security/cve/CVE-2023-4147.html * https://www.suse.com/security/cve/CVE-2023-4194.html * https://www.suse.com/security/cve/CVE-2023-4273.html * https://www.suse.com/security/cve/CVE-2023-4387.html * https://www.suse.com/security/cve/CVE-2023-4459.html * https://www.suse.com/security/cve/CVE-2023-4563.html * https://www.suse.com/security/cve/CVE-2023-4569.html * https://www.suse.com/security/cve/CVE-2023-4881.html * https://bugzilla.suse.com/show_bug.cgi?id=1023051 * https://bugzilla.suse.com/show_bug.cgi?id=1065729 * https://bugzilla.suse.com/show_bug.cgi?id=1120059 * https://bugzilla.suse.com/show_bug.cgi?id=1177719 * https://bugzilla.suse.com/show_bug.cgi?id=1187236 * https://bugzilla.suse.com/show_bug.cgi?id=1188885 * https://bugzilla.suse.com/show_bug.cgi?id=1193629 * https://bugzilla.suse.com/show_bug.cgi?id=1194869 * https://bugzilla.suse.com/show_bug.cgi?id=1203329 * https://bugzilla.suse.com/show_bug.cgi?id=1203330 * https://bugzilla.suse.com/show_bug.cgi?id=1205462 * https://bugzilla.suse.com/show_bug.cgi?id=1206453 * https://bugzilla.suse.com/show_bug.cgi?id=1208902 * https://bugzilla.suse.com/show_bug.cgi?id=1208949 * https://bugzilla.suse.com/show_bug.cgi?id=1208995 * https://bugzilla.suse.com/show_bug.cgi?id=1209284 * https://bugzilla.suse.com/show_bug.cgi?id=1209799 * https://bugzilla.suse.com/show_bug.cgi?id=1210048 * https://bugzilla.suse.com/show_bug.cgi?id=1210169 * https://bugzilla.suse.com/show_bug.cgi?id=1210448 * https://bugzilla.suse.com/show_bug.cgi?id=1210643 * https://bugzilla.suse.com/show_bug.cgi?id=1211220 * https://bugzilla.suse.com/show_bug.cgi?id=1212091 * https://bugzilla.suse.com/show_bug.cgi?id=1212142 * https://bugzilla.suse.com/show_bug.cgi?id=1212423 * https://bugzilla.suse.com/show_bug.cgi?id=1212526 * https://bugzilla.suse.com/show_bug.cgi?id=1212857 * https://bugzilla.suse.com/show_bug.cgi?id=1212873 * https://bugzilla.suse.com/show_bug.cgi?id=1213026 * https://bugzilla.suse.com/show_bug.cgi?id=1213123 * https://bugzilla.suse.com/show_bug.cgi?id=1213546 * https://bugzilla.suse.com/show_bug.cgi?id=1213580 * https://bugzilla.suse.com/show_bug.cgi?id=1213601 * https://bugzilla.suse.com/show_bug.cgi?id=1213666 * https://bugzilla.suse.com/show_bug.cgi?id=1213733 * https://bugzilla.suse.com/show_bug.cgi?id=1213757 * https://bugzilla.suse.com/show_bug.cgi?id=1213759 * https://bugzilla.suse.com/show_bug.cgi?id=1213916 * https://bugzilla.suse.com/show_bug.cgi?id=1213921 * https://bugzilla.suse.com/show_bug.cgi?id=1213927 * https://bugzilla.suse.com/show_bug.cgi?id=1213946 * https://bugzilla.suse.com/show_bug.cgi?id=1213949 * https://bugzilla.suse.com/show_bug.cgi?id=1213968 * https://bugzilla.suse.com/show_bug.cgi?id=1213970 * https://bugzilla.suse.com/show_bug.cgi?id=1213971 * https://bugzilla.suse.com/show_bug.cgi?id=1214000 * https://bugzilla.suse.com/show_bug.cgi?id=1214019 * https://bugzilla.suse.com/show_bug.cgi?id=1214073 * https://bugzilla.suse.com/show_bug.cgi?id=1214120 * https://bugzilla.suse.com/show_bug.cgi?id=1214149 * https://bugzilla.suse.com/show_bug.cgi?id=1214180 * https://bugzilla.suse.com/show_bug.cgi?id=1214233 * https://bugzilla.suse.com/show_bug.cgi?id=1214238 * https://bugzilla.suse.com/show_bug.cgi?id=1214285 * https://bugzilla.suse.com/show_bug.cgi?id=1214297 * https://bugzilla.suse.com/show_bug.cgi?id=1214299 * https://bugzilla.suse.com/show_bug.cgi?id=1214305 * https://bugzilla.suse.com/show_bug.cgi?id=1214350 * https://bugzilla.suse.com/show_bug.cgi?id=1214368 * https://bugzilla.suse.com/show_bug.cgi?id=1214370 * https://bugzilla.suse.com/show_bug.cgi?id=1214371 * https://bugzilla.suse.com/show_bug.cgi?id=1214372 * https://bugzilla.suse.com/show_bug.cgi?id=1214380 * https://bugzilla.suse.com/show_bug.cgi?id=1214386 * https://bugzilla.suse.com/show_bug.cgi?id=1214392 * https://bugzilla.suse.com/show_bug.cgi?id=1214393 * https://bugzilla.suse.com/show_bug.cgi?id=1214397 * https://bugzilla.suse.com/show_bug.cgi?id=1214404 * https://bugzilla.suse.com/show_bug.cgi?id=1214428 * https://bugzilla.suse.com/show_bug.cgi?id=1214451 * https://bugzilla.suse.com/show_bug.cgi?id=1214635 * https://bugzilla.suse.com/show_bug.cgi?id=1214659 * https://bugzilla.suse.com/show_bug.cgi?id=1214661 * https://bugzilla.suse.com/show_bug.cgi?id=1214727 * https://bugzilla.suse.com/show_bug.cgi?id=1214729 * https://bugzilla.suse.com/show_bug.cgi?id=1214742 * https://bugzilla.suse.com/show_bug.cgi?id=1214743 * https://bugzilla.suse.com/show_bug.cgi?id=1214756 * https://bugzilla.suse.com/show_bug.cgi?id=1214813 * https://bugzilla.suse.com/show_bug.cgi?id=1214873 * https://bugzilla.suse.com/show_bug.cgi?id=1214928 * https://bugzilla.suse.com/show_bug.cgi?id=1214976 * https://bugzilla.suse.com/show_bug.cgi?id=1214988 * https://bugzilla.suse.com/show_bug.cgi?id=1215123 * https://bugzilla.suse.com/show_bug.cgi?id=1215124 * https://bugzilla.suse.com/show_bug.cgi?id=1215148 * https://bugzilla.suse.com/show_bug.cgi?id=1215221 * https://bugzilla.suse.com/show_bug.cgi?id=1215523 * https://jira.suse.com/browse/PED-2023 * https://jira.suse.com/browse/PED-2025 * https://jira.suse.com/browse/PED-3924 * https://jira.suse.com/browse/PED-4579 * https://jira.suse.com/browse/PED-4759 * https://jira.suse.com/browse/PED-4927 * https://jira.suse.com/browse/PED-4929 * https://jira.suse.com/browse/PED-5738 * https://jira.suse.com/browse/PED-6003 * https://jira.suse.com/browse/PED-6004 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 5 16:30:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 05 Oct 2023 16:30:25 -0000 Subject: SUSE-SU-2023:3989-1: moderate: Security update for libX11 Message-ID: <169652342513.12971.17537827113922788704@smelt2.prg2.suse.org> # Security update for libX11 Announcement ID: SUSE-SU-2023:3989-1 Rating: moderate References: * #1215683 * #1215684 * #1215685 Cross-References: * CVE-2023-43785 * CVE-2023-43786 * CVE-2023-43787 CVSS scores: * CVE-2023-43785 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L * CVE-2023-43786 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-43787 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for libX11 fixes the following issues: * CVE-2023-43786: Fixed stack exhaustion from infinite recursion in PutSubImage() (bsc#1215684). * CVE-2023-43787: Fixed integer overflow in XCreateImage() leading to a heap overflow (bsc#1215685). * CVE-2023-43785: Fixed out-of-bounds memory access in _XkbReadKeySyms() (bsc#1215683). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3989=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3989=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3989=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3989=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libX11-debugsource-1.6.2-12.33.1 * libX11-devel-1.6.2-12.33.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libX11-6-debuginfo-1.6.2-12.33.1 * libX11-xcb1-debuginfo-1.6.2-12.33.1 * libX11-6-1.6.2-12.33.1 * libX11-debugsource-1.6.2-12.33.1 * libX11-xcb1-1.6.2-12.33.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * libX11-data-1.6.2-12.33.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libX11-6-debuginfo-32bit-1.6.2-12.33.1 * libX11-xcb1-32bit-1.6.2-12.33.1 * libX11-xcb1-debuginfo-32bit-1.6.2-12.33.1 * libX11-6-32bit-1.6.2-12.33.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libX11-6-debuginfo-1.6.2-12.33.1 * libX11-xcb1-debuginfo-1.6.2-12.33.1 * libX11-6-1.6.2-12.33.1 * libX11-debugsource-1.6.2-12.33.1 * libX11-xcb1-1.6.2-12.33.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * libX11-data-1.6.2-12.33.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libX11-6-debuginfo-32bit-1.6.2-12.33.1 * libX11-xcb1-32bit-1.6.2-12.33.1 * libX11-xcb1-debuginfo-32bit-1.6.2-12.33.1 * libX11-6-32bit-1.6.2-12.33.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libX11-6-debuginfo-1.6.2-12.33.1 * libX11-xcb1-debuginfo-1.6.2-12.33.1 * libX11-6-1.6.2-12.33.1 * libX11-debugsource-1.6.2-12.33.1 * libX11-xcb1-1.6.2-12.33.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * libX11-data-1.6.2-12.33.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libX11-6-debuginfo-32bit-1.6.2-12.33.1 * libX11-xcb1-32bit-1.6.2-12.33.1 * libX11-xcb1-debuginfo-32bit-1.6.2-12.33.1 * libX11-6-32bit-1.6.2-12.33.1 ## References: * https://www.suse.com/security/cve/CVE-2023-43785.html * https://www.suse.com/security/cve/CVE-2023-43786.html * https://www.suse.com/security/cve/CVE-2023-43787.html * https://bugzilla.suse.com/show_bug.cgi?id=1215683 * https://bugzilla.suse.com/show_bug.cgi?id=1215684 * https://bugzilla.suse.com/show_bug.cgi?id=1215685 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 5 16:30:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 05 Oct 2023 16:30:26 -0000 Subject: SUSE-SU-2023:3987-1: moderate: Security update for tomcat Message-ID: <169652342691.12971.5374550527073048988@smelt2.prg2.suse.org> # Security update for tomcat Announcement ID: SUSE-SU-2023:3987-1 Rating: moderate References: * #1214666 Cross-References: * CVE-2023-41080 CVSS scores: * CVE-2023-41080 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2023-41080 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for tomcat fixes the following issues: * CVE-2023-41080: Fixed URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature (bsc#1214666). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3987=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3987=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3987=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * tomcat-servlet-4_0-api-9.0.36-3.108.1 * tomcat-javadoc-9.0.36-3.108.1 * tomcat-docs-webapp-9.0.36-3.108.1 * tomcat-9.0.36-3.108.1 * tomcat-jsp-2_3-api-9.0.36-3.108.1 * tomcat-lib-9.0.36-3.108.1 * tomcat-webapps-9.0.36-3.108.1 * tomcat-el-3_0-api-9.0.36-3.108.1 * tomcat-admin-webapps-9.0.36-3.108.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * tomcat-servlet-4_0-api-9.0.36-3.108.1 * tomcat-javadoc-9.0.36-3.108.1 * tomcat-docs-webapp-9.0.36-3.108.1 * tomcat-9.0.36-3.108.1 * tomcat-jsp-2_3-api-9.0.36-3.108.1 * tomcat-lib-9.0.36-3.108.1 * tomcat-webapps-9.0.36-3.108.1 * tomcat-el-3_0-api-9.0.36-3.108.1 * tomcat-admin-webapps-9.0.36-3.108.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * tomcat-servlet-4_0-api-9.0.36-3.108.1 * tomcat-javadoc-9.0.36-3.108.1 * tomcat-docs-webapp-9.0.36-3.108.1 * tomcat-9.0.36-3.108.1 * tomcat-jsp-2_3-api-9.0.36-3.108.1 * tomcat-lib-9.0.36-3.108.1 * tomcat-webapps-9.0.36-3.108.1 * tomcat-el-3_0-api-9.0.36-3.108.1 * tomcat-admin-webapps-9.0.36-3.108.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41080.html * https://bugzilla.suse.com/show_bug.cgi?id=1214666 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 5 16:30:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 05 Oct 2023 16:30:29 -0000 Subject: SUSE-RU-2023:3986-1: important: Recommended update for suse-module-tools Message-ID: <169652342922.12971.523000461041033556@smelt2.prg2.suse.org> # Recommended update for suse-module-tools Announcement ID: SUSE-RU-2023:3986-1 Rating: important References: * #1201066 * #1213428 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two fixes can now be installed. ## Description: This update for suse-module-tools fixes the following issues: * Update to version 15.4.17: * cert-script: warn only once about non-writable efivarfs * cert-script: skip cert handling if efivarfs is not writable (bsc#1213428, bsc#1201066) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3986=1 openSUSE-SLE-15.4-2023-3986=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3986=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3986=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3986=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3986=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3986=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * suse-module-tools-legacy-15.4.17-150400.3.11.1 * suse-module-tools-15.4.17-150400.3.11.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * suse-module-tools-15.4.17-150400.3.11.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * suse-module-tools-15.4.17-150400.3.11.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * suse-module-tools-15.4.17-150400.3.11.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * suse-module-tools-15.4.17-150400.3.11.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * suse-module-tools-15.4.17-150400.3.11.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1201066 * https://bugzilla.suse.com/show_bug.cgi?id=1213428 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 5 16:30:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 05 Oct 2023 16:30:31 -0000 Subject: SUSE-RU-2023:3985-1: important: Recommended update for suse-module-tools Message-ID: <169652343136.12971.5315605930978220238@smelt2.prg2.suse.org> # Recommended update for suse-module-tools Announcement ID: SUSE-RU-2023:3985-1 Rating: important References: * #1201066 * #1212957 * #1213428 * #1213822 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has four fixes can now be installed. ## Description: This update for suse-module-tools fixes the following issues: * Update to version 15.5.2: * rpm-script: update bootloader after creating initramfs (bsc#1213822) * rpm-script: generate initrd when INITRD_IN_POSTTRANS is set (bsc#1212957) * cert-script: skip cert handling if efivarfs is not writable (bsc#1213428, bsc#1201066) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3985=1 SUSE-2023-3985=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3985=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * suse-module-tools-legacy-15.5.2-150500.3.3.1 * suse-module-tools-15.5.2-150500.3.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * suse-module-tools-15.5.2-150500.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1201066 * https://bugzilla.suse.com/show_bug.cgi?id=1212957 * https://bugzilla.suse.com/show_bug.cgi?id=1213428 * https://bugzilla.suse.com/show_bug.cgi?id=1213822 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 6 07:08:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Oct 2023 09:08:49 +0200 (CEST) Subject: SUSE-CU-2023:3277-1: Security update of suse/postgres Message-ID: <20231006070849.69C20FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3277-1 Container Tags : suse/postgres:14 , suse/postgres:14-22.71 , suse/postgres:14.9 , suse/postgres:14.9-22.71 Container Release : 22.71 Severity : important Type : security References : 1211078 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) The following package changes have been done: - libeconf0-0.5.2-150400.3.6.1 updated - container:sles15-image-15.0.0-27.14.103 updated From sle-updates at lists.suse.com Fri Oct 6 07:09:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Oct 2023 09:09:50 +0200 (CEST) Subject: SUSE-CU-2023:3278-1: Security update of bci/python Message-ID: <20231006070950.C1810FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3278-1 Container Tags : bci/python:3 , bci/python:3-15.61 , bci/python:3.10 , bci/python:3.10-15.61 Container Release : 15.61 Severity : important Type : security References : 1211078 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) The following package changes have been done: - libeconf0-0.5.2-150400.3.6.1 updated - container:sles15-image-15.0.0-27.14.103 updated From sle-updates at lists.suse.com Fri Oct 6 07:10:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Oct 2023 09:10:44 +0200 (CEST) Subject: SUSE-CU-2023:3279-1: Recommended update of suse/sle15 Message-ID: <20231006071044.C0E2EFCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3279-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.103 , suse/sle15:15.4 , suse/sle15:15.4.27.14.103 Container Release : 27.14.103 Severity : moderate Type : recommended References : 1213854 1214292 1214395 1215007 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3973-1 Released: Thu Oct 5 10:14:49 2023 Summary: Recommended update for zypper Type: recommended Severity: moderate References: 1213854,1214292,1214395,1215007 This update for zypper fixes the following issues: - Fix name of the bash completion script (bsc#1215007) - Update notes about failing signature checks (bsc#1214395) - Improve the SIGINT handler to be signal safe (bsc#1214292) - Update to version 1.14.64 - Changed location of bash completion script (bsc#1213854). The following package changes have been done: - zypper-1.14.64-150400.3.32.1 updated From sle-updates at lists.suse.com Fri Oct 6 07:12:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Oct 2023 09:12:41 +0200 (CEST) Subject: SUSE-CU-2023:3286-1: Security update of bci/golang Message-ID: <20231006071241.AE91BFCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3286-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-2.4.6 , bci/golang:oldstable , bci/golang:oldstable-2.4.6 Container Release : 4.6 Severity : important Type : security References : 1173407 1211078 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1906-1 Released: Tue Jul 14 15:58:16 2020 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: 1173407 This update for lifecycle-data-sle-module-development-tools fixes the following issue: - Ensure package is installed with its corresponding module when lifecycle package is installed. (bsc#1173407) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3603-1 Released: Wed Dec 2 15:11:46 2020 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Added expiration data for the GCC 9 yearly update for the Toolchain/Development modules. (jsc#ECO-2373, jsc#SLE-10950, jsc#SLE-10951) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2245-1 Released: Mon Jul 5 12:14:52 2021 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - mark go1.14 as 'end of life' as go1.16 was released and we only support 2 go versions parallel (jsc#ECO-1484) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:950-1 Released: Fri Mar 25 12:47:04 2022 Summary: Feature update for lifecycle-data-sle-module-development-tools Type: feature Severity: moderate References: This feature update for lifecycle-data-sle-module-development-tools fixes the following issues: - Added expiration data for GCC 10 yearly update for the Toolchain/Development modules (jsc#ECO-2373, jsc#SLE-16821, jsc#SLE-16822) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:2523-1 Released: Fri Jun 16 11:15:25 2023 Summary: Feature update for lifecycle-data-sle-module-development-tools Type: feature Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Added expiration data for GCC 11 yearly update for the Toolchain/Development modules (jsc#SLE-25046, jsc#SLE-25045, jsc#SLE-25044, jsc#PED-2030, jsc#PED-2033, jsc#PED-2035) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) The following package changes have been done: - libeconf0-0.5.2-150400.3.6.1 updated - lifecycle-data-sle-module-development-tools-1-150200.3.16.1 added - container:sles15-image-15.0.0-36.5.39 updated From sle-updates at lists.suse.com Fri Oct 6 07:14:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Oct 2023 09:14:05 +0200 (CEST) Subject: SUSE-CU-2023:3292-1: Security update of bci/openjdk Message-ID: <20231006071405.87934FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3292-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-11.6 Container Release : 11.6 Severity : important Type : security References : 1211078 1215683 1215684 1215685 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 CVE-2023-43785 CVE-2023-43786 CVE-2023-43787 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3963-1 Released: Wed Oct 4 09:24:32 2023 Summary: Security update for libX11 Type: security Severity: moderate References: 1215683,1215684,1215685,CVE-2023-43785,CVE-2023-43786,CVE-2023-43787 This update for libX11 fixes the following issues: - CVE-2023-43786: Fixed stack exhaustion from infinite recursion in PutSubImage() (bsc#1215684). - CVE-2023-43787: Fixed integer overflow in XCreateImage() leading to a heap overflow (bsc#1215685). - CVE-2023-43785: Fixed out-of-bounds memory access in _XkbReadKeySyms() (bsc#1215683). The following package changes have been done: - libeconf0-0.5.2-150400.3.6.1 updated - libX11-data-1.6.5-150000.3.33.1 updated - libX11-6-1.6.5-150000.3.33.1 updated - container:sles15-image-15.0.0-36.5.39 updated From sle-updates at lists.suse.com Fri Oct 6 07:16:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Oct 2023 09:16:55 +0200 (CEST) Subject: SUSE-CU-2023:3303-1: Recommended update of suse/sle15 Message-ID: <20231006071655.50FD2FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3303-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.39 , suse/sle15:15.5 , suse/sle15:15.5.36.5.39 Container Release : 36.5.39 Severity : moderate Type : recommended References : 1213854 1214292 1214395 1215007 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3973-1 Released: Thu Oct 5 10:14:49 2023 Summary: Recommended update for zypper Type: recommended Severity: moderate References: 1213854,1214292,1214395,1215007 This update for zypper fixes the following issues: - Fix name of the bash completion script (bsc#1215007) - Update notes about failing signature checks (bsc#1214395) - Improve the SIGINT handler to be signal safe (bsc#1214292) - Update to version 1.14.64 - Changed location of bash completion script (bsc#1213854). The following package changes have been done: - zypper-1.14.64-150400.3.32.1 updated From sle-updates at lists.suse.com Fri Oct 6 08:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 06 Oct 2023 08:30:01 -0000 Subject: SUSE-RU-2023:3991-1: moderate: Recommended update for spack Message-ID: <169658100184.4935.11534923993935487740@smelt2.prg2.suse.org> # Recommended update for spack Announcement ID: SUSE-RU-2023:3991-1 Rating: moderate References: * #1214222 Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 An update that has one fix can now be installed. ## Description: This update for spack fixes the following issues: * Update to version 0.20.1 with the following changes: * Package level fixes: * Fix SPACK_ROOT setting in /etc/profile.d/spack.[c]sh (bsc#1214222). * Add hwloc-devel and sqlite3 to the packages that trigger a `spack external find`. * Make sure, libhwloc and hwloc are installed together when spack is installed. * Bug fixes: * Fix spec removed from an environment where not actually removed if `--force` was not given. * Hotfix for a few recipes that treat CMake as a link dependency. * Fix re-running stand-alone test a second time, which was getting a trailing spurious failure. * Fix reading JSON manifest on Cray, reporting non-concrete specs. * Fix a few bugs when generating Dockerfiles from Spack. * Fix a few long-standing bugs when generating module files. * Fix issues with building Python extensions when using an external Python. * Fix `spack compiler remove`: remove from command line even if they appear in different scopes. * Features: * Speed-up module file generation. * Show external status as `[e]`. * Backport `archspec` fixes. * Improve a few error messages. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3991=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3991=1 ## Package List: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * spack-info-0.20.1-150300.5.22.1 * spack-man-0.20.1-150300.5.22.1 * spack-recipes-0.20.1-150300.5.22.1 * spack-0.20.1-150300.5.22.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * spack-info-0.20.1-150300.5.22.1 * spack-man-0.20.1-150300.5.22.1 * spack-recipes-0.20.1-150300.5.22.1 * spack-0.20.1-150300.5.22.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214222 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 6 08:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 06 Oct 2023 08:30:03 -0000 Subject: SUSE-RU-2023:3990-1: moderate: Recommended update for spack Message-ID: <169658100358.4935.6283113827657368306@smelt2.prg2.suse.org> # Recommended update for spack Announcement ID: SUSE-RU-2023:3990-1 Rating: moderate References: * #1214222 Affected Products: * HPC Module 15-SP4 * HPC Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 An update that has one fix can now be installed. ## Description: This update for spack fixes the following issues: * Update to version 0.20.1 with the following changes: * Package level fixes: * Fix SPACK_ROOT setting in /etc/profile.d/spack.[c]sh (bsc#1214222). * Add hwloc-devel and sqlite3 to the packages that trigger a `spack external find`. * Make sure, libhwloc and hwloc are installed together when spack is installed. * Bug fixes: * Fix spec removed from an environment where not actually removed if `--force` was not given. * Hotfix for a few recipes that treat CMake as a link dependency. * Fix re-running stand-alone test a second time, which was getting a trailing spurious failure. * Fix reading JSON manifest on Cray, reporting non-concrete specs. * Fix a few bugs when generating Dockerfiles from Spack. * Fix a few long-standing bugs when generating module files. * Fix issues with building Python extensions when using an external Python. * Fix `spack compiler remove`: remove from command line even if they appear in different scopes. * Features: * Speed-up module file generation. * Show external status as `[e]`. * Backport `archspec` fixes. * Improve a few error messages. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3990=1 openSUSE-SLE-15.4-2023-3990=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3990=1 * HPC Module 15-SP4 zypper in -t patch SUSE-SLE-Module-HPC-15-SP4-2023-3990=1 * HPC Module 15-SP5 zypper in -t patch SUSE-SLE-Module-HPC-15-SP5-2023-3990=1 ## Package List: * openSUSE Leap 15.4 (noarch) * spack-recipes-0.20.1-150400.12.9.8.1 * spack-man-0.20.1-150400.12.9.8.1 * spack-0.20.1-150400.12.9.8.1 * spack-info-0.20.1-150400.12.9.8.1 * openSUSE Leap 15.5 (noarch) * spack-recipes-0.20.1-150400.12.9.8.1 * spack-man-0.20.1-150400.12.9.8.1 * spack-0.20.1-150400.12.9.8.1 * spack-info-0.20.1-150400.12.9.8.1 * HPC Module 15-SP4 (noarch) * spack-recipes-0.20.1-150400.12.9.8.1 * spack-man-0.20.1-150400.12.9.8.1 * spack-0.20.1-150400.12.9.8.1 * spack-info-0.20.1-150400.12.9.8.1 * HPC Module 15-SP5 (noarch) * spack-recipes-0.20.1-150400.12.9.8.1 * spack-man-0.20.1-150400.12.9.8.1 * spack-0.20.1-150400.12.9.8.1 * spack-info-0.20.1-150400.12.9.8.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214222 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 6 12:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 06 Oct 2023 12:30:01 -0000 Subject: SUSE-RU-2023:3996-1: moderate: Recommended update for git Message-ID: <169659540185.20546.5283885899068926577@smelt2.prg2.suse.org> # Recommended update for git Announcement ID: SUSE-RU-2023:3996-1 Rating: moderate References: * #1215533 Affected Products: * HPE Helion OpenStack 8 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE OpenStack Cloud 8 An update that has one fix can now be installed. ## Description: This update for git fixes the following issues: * Downgrade openssh and rsync dependency to recommends (bsc#1215533) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * HPE Helion OpenStack 8 zypper in -t patch HPE-Helion-OpenStack-8-2023-3996=1 * SUSE OpenStack Cloud 8 zypper in -t patch SUSE-OpenStack-Cloud-8-2023-3996=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3996=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3996=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3996=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3996=1 ## Package List: * HPE Helion OpenStack 8 (x86_64) * git-debugsource-2.26.2-27.72.1 * git-2.26.2-27.72.1 * SUSE OpenStack Cloud 8 (x86_64) * git-debugsource-2.26.2-27.72.1 * git-2.26.2-27.72.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * git-gui-2.26.2-27.72.1 * git-web-2.26.2-27.72.1 * git-core-debuginfo-2.26.2-27.72.1 * git-arch-2.26.2-27.72.1 * git-core-2.26.2-27.72.1 * git-daemon-2.26.2-27.72.1 * git-svn-2.26.2-27.72.1 * git-debugsource-2.26.2-27.72.1 * git-2.26.2-27.72.1 * git-email-2.26.2-27.72.1 * git-daemon-debuginfo-2.26.2-27.72.1 * gitk-2.26.2-27.72.1 * git-cvs-2.26.2-27.72.1 * git-svn-debuginfo-2.26.2-27.72.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch) * git-doc-2.26.2-27.72.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * git-gui-2.26.2-27.72.1 * git-web-2.26.2-27.72.1 * git-core-debuginfo-2.26.2-27.72.1 * git-daemon-2.26.2-27.72.1 * git-core-2.26.2-27.72.1 * git-svn-2.26.2-27.72.1 * git-debugsource-2.26.2-27.72.1 * git-2.26.2-27.72.1 * git-email-2.26.2-27.72.1 * git-daemon-debuginfo-2.26.2-27.72.1 * gitk-2.26.2-27.72.1 * git-cvs-2.26.2-27.72.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * git-gui-2.26.2-27.72.1 * git-web-2.26.2-27.72.1 * git-core-debuginfo-2.26.2-27.72.1 * git-daemon-2.26.2-27.72.1 * git-core-2.26.2-27.72.1 * git-svn-2.26.2-27.72.1 * git-debugsource-2.26.2-27.72.1 * git-2.26.2-27.72.1 * git-email-2.26.2-27.72.1 * git-daemon-debuginfo-2.26.2-27.72.1 * gitk-2.26.2-27.72.1 * git-cvs-2.26.2-27.72.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * git-gui-2.26.2-27.72.1 * git-web-2.26.2-27.72.1 * git-core-debuginfo-2.26.2-27.72.1 * git-daemon-2.26.2-27.72.1 * git-core-2.26.2-27.72.1 * git-svn-2.26.2-27.72.1 * git-debugsource-2.26.2-27.72.1 * git-2.26.2-27.72.1 * git-email-2.26.2-27.72.1 * git-daemon-debuginfo-2.26.2-27.72.1 * gitk-2.26.2-27.72.1 * git-cvs-2.26.2-27.72.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215533 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 6 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 06 Oct 2023 12:30:02 -0000 Subject: SUSE-RU-2023:3995-1: moderate: Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server Message-ID: <169659540292.20546.11024061584923564429@smelt2.prg2.suse.org> # Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server Announcement ID: SUSE-RU-2023:3995-1 Rating: moderate References: * MSQA-705 Affected Products: * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 Module 4.3 An update that contains one feature can now be installed. ## Description: This update fixes the following issues: susemanager-docs_en: * Base server version corrected in the Installation and Upgrade Guide How to apply this update: 1. Log in as root user to the SUSE Manager Server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Server 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-3995=1 ## Package List: * SUSE Manager Server 4.3 Module 4.3 (noarch) * susemanager-docs_en-pdf-4.3-150400.9.41.2 * susemanager-docs_en-4.3-150400.9.41.2 ## References: * https://jira.suse.com/browse/MSQA-705 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 6 12:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 06 Oct 2023 12:30:05 -0000 Subject: SUSE-RU-2023:3994-1: moderate: Recommended update for git Message-ID: <169659540547.20546.17085739066195661387@smelt2.prg2.suse.org> # Recommended update for git Announcement ID: SUSE-RU-2023:3994-1 Rating: moderate References: * #1215533 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for git fixes the following issues: * Downgrade openssh dependency to recommends (bsc#1215533) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3994=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3994=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-3994=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3994=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3994=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3994=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3994=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3994=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3994=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3994=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * git-arch-2.35.3-150300.10.30.1 * git-cvs-2.35.3-150300.10.30.1 * git-email-2.35.3-150300.10.30.1 * gitk-2.35.3-150300.10.30.1 * git-credential-libsecret-2.35.3-150300.10.30.1 * git-core-2.35.3-150300.10.30.1 * git-debugsource-2.35.3-150300.10.30.1 * git-core-debuginfo-2.35.3-150300.10.30.1 * git-gui-2.35.3-150300.10.30.1 * git-p4-2.35.3-150300.10.30.1 * git-svn-2.35.3-150300.10.30.1 * git-debuginfo-2.35.3-150300.10.30.1 * perl-Git-2.35.3-150300.10.30.1 * git-2.35.3-150300.10.30.1 * git-credential-libsecret-debuginfo-2.35.3-150300.10.30.1 * git-web-2.35.3-150300.10.30.1 * git-daemon-2.35.3-150300.10.30.1 * git-credential-gnome-keyring-2.35.3-150300.10.30.1 * git-credential-gnome-keyring-debuginfo-2.35.3-150300.10.30.1 * git-daemon-debuginfo-2.35.3-150300.10.30.1 * openSUSE Leap 15.4 (noarch) * git-doc-2.35.3-150300.10.30.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * git-arch-2.35.3-150300.10.30.1 * git-cvs-2.35.3-150300.10.30.1 * git-email-2.35.3-150300.10.30.1 * gitk-2.35.3-150300.10.30.1 * git-credential-libsecret-2.35.3-150300.10.30.1 * git-core-2.35.3-150300.10.30.1 * git-debugsource-2.35.3-150300.10.30.1 * git-core-debuginfo-2.35.3-150300.10.30.1 * git-gui-2.35.3-150300.10.30.1 * git-p4-2.35.3-150300.10.30.1 * git-svn-2.35.3-150300.10.30.1 * git-debuginfo-2.35.3-150300.10.30.1 * perl-Git-2.35.3-150300.10.30.1 * git-2.35.3-150300.10.30.1 * git-credential-libsecret-debuginfo-2.35.3-150300.10.30.1 * git-web-2.35.3-150300.10.30.1 * git-daemon-2.35.3-150300.10.30.1 * git-credential-gnome-keyring-2.35.3-150300.10.30.1 * git-credential-gnome-keyring-debuginfo-2.35.3-150300.10.30.1 * git-daemon-debuginfo-2.35.3-150300.10.30.1 * openSUSE Leap 15.5 (noarch) * git-doc-2.35.3-150300.10.30.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * git-core-2.35.3-150300.10.30.1 * git-debugsource-2.35.3-150300.10.30.1 * git-core-debuginfo-2.35.3-150300.10.30.1 * perl-Git-2.35.3-150300.10.30.1 * git-debuginfo-2.35.3-150300.10.30.1 * git-2.35.3-150300.10.30.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * git-core-debuginfo-2.35.3-150300.10.30.1 * git-debuginfo-2.35.3-150300.10.30.1 * git-core-2.35.3-150300.10.30.1 * git-debugsource-2.35.3-150300.10.30.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * git-core-debuginfo-2.35.3-150300.10.30.1 * git-debuginfo-2.35.3-150300.10.30.1 * git-core-2.35.3-150300.10.30.1 * git-debugsource-2.35.3-150300.10.30.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * git-arch-2.35.3-150300.10.30.1 * git-cvs-2.35.3-150300.10.30.1 * git-email-2.35.3-150300.10.30.1 * gitk-2.35.3-150300.10.30.1 * git-gui-2.35.3-150300.10.30.1 * git-debugsource-2.35.3-150300.10.30.1 * perl-Git-2.35.3-150300.10.30.1 * git-svn-2.35.3-150300.10.30.1 * git-debuginfo-2.35.3-150300.10.30.1 * git-2.35.3-150300.10.30.1 * git-web-2.35.3-150300.10.30.1 * git-daemon-2.35.3-150300.10.30.1 * git-daemon-debuginfo-2.35.3-150300.10.30.1 * Development Tools Module 15-SP4 (noarch) * git-doc-2.35.3-150300.10.30.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * git-arch-2.35.3-150300.10.30.1 * git-cvs-2.35.3-150300.10.30.1 * git-email-2.35.3-150300.10.30.1 * gitk-2.35.3-150300.10.30.1 * git-gui-2.35.3-150300.10.30.1 * git-debugsource-2.35.3-150300.10.30.1 * perl-Git-2.35.3-150300.10.30.1 * git-svn-2.35.3-150300.10.30.1 * git-debuginfo-2.35.3-150300.10.30.1 * git-2.35.3-150300.10.30.1 * git-web-2.35.3-150300.10.30.1 * git-daemon-2.35.3-150300.10.30.1 * git-daemon-debuginfo-2.35.3-150300.10.30.1 * Development Tools Module 15-SP5 (noarch) * git-doc-2.35.3-150300.10.30.1 * SUSE Manager Proxy 4.2 (x86_64) * git-core-2.35.3-150300.10.30.1 * perl-Git-2.35.3-150300.10.30.1 * git-core-debuginfo-2.35.3-150300.10.30.1 * git-debugsource-2.35.3-150300.10.30.1 * git-debuginfo-2.35.3-150300.10.30.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * git-core-2.35.3-150300.10.30.1 * perl-Git-2.35.3-150300.10.30.1 * git-core-debuginfo-2.35.3-150300.10.30.1 * git-debugsource-2.35.3-150300.10.30.1 * git-debuginfo-2.35.3-150300.10.30.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * git-core-2.35.3-150300.10.30.1 * perl-Git-2.35.3-150300.10.30.1 * git-core-debuginfo-2.35.3-150300.10.30.1 * git-debugsource-2.35.3-150300.10.30.1 * git-debuginfo-2.35.3-150300.10.30.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215533 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 6 12:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 06 Oct 2023 12:30:07 -0000 Subject: SUSE-RU-2023:3993-1: moderate: Recommended update for rust1.72 Message-ID: <169659540732.20546.3093462787938896993@smelt2.prg2.suse.org> # Recommended update for rust1.72 Announcement ID: SUSE-RU-2023:3993-1 Rating: moderate References: * #1215834 Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for rust1.72 fixes the following issues: * use gcc12 instead of gcc11 (bsc#1215834) # Version 1.72.1 (2023-09-19) * Adjust codegen change to improve LLVM codegen * rustdoc: Fix self ty params in objects with lifetimes * Fix regression in compile times * Resolve some ICE regressions in the compiler. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3993=1 openSUSE-SLE-15.4-2023-3993=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3993=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3993=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3993=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * rust1.72-debuginfo-1.72.1-150400.9.6.1 * cargo1.72-debuginfo-1.72.1-150400.9.6.1 * cargo1.72-1.72.1-150400.9.6.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586 nosrc) * rust1.72-1.72.1-150400.9.6.1 * openSUSE Leap 15.4 (nosrc) * rust1.72-test-1.72.1-150400.9.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * rust1.72-debuginfo-1.72.1-150400.9.6.1 * cargo1.72-debuginfo-1.72.1-150400.9.6.1 * cargo1.72-1.72.1-150400.9.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc) * rust1.72-1.72.1-150400.9.6.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * rust1.72-debuginfo-1.72.1-150400.9.6.1 * cargo1.72-debuginfo-1.72.1-150400.9.6.1 * cargo1.72-1.72.1-150400.9.6.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64 nosrc) * rust1.72-1.72.1-150400.9.6.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * rust1.72-debuginfo-1.72.1-150400.9.6.1 * cargo1.72-debuginfo-1.72.1-150400.9.6.1 * cargo1.72-1.72.1-150400.9.6.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64 nosrc) * rust1.72-1.72.1-150400.9.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215834 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 6 12:47:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Oct 2023 14:47:21 +0200 (CEST) Subject: SUSE-CU-2023:3304-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20231006124721.BB2BEFCE7@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3304-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.225 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.225 Severity : important Type : recommended References : 1201066 1213428 1213854 1214292 1214395 1215007 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3973-1 Released: Thu Oct 5 10:14:49 2023 Summary: Recommended update for zypper Type: recommended Severity: moderate References: 1213854,1214292,1214395,1215007 This update for zypper fixes the following issues: - Fix name of the bash completion script (bsc#1215007) - Update notes about failing signature checks (bsc#1214395) - Improve the SIGINT handler to be signal safe (bsc#1214292) - Update to version 1.14.64 - Changed location of bash completion script (bsc#1213854). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3986-1 Released: Thu Oct 5 14:07:58 2023 Summary: Recommended update for suse-module-tools Type: recommended Severity: important References: 1201066,1213428 This update for suse-module-tools fixes the following issues: - Update to version 15.4.17: * cert-script: warn only once about non-writable efivarfs * cert-script: skip cert handling if efivarfs is not writable (bsc#1213428, bsc#1201066) The following package changes have been done: - suse-module-tools-15.4.17-150400.3.11.1 updated - zypper-1.14.64-150400.3.32.1 updated - container:sles15-image-15.0.0-27.14.103 updated From sle-updates at lists.suse.com Fri Oct 6 12:48:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Oct 2023 14:48:12 +0200 (CEST) Subject: SUSE-CU-2023:3305-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20231006124812.EA6E8FCE7@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3305-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.123 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.123 Severity : important Type : recommended References : 1201066 1213428 1213854 1214292 1214395 1215007 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3973-1 Released: Thu Oct 5 10:14:49 2023 Summary: Recommended update for zypper Type: recommended Severity: moderate References: 1213854,1214292,1214395,1215007 This update for zypper fixes the following issues: - Fix name of the bash completion script (bsc#1215007) - Update notes about failing signature checks (bsc#1214395) - Improve the SIGINT handler to be signal safe (bsc#1214292) - Update to version 1.14.64 - Changed location of bash completion script (bsc#1213854). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3986-1 Released: Thu Oct 5 14:07:58 2023 Summary: Recommended update for suse-module-tools Type: recommended Severity: important References: 1201066,1213428 This update for suse-module-tools fixes the following issues: - Update to version 15.4.17: * cert-script: warn only once about non-writable efivarfs * cert-script: skip cert handling if efivarfs is not writable (bsc#1213428, bsc#1201066) The following package changes have been done: - suse-module-tools-15.4.17-150400.3.11.1 updated - zypper-1.14.64-150400.3.32.1 updated - container:sles15-image-15.0.0-27.14.103 updated From sle-updates at lists.suse.com Fri Oct 6 12:48:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Oct 2023 14:48:29 +0200 (CEST) Subject: SUSE-CU-2023:3306-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20231006124829.A7C80FCE7@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3306-1 Container Tags : suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.66 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.66 Severity : important Type : recommended References : 1201066 1212957 1213428 1213822 1213854 1214292 1214395 1215007 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3973-1 Released: Thu Oct 5 10:14:49 2023 Summary: Recommended update for zypper Type: recommended Severity: moderate References: 1213854,1214292,1214395,1215007 This update for zypper fixes the following issues: - Fix name of the bash completion script (bsc#1215007) - Update notes about failing signature checks (bsc#1214395) - Improve the SIGINT handler to be signal safe (bsc#1214292) - Update to version 1.14.64 - Changed location of bash completion script (bsc#1213854). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3985-1 Released: Thu Oct 5 14:05:51 2023 Summary: Recommended update for suse-module-tools Type: recommended Severity: important References: 1201066,1212957,1213428,1213822 This update for suse-module-tools fixes the following issues: - Update to version 15.5.2: * rpm-script: update bootloader after creating initramfs (bsc#1213822) * rpm-script: generate initrd when INITRD_IN_POSTTRANS is set (bsc#1212957) * cert-script: skip cert handling if efivarfs is not writable (bsc#1213428, bsc#1201066) The following package changes have been done: - suse-module-tools-15.5.2-150500.3.3.1 updated - zypper-1.14.64-150400.3.32.1 updated - container:sles15-image-15.0.0-36.5.39 updated From sle-updates at lists.suse.com Fri Oct 6 12:50:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Oct 2023 14:50:41 +0200 (CEST) Subject: SUSE-CU-2023:3309-1: Recommended update of bci/python Message-ID: <20231006125041.ECE33FCE7@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3309-1 Container Tags : bci/python:3 , bci/python:3-12.1 , bci/python:3.11 , bci/python:3.11-12.1 , bci/python:latest Container Release : 12.1 Severity : moderate Type : recommended References : 1173407 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1906-1 Released: Tue Jul 14 15:58:16 2020 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: 1173407 This update for lifecycle-data-sle-module-development-tools fixes the following issue: - Ensure package is installed with its corresponding module when lifecycle package is installed. (bsc#1173407) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3603-1 Released: Wed Dec 2 15:11:46 2020 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Added expiration data for the GCC 9 yearly update for the Toolchain/Development modules. (jsc#ECO-2373, jsc#SLE-10950, jsc#SLE-10951) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2245-1 Released: Mon Jul 5 12:14:52 2021 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - mark go1.14 as 'end of life' as go1.16 was released and we only support 2 go versions parallel (jsc#ECO-1484) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:950-1 Released: Fri Mar 25 12:47:04 2022 Summary: Feature update for lifecycle-data-sle-module-development-tools Type: feature Severity: moderate References: This feature update for lifecycle-data-sle-module-development-tools fixes the following issues: - Added expiration data for GCC 10 yearly update for the Toolchain/Development modules (jsc#ECO-2373, jsc#SLE-16821, jsc#SLE-16822) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:2523-1 Released: Fri Jun 16 11:15:25 2023 Summary: Feature update for lifecycle-data-sle-module-development-tools Type: feature Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Added expiration data for GCC 11 yearly update for the Toolchain/Development modules (jsc#SLE-25046, jsc#SLE-25045, jsc#SLE-25044, jsc#PED-2030, jsc#PED-2033, jsc#PED-2035) The following package changes have been done: - lifecycle-data-sle-module-development-tools-1-150200.3.16.1 added - container:sles15-image-15.0.0-36.5.39 updated From sle-updates at lists.suse.com Fri Oct 6 12:51:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Oct 2023 14:51:04 +0200 (CEST) Subject: SUSE-CU-2023:3310-1: Recommended update of bci/python Message-ID: <20231006125104.3761FFCE7@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3310-1 Container Tags : bci/python:3 , bci/python:3-14.1 , bci/python:3.6 , bci/python:3.6-14.1 Container Release : 14.1 Severity : moderate Type : recommended References : 1173407 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1906-1 Released: Tue Jul 14 15:58:16 2020 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: 1173407 This update for lifecycle-data-sle-module-development-tools fixes the following issue: - Ensure package is installed with its corresponding module when lifecycle package is installed. (bsc#1173407) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3603-1 Released: Wed Dec 2 15:11:46 2020 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Added expiration data for the GCC 9 yearly update for the Toolchain/Development modules. (jsc#ECO-2373, jsc#SLE-10950, jsc#SLE-10951) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2245-1 Released: Mon Jul 5 12:14:52 2021 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - mark go1.14 as 'end of life' as go1.16 was released and we only support 2 go versions parallel (jsc#ECO-1484) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:950-1 Released: Fri Mar 25 12:47:04 2022 Summary: Feature update for lifecycle-data-sle-module-development-tools Type: feature Severity: moderate References: This feature update for lifecycle-data-sle-module-development-tools fixes the following issues: - Added expiration data for GCC 10 yearly update for the Toolchain/Development modules (jsc#ECO-2373, jsc#SLE-16821, jsc#SLE-16822) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:2523-1 Released: Fri Jun 16 11:15:25 2023 Summary: Feature update for lifecycle-data-sle-module-development-tools Type: feature Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Added expiration data for GCC 11 yearly update for the Toolchain/Development modules (jsc#SLE-25046, jsc#SLE-25045, jsc#SLE-25044, jsc#PED-2030, jsc#PED-2033, jsc#PED-2035) The following package changes have been done: - lifecycle-data-sle-module-development-tools-1-150200.3.16.1 added - container:sles15-image-15.0.0-36.5.39 updated From sle-updates at lists.suse.com Fri Oct 6 16:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 06 Oct 2023 16:30:01 -0000 Subject: SUSE-SU-2023:4001-1: moderate: Security update for python Message-ID: <169660980183.2951.13088593407925635571@smelt2.prg2.suse.org> # Security update for python Announcement ID: SUSE-SU-2023:4001-1 Rating: moderate References: * #1214685 * #1214691 Cross-References: * CVE-2022-48565 * CVE-2022-48566 CVSS scores: * CVE-2022-48565 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2022-48565 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48566 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N * CVE-2022-48566 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for python fixes the following issues: * CVE-2022-48566: Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest. (bsc#1214691) * CVE-2022-48565: Fixed an XXE in the plistlib module. (bsc#1214685) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4001=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4001=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4001=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-4001=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * python-base-debuginfo-2.7.18-33.26.1 * libpython2_7-1_0-2.7.18-33.26.1 * python-curses-debuginfo-2.7.18-33.26.1 * python-base-2.7.18-33.26.1 * python-xml-2.7.18-33.26.1 * python-xml-debuginfo-2.7.18-33.26.1 * python-devel-2.7.18-33.26.1 * python-debugsource-2.7.18-33.26.1 * python-base-debugsource-2.7.18-33.26.1 * libpython2_7-1_0-debuginfo-2.7.18-33.26.1 * python-demo-2.7.18-33.26.1 * python-gdbm-2.7.18-33.26.1 * python-idle-2.7.18-33.26.1 * python-curses-2.7.18-33.26.1 * python-debuginfo-2.7.18-33.26.1 * python-tk-2.7.18-33.26.1 * python-gdbm-debuginfo-2.7.18-33.26.1 * python-2.7.18-33.26.1 * python-tk-debuginfo-2.7.18-33.26.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * python-doc-2.7.18-33.26.1 * python-doc-pdf-2.7.18-33.26.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libpython2_7-1_0-debuginfo-32bit-2.7.18-33.26.1 * python-base-32bit-2.7.18-33.26.1 * python-32bit-2.7.18-33.26.1 * libpython2_7-1_0-32bit-2.7.18-33.26.1 * python-base-debuginfo-32bit-2.7.18-33.26.1 * python-debuginfo-32bit-2.7.18-33.26.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * python-base-debuginfo-2.7.18-33.26.1 * libpython2_7-1_0-2.7.18-33.26.1 * python-curses-debuginfo-2.7.18-33.26.1 * python-base-2.7.18-33.26.1 * python-xml-2.7.18-33.26.1 * python-xml-debuginfo-2.7.18-33.26.1 * python-devel-2.7.18-33.26.1 * python-debugsource-2.7.18-33.26.1 * python-base-debugsource-2.7.18-33.26.1 * libpython2_7-1_0-debuginfo-2.7.18-33.26.1 * python-demo-2.7.18-33.26.1 * python-gdbm-2.7.18-33.26.1 * python-idle-2.7.18-33.26.1 * python-curses-2.7.18-33.26.1 * python-debuginfo-2.7.18-33.26.1 * python-tk-2.7.18-33.26.1 * python-gdbm-debuginfo-2.7.18-33.26.1 * python-2.7.18-33.26.1 * python-tk-debuginfo-2.7.18-33.26.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * python-doc-2.7.18-33.26.1 * python-doc-pdf-2.7.18-33.26.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libpython2_7-1_0-debuginfo-32bit-2.7.18-33.26.1 * python-base-32bit-2.7.18-33.26.1 * python-32bit-2.7.18-33.26.1 * libpython2_7-1_0-32bit-2.7.18-33.26.1 * python-base-debuginfo-32bit-2.7.18-33.26.1 * python-debuginfo-32bit-2.7.18-33.26.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * python-base-debuginfo-2.7.18-33.26.1 * libpython2_7-1_0-2.7.18-33.26.1 * python-curses-debuginfo-2.7.18-33.26.1 * python-base-2.7.18-33.26.1 * python-xml-2.7.18-33.26.1 * python-xml-debuginfo-2.7.18-33.26.1 * python-devel-2.7.18-33.26.1 * python-debugsource-2.7.18-33.26.1 * python-base-debugsource-2.7.18-33.26.1 * libpython2_7-1_0-debuginfo-2.7.18-33.26.1 * python-demo-2.7.18-33.26.1 * python-gdbm-2.7.18-33.26.1 * python-idle-2.7.18-33.26.1 * python-curses-2.7.18-33.26.1 * python-debuginfo-2.7.18-33.26.1 * python-tk-2.7.18-33.26.1 * python-gdbm-debuginfo-2.7.18-33.26.1 * python-2.7.18-33.26.1 * python-tk-debuginfo-2.7.18-33.26.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * python-doc-2.7.18-33.26.1 * python-doc-pdf-2.7.18-33.26.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libpython2_7-1_0-debuginfo-32bit-2.7.18-33.26.1 * python-base-32bit-2.7.18-33.26.1 * python-32bit-2.7.18-33.26.1 * libpython2_7-1_0-32bit-2.7.18-33.26.1 * python-base-debuginfo-32bit-2.7.18-33.26.1 * python-debuginfo-32bit-2.7.18-33.26.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * python-base-debuginfo-2.7.18-33.26.1 * python-devel-2.7.18-33.26.1 * python-base-debugsource-2.7.18-33.26.1 ## References: * https://www.suse.com/security/cve/CVE-2022-48565.html * https://www.suse.com/security/cve/CVE-2022-48566.html * https://bugzilla.suse.com/show_bug.cgi?id=1214685 * https://bugzilla.suse.com/show_bug.cgi?id=1214691 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 6 16:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 06 Oct 2023 16:30:04 -0000 Subject: SUSE-SU-2023:4000-1: moderate: Security update for yq Message-ID: <169660980403.2951.11156590533382808845@smelt2.prg2.suse.org> # Security update for yq Announcement ID: SUSE-SU-2023:4000-1 Rating: moderate References: * #1215808 Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that has one security fix can now be installed. ## Description: This update for yq fixes the following issues: yq was updated to 4.35.2 (bsc#1215808): * Fixed number parsing as float bug in JSON #1756 * Fixed string, null concatenation consistency #1712 * Fixed expression parsing issue #1711 Update to 4.35.1: * Added Lua output support * Added BSD checksum format Update to 4.34.1: * Added shell output format * Fixed nil pointer dereference Update to 4.33.3: * Fixed bug when splatting empty array #1613 * Added scalar output for TOML (#1617) * Fixed passing of read-only context in pipe (partial fix for #1631) Update to 4.33.2: * Add `--nul-output|-0` flag to separate element with NUL character (#1550) Thanks @vaab! * Add removable-media interface plug declaration to the snap packaging(#1618) Thanks @brlin-tw! * Scalar output now handled in csv, tsv and property files Update to 4.33.1: * Added read-only TOML support! #1364. Thanks @pelletier for making your API available in your toml lib :) * Added warning when auto detect by file type is outputs JSON Update to 4.32.2: * Fixes parsing terraform tfstate files results in "unknown" format * Added divide and modulo operators (#1593) * Add support for decoding base64 strings without padding * Add filter operation (#1588) - thanks @rbren! * Detect input format based on file name extension (#1582) * Auto output format when input format is automatically detected * Fixed npe in log #1596 * Improved binary file size! Update to 4.31.2: * Fixed merged anchor reference problem #1482 * Fixed xml encoding of ProcInst #1563, improved XML comment handling * Allow build without json and xml support (#1556) Thanks Update to 4.31.1: * Added shuffle command #1503 * Added ability to sort by multiple fields #1541 * Added @sh encoder #1526 * Added @uri/@urid encoder/decoder #1529 * Fixed date comparison with string date #1537 * Added from_unix/to_unix Operators ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4000=1 SUSE-2023-4000=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4000=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * yq-4.35.2-150500.3.3.1 * yq-debuginfo-4.35.2-150500.3.3.1 * openSUSE Leap 15.5 (noarch) * yq-bash-completion-4.35.2-150500.3.3.1 * yq-fish-completion-4.35.2-150500.3.3.1 * yq-zsh-completion-4.35.2-150500.3.3.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * yq-4.35.2-150500.3.3.1 * yq-debuginfo-4.35.2-150500.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215808 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 6 16:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 06 Oct 2023 16:30:06 -0000 Subject: SUSE-RU-2023:3999-1: moderate: Recommended update for rpmlint Message-ID: <169660980630.2951.3649267982733081292@smelt2.prg2.suse.org> # Recommended update for rpmlint Announcement ID: SUSE-RU-2023:3999-1 Rating: moderate References: * #1215346 Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for rpmlint fixes the following issues: * Backport systemd v254 whitelistings for SLE-15-SP6 (bsc#1215346) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3999=1 openSUSE-SLE-15.4-2023-3999=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3999=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3999=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3999=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * rpmlint-mini-debugsource-1.10-150400.23.16.2 * rpmlint-mini-debuginfo-1.10-150400.23.16.2 * rpmlint-mini-1.10-150400.23.16.2 * openSUSE Leap 15.4 (noarch) * rpmlint-1.10-150000.7.76.1 * openSUSE Leap 15.5 (noarch) * rpmlint-1.10-150000.7.76.1 * Development Tools Module 15-SP4 (noarch) * rpmlint-1.10-150000.7.76.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * rpmlint-mini-debugsource-1.10-150400.23.16.2 * rpmlint-mini-debuginfo-1.10-150400.23.16.2 * rpmlint-mini-1.10-150400.23.16.2 * Development Tools Module 15-SP5 (noarch) * rpmlint-1.10-150000.7.76.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * rpmlint-mini-debugsource-1.10-150400.23.16.2 * rpmlint-mini-debuginfo-1.10-150400.23.16.2 * rpmlint-mini-1.10-150400.23.16.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215346 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 6 16:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 06 Oct 2023 16:30:08 -0000 Subject: SUSE-SU-2023:3998-1: important: Security update for poppler Message-ID: <169660980872.2951.17525266269167827867@smelt2.prg2.suse.org> # Security update for poppler Announcement ID: SUSE-SU-2023:3998-1 Rating: important References: * #1214257 * #1214618 * #1214621 * #1214622 * #1215422 Cross-References: * CVE-2020-23804 * CVE-2020-36024 * CVE-2022-37050 * CVE-2022-37051 * CVE-2022-38349 CVSS scores: * CVE-2020-23804 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2020-23804 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2020-36024 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2020-36024 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-37050 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-37050 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-37051 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-37051 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-38349 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2022-38349 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves five vulnerabilities can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2020-23804: Fixed uncontrolled recursion in pdfinfo and pdftops (bsc#1215422). * CVE-2020-36024: Fixed NULL Pointer Deference in `FoFiType1C:convertToType1` (bsc#1214257). * CVE-2022-37050: Fixed denial-of-service via savePageAs in PDFDoc.c (bsc#1214622). * CVE-2022-37051: Fixed abort in main() in pdfunite.cc (bsc#1214621). * CVE-2022-38349: Fixed reachable assertion in Object.h that will lead to denial of service (bsc#1214618). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3998=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3998=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3998=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3998=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3998=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3998=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3998=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3998=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3998=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3998=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3998=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3998=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3998=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3998=1 ## Package List: * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * poppler-tools-0.79.0-150200.3.21.2 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.21.2 * libpoppler-glib8-debuginfo-0.79.0-150200.3.21.2 * libpoppler-cpp0-0.79.0-150200.3.21.2 * poppler-debugsource-0.79.0-150200.3.21.2 * libpoppler89-0.79.0-150200.3.21.2 * poppler-tools-debuginfo-0.79.0-150200.3.21.2 * libpoppler-devel-0.79.0-150200.3.21.2 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.21.2 * libpoppler-glib-devel-0.79.0-150200.3.21.2 * libpoppler-glib8-0.79.0-150200.3.21.2 * libpoppler89-debuginfo-0.79.0-150200.3.21.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * poppler-tools-0.79.0-150200.3.21.2 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.21.2 * libpoppler-glib8-debuginfo-0.79.0-150200.3.21.2 * libpoppler-cpp0-0.79.0-150200.3.21.2 * poppler-debugsource-0.79.0-150200.3.21.2 * libpoppler89-0.79.0-150200.3.21.2 * poppler-tools-debuginfo-0.79.0-150200.3.21.2 * libpoppler-devel-0.79.0-150200.3.21.2 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.21.2 * libpoppler-glib-devel-0.79.0-150200.3.21.2 * libpoppler-glib8-0.79.0-150200.3.21.2 * libpoppler89-debuginfo-0.79.0-150200.3.21.2 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libpoppler89-debuginfo-0.79.0-150200.3.21.2 * libpoppler89-0.79.0-150200.3.21.2 * openSUSE Leap 15.4 (x86_64) * libpoppler89-32bit-debuginfo-0.79.0-150200.3.21.2 * libpoppler89-32bit-0.79.0-150200.3.21.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libpoppler89-debuginfo-0.79.0-150200.3.21.2 * poppler-debugsource-0.79.0-150200.3.21.2 * libpoppler89-0.79.0-150200.3.21.2 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libpoppler89-debuginfo-0.79.0-150200.3.21.2 * poppler-debugsource-0.79.0-150200.3.21.2 * libpoppler89-0.79.0-150200.3.21.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * poppler-tools-0.79.0-150200.3.21.2 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.21.2 * libpoppler-glib8-debuginfo-0.79.0-150200.3.21.2 * libpoppler-cpp0-0.79.0-150200.3.21.2 * poppler-debugsource-0.79.0-150200.3.21.2 * libpoppler89-0.79.0-150200.3.21.2 * poppler-tools-debuginfo-0.79.0-150200.3.21.2 * libpoppler-devel-0.79.0-150200.3.21.2 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.21.2 * libpoppler-glib-devel-0.79.0-150200.3.21.2 * libpoppler-glib8-0.79.0-150200.3.21.2 * libpoppler89-debuginfo-0.79.0-150200.3.21.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * poppler-tools-0.79.0-150200.3.21.2 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.21.2 * libpoppler-glib8-debuginfo-0.79.0-150200.3.21.2 * libpoppler-cpp0-0.79.0-150200.3.21.2 * poppler-debugsource-0.79.0-150200.3.21.2 * libpoppler89-0.79.0-150200.3.21.2 * poppler-tools-debuginfo-0.79.0-150200.3.21.2 * libpoppler-devel-0.79.0-150200.3.21.2 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.21.2 * libpoppler-glib-devel-0.79.0-150200.3.21.2 * libpoppler-glib8-0.79.0-150200.3.21.2 * libpoppler89-debuginfo-0.79.0-150200.3.21.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * poppler-tools-0.79.0-150200.3.21.2 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.21.2 * libpoppler-glib8-debuginfo-0.79.0-150200.3.21.2 * libpoppler-cpp0-0.79.0-150200.3.21.2 * poppler-debugsource-0.79.0-150200.3.21.2 * libpoppler89-0.79.0-150200.3.21.2 * poppler-tools-debuginfo-0.79.0-150200.3.21.2 * libpoppler-devel-0.79.0-150200.3.21.2 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.21.2 * libpoppler-glib-devel-0.79.0-150200.3.21.2 * libpoppler-glib8-0.79.0-150200.3.21.2 * libpoppler89-debuginfo-0.79.0-150200.3.21.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * poppler-tools-0.79.0-150200.3.21.2 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.21.2 * libpoppler-glib8-debuginfo-0.79.0-150200.3.21.2 * libpoppler-cpp0-0.79.0-150200.3.21.2 * poppler-debugsource-0.79.0-150200.3.21.2 * libpoppler89-0.79.0-150200.3.21.2 * poppler-tools-debuginfo-0.79.0-150200.3.21.2 * libpoppler-devel-0.79.0-150200.3.21.2 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.21.2 * libpoppler-glib-devel-0.79.0-150200.3.21.2 * libpoppler-glib8-0.79.0-150200.3.21.2 * libpoppler89-debuginfo-0.79.0-150200.3.21.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * poppler-tools-0.79.0-150200.3.21.2 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.21.2 * libpoppler-glib8-debuginfo-0.79.0-150200.3.21.2 * libpoppler-cpp0-0.79.0-150200.3.21.2 * poppler-debugsource-0.79.0-150200.3.21.2 * libpoppler89-0.79.0-150200.3.21.2 * poppler-tools-debuginfo-0.79.0-150200.3.21.2 * libpoppler-devel-0.79.0-150200.3.21.2 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.21.2 * libpoppler-glib-devel-0.79.0-150200.3.21.2 * libpoppler-glib8-0.79.0-150200.3.21.2 * libpoppler89-debuginfo-0.79.0-150200.3.21.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * poppler-tools-0.79.0-150200.3.21.2 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.21.2 * libpoppler-glib8-debuginfo-0.79.0-150200.3.21.2 * libpoppler-cpp0-0.79.0-150200.3.21.2 * poppler-debugsource-0.79.0-150200.3.21.2 * libpoppler89-0.79.0-150200.3.21.2 * poppler-tools-debuginfo-0.79.0-150200.3.21.2 * libpoppler-devel-0.79.0-150200.3.21.2 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.21.2 * libpoppler-glib-devel-0.79.0-150200.3.21.2 * libpoppler-glib8-0.79.0-150200.3.21.2 * libpoppler89-debuginfo-0.79.0-150200.3.21.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * poppler-tools-0.79.0-150200.3.21.2 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.21.2 * libpoppler-glib8-debuginfo-0.79.0-150200.3.21.2 * libpoppler-cpp0-0.79.0-150200.3.21.2 * poppler-debugsource-0.79.0-150200.3.21.2 * libpoppler89-0.79.0-150200.3.21.2 * poppler-tools-debuginfo-0.79.0-150200.3.21.2 * libpoppler-devel-0.79.0-150200.3.21.2 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.21.2 * libpoppler-glib-devel-0.79.0-150200.3.21.2 * libpoppler-glib8-0.79.0-150200.3.21.2 * libpoppler89-debuginfo-0.79.0-150200.3.21.2 * SUSE Manager Proxy 4.2 (x86_64) * poppler-tools-0.79.0-150200.3.21.2 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.21.2 * libpoppler-glib8-debuginfo-0.79.0-150200.3.21.2 * libpoppler-cpp0-0.79.0-150200.3.21.2 * poppler-debugsource-0.79.0-150200.3.21.2 * libpoppler89-0.79.0-150200.3.21.2 * poppler-tools-debuginfo-0.79.0-150200.3.21.2 * libpoppler-devel-0.79.0-150200.3.21.2 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.21.2 * libpoppler-glib-devel-0.79.0-150200.3.21.2 * libpoppler-glib8-0.79.0-150200.3.21.2 * libpoppler89-debuginfo-0.79.0-150200.3.21.2 * SUSE Manager Retail Branch Server 4.2 (x86_64) * poppler-tools-0.79.0-150200.3.21.2 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.21.2 * libpoppler-glib8-debuginfo-0.79.0-150200.3.21.2 * libpoppler-cpp0-0.79.0-150200.3.21.2 * poppler-debugsource-0.79.0-150200.3.21.2 * libpoppler89-0.79.0-150200.3.21.2 * poppler-tools-debuginfo-0.79.0-150200.3.21.2 * libpoppler-devel-0.79.0-150200.3.21.2 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.21.2 * libpoppler-glib-devel-0.79.0-150200.3.21.2 * libpoppler-glib8-0.79.0-150200.3.21.2 * libpoppler89-debuginfo-0.79.0-150200.3.21.2 ## References: * https://www.suse.com/security/cve/CVE-2020-23804.html * https://www.suse.com/security/cve/CVE-2020-36024.html * https://www.suse.com/security/cve/CVE-2022-37050.html * https://www.suse.com/security/cve/CVE-2022-37051.html * https://www.suse.com/security/cve/CVE-2022-38349.html * https://bugzilla.suse.com/show_bug.cgi?id=1214257 * https://bugzilla.suse.com/show_bug.cgi?id=1214618 * https://bugzilla.suse.com/show_bug.cgi?id=1214621 * https://bugzilla.suse.com/show_bug.cgi?id=1214622 * https://bugzilla.suse.com/show_bug.cgi?id=1215422 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 6 16:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 06 Oct 2023 16:30:11 -0000 Subject: SUSE-SU-2023:3997-1: important: Security update for nghttp2 Message-ID: <169660981171.2951.1827417398824519335@smelt2.prg2.suse.org> # Security update for nghttp2 Announcement ID: SUSE-SU-2023:3997-1 Rating: important References: * #1215713 Cross-References: * CVE-2023-35945 CVSS scores: * CVE-2023-35945 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-35945 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for nghttp2 fixes the following issues: * CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3997=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3997=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3997=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3997=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3997=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3997=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-3997=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3997=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3997=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3997=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3997=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3997=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3997=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3997=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3997=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3997=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3997=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3997=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3997=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3997=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3997=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3997=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3997=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * nghttp2-python-debugsource-1.40.0-150200.9.1 * libnghttp2-14-1.40.0-150200.9.1 * libnghttp2_asio1-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 * nghttp2-1.40.0-150200.9.1 * libnghttp2-devel-1.40.0-150200.9.1 * python3-nghttp2-1.40.0-150200.9.1 * python3-nghttp2-debuginfo-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2_asio-devel-1.40.0-150200.9.1 * openSUSE Leap 15.4 (x86_64) * libnghttp2_asio1-32bit-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-32bit-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-32bit-1.40.0-150200.9.1 * libnghttp2_asio1-32bit-1.40.0-150200.9.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * nghttp2-python-debugsource-1.40.0-150200.9.1 * libnghttp2-14-1.40.0-150200.9.1 * libnghttp2_asio1-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 * nghttp2-1.40.0-150200.9.1 * libnghttp2-devel-1.40.0-150200.9.1 * python3-nghttp2-1.40.0-150200.9.1 * python3-nghttp2-debuginfo-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2_asio-devel-1.40.0-150200.9.1 * openSUSE Leap 15.5 (x86_64) * libnghttp2_asio1-32bit-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-32bit-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-32bit-1.40.0-150200.9.1 * libnghttp2_asio1-32bit-1.40.0-150200.9.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libnghttp2-14-1.40.0-150200.9.1 * libnghttp2_asio1-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 * libnghttp2-devel-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2_asio-devel-1.40.0-150200.9.1 * Basesystem Module 15-SP4 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-32bit-1.40.0-150200.9.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libnghttp2-14-1.40.0-150200.9.1 * libnghttp2_asio1-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 * libnghttp2-devel-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2_asio-devel-1.40.0-150200.9.1 * Basesystem Module 15-SP5 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-32bit-1.40.0-150200.9.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libnghttp2-14-1.40.0-150200.9.1 * libnghttp2_asio1-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 * libnghttp2-devel-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2_asio-devel-1.40.0-150200.9.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-32bit-1.40.0-150200.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libnghttp2-14-1.40.0-150200.9.1 * libnghttp2_asio1-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 * libnghttp2-devel-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2_asio-devel-1.40.0-150200.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-32bit-1.40.0-150200.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libnghttp2-14-1.40.0-150200.9.1 * libnghttp2_asio1-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 * libnghttp2-devel-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2_asio-devel-1.40.0-150200.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-32bit-1.40.0-150200.9.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libnghttp2-14-1.40.0-150200.9.1 * libnghttp2_asio1-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 * libnghttp2-devel-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2_asio-devel-1.40.0-150200.9.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-32bit-1.40.0-150200.9.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libnghttp2-14-1.40.0-150200.9.1 * libnghttp2_asio1-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 * libnghttp2-devel-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2_asio-devel-1.40.0-150200.9.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-32bit-1.40.0-150200.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libnghttp2-14-1.40.0-150200.9.1 * libnghttp2_asio1-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 * libnghttp2-devel-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2_asio-devel-1.40.0-150200.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-32bit-1.40.0-150200.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libnghttp2-14-1.40.0-150200.9.1 * libnghttp2_asio1-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 * libnghttp2-devel-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2_asio-devel-1.40.0-150200.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-32bit-1.40.0-150200.9.1 * SUSE Manager Proxy 4.2 (x86_64) * libnghttp2-14-1.40.0-150200.9.1 * libnghttp2_asio1-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-32bit-debuginfo-1.40.0-150200.9.1 * libnghttp2-devel-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-32bit-1.40.0-150200.9.1 * libnghttp2_asio-devel-1.40.0-150200.9.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libnghttp2-14-1.40.0-150200.9.1 * libnghttp2_asio1-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-32bit-debuginfo-1.40.0-150200.9.1 * libnghttp2-devel-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-32bit-1.40.0-150200.9.1 * libnghttp2_asio-devel-1.40.0-150200.9.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libnghttp2-14-1.40.0-150200.9.1 * libnghttp2_asio1-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 * libnghttp2-devel-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2_asio-devel-1.40.0-150200.9.1 * SUSE Manager Server 4.2 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-32bit-1.40.0-150200.9.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libnghttp2-14-1.40.0-150200.9.1 * libnghttp2_asio1-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 * libnghttp2-devel-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2_asio-devel-1.40.0-150200.9.1 * SUSE Enterprise Storage 7.1 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-32bit-1.40.0-150200.9.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 ## References: * https://www.suse.com/security/cve/CVE-2023-35945.html * https://bugzilla.suse.com/show_bug.cgi?id=1215713 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Sat Oct 7 07:06:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 7 Oct 2023 09:06:27 +0200 (CEST) Subject: SUSE-CU-2023:3314-1: Security update of bci/dotnet-aspnet Message-ID: <20231007070627.C6805FCE9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3314-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-15.7 , bci/dotnet-aspnet:6.0.22 , bci/dotnet-aspnet:6.0.22-15.7 Container Release : 15.7 Severity : important Type : security References : 1215713 CVE-2023-35945 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). The following package changes have been done: - libnghttp2-14-1.40.0-150200.9.1 updated - container:sles15-image-15.0.0-36.5.40 updated From sle-updates at lists.suse.com Sat Oct 7 07:06:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 7 Oct 2023 09:06:44 +0200 (CEST) Subject: SUSE-CU-2023:3315-1: Security update of bci/dotnet-aspnet Message-ID: <20231007070644.A6E4BFCE9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3315-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-15.7 , bci/dotnet-aspnet:7.0.11 , bci/dotnet-aspnet:7.0.11-15.7 , bci/dotnet-aspnet:latest Container Release : 15.7 Severity : important Type : security References : 1215713 CVE-2023-35945 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). The following package changes have been done: - libnghttp2-14-1.40.0-150200.9.1 updated - container:sles15-image-15.0.0-36.5.40 updated From sle-updates at lists.suse.com Sat Oct 7 07:07:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 7 Oct 2023 09:07:06 +0200 (CEST) Subject: SUSE-CU-2023:3316-1: Security update of bci/dotnet-sdk Message-ID: <20231007070706.1ECDAFCE9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3316-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-14.6 , bci/dotnet-sdk:6.0.22 , bci/dotnet-sdk:6.0.22-14.6 Container Release : 14.6 Severity : important Type : security References : 1215713 CVE-2023-35945 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). The following package changes have been done: - libnghttp2-14-1.40.0-150200.9.1 updated From sle-updates at lists.suse.com Sat Oct 7 07:07:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 7 Oct 2023 09:07:30 +0200 (CEST) Subject: SUSE-CU-2023:3317-1: Security update of bci/dotnet-sdk Message-ID: <20231007070730.05F74FCE9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3317-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-16.6 , bci/dotnet-sdk:7.0.11 , bci/dotnet-sdk:7.0.11-16.6 , bci/dotnet-sdk:latest Container Release : 16.6 Severity : important Type : security References : 1215713 CVE-2023-35945 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). The following package changes have been done: - libnghttp2-14-1.40.0-150200.9.1 updated From sle-updates at lists.suse.com Sat Oct 7 07:07:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 7 Oct 2023 09:07:48 +0200 (CEST) Subject: SUSE-CU-2023:3318-1: Security update of bci/dotnet-runtime Message-ID: <20231007070748.D1ECEFCE9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3318-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-14.7 , bci/dotnet-runtime:6.0.22 , bci/dotnet-runtime:6.0.22-14.7 Container Release : 14.7 Severity : important Type : security References : 1215713 CVE-2023-35945 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). The following package changes have been done: - libnghttp2-14-1.40.0-150200.9.1 updated - container:sles15-image-15.0.0-36.5.40 updated From sle-updates at lists.suse.com Sat Oct 7 07:08:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 7 Oct 2023 09:08:08 +0200 (CEST) Subject: SUSE-CU-2023:3319-1: Security update of bci/dotnet-runtime Message-ID: <20231007070808.88BB4FCE9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3319-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-16.6 , bci/dotnet-runtime:7.0.11 , bci/dotnet-runtime:7.0.11-16.6 , bci/dotnet-runtime:latest Container Release : 16.6 Severity : important Type : security References : 1215713 CVE-2023-35945 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). The following package changes have been done: - libnghttp2-14-1.40.0-150200.9.1 updated From sle-updates at lists.suse.com Mon Oct 9 08:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 09 Oct 2023 08:30:01 -0000 Subject: SUSE-SU-2023:4008-1: moderate: Security update for ImageMagick Message-ID: <169684020139.23777.17258763690653480355@smelt2.prg2.suse.org> # Security update for ImageMagick Announcement ID: SUSE-SU-2023:4008-1 Rating: moderate References: * #1215939 Cross-References: * CVE-2023-5341 CVSS scores: * CVE-2023-5341 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 An update that solves one vulnerability can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2023-5341: Fixed a heap use-after-free in coders/bmp.c. (bsc#1215939) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4008=1 ## Package List: * openSUSE Leap 15.4 (x86_64) * libMagickWand-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.57.1 * libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-150200.10.57.1 * libMagick++-7_Q16HDRI4-32bit-debuginfo-7.0.7.34-150200.10.57.1 * libMagickCore-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.57.1 * libMagick++-7_Q16HDRI4-32bit-7.0.7.34-150200.10.57.1 * libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-150200.10.57.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.57.1 * libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.57.1 * libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.57.1 * libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.57.1 * libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.57.1 * libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.57.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5341.html * https://bugzilla.suse.com/show_bug.cgi?id=1215939 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 9 08:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 09 Oct 2023 08:30:03 -0000 Subject: SUSE-RU-2023:4006-1: moderate: Recommended update for zypper Message-ID: <169684020389.23777.13905727705186512680@smelt2.prg2.suse.org> # Recommended update for zypper Announcement ID: SUSE-RU-2023:4006-1 Rating: moderate References: * #1213854 * #1214292 * #1214395 * #1215007 Affected Products: * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that has four fixes can now be installed. ## Description: This update for zypper fixes the following issues: * Fix name of the bash completion script (bsc#1215007) * Update notes about failing signature checks (bsc#1214395) * Improve the SIGINT handler to be signal safe (bsc#1214292) * Update to version 1.14.64 * Changed location of bash completion script (bsc#1213854). ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4006=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4006=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4006=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-4006=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4006=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4006=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4006=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4006=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4006=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4006=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4006=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4006=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4006=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4006=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4006=1 ## Package List: * SUSE Manager Retail Branch Server 4.2 (x86_64) * zypper-debugsource-1.14.64-150200.62.1 * zypper-1.14.64-150200.62.1 * zypper-debuginfo-1.14.64-150200.62.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * zypper-log-1.14.64-150200.62.1 * zypper-needs-restarting-1.14.64-150200.62.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * zypper-debugsource-1.14.64-150200.62.1 * zypper-1.14.64-150200.62.1 * zypper-debuginfo-1.14.64-150200.62.1 * SUSE Manager Server 4.2 (noarch) * zypper-log-1.14.64-150200.62.1 * zypper-needs-restarting-1.14.64-150200.62.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * zypper-debugsource-1.14.64-150200.62.1 * zypper-1.14.64-150200.62.1 * zypper-debuginfo-1.14.64-150200.62.1 * SUSE Enterprise Storage 7.1 (noarch) * zypper-log-1.14.64-150200.62.1 * zypper-needs-restarting-1.14.64-150200.62.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * zypper-debugsource-1.14.64-150200.62.1 * zypper-1.14.64-150200.62.1 * zypper-debuginfo-1.14.64-150200.62.1 * SUSE Enterprise Storage 7 (noarch) * zypper-log-1.14.64-150200.62.1 * zypper-needs-restarting-1.14.64-150200.62.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * zypper-debugsource-1.14.64-150200.62.1 * zypper-1.14.64-150200.62.1 * zypper-debuginfo-1.14.64-150200.62.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * zypper-needs-restarting-1.14.64-150200.62.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * zypper-debugsource-1.14.64-150200.62.1 * zypper-1.14.64-150200.62.1 * zypper-debuginfo-1.14.64-150200.62.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * zypper-needs-restarting-1.14.64-150200.62.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * zypper-debugsource-1.14.64-150200.62.1 * zypper-1.14.64-150200.62.1 * zypper-debuginfo-1.14.64-150200.62.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * zypper-needs-restarting-1.14.64-150200.62.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * zypper-debugsource-1.14.64-150200.62.1 * zypper-1.14.64-150200.62.1 * zypper-debuginfo-1.14.64-150200.62.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * zypper-log-1.14.64-150200.62.1 * zypper-needs-restarting-1.14.64-150200.62.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * zypper-debugsource-1.14.64-150200.62.1 * zypper-1.14.64-150200.62.1 * zypper-debuginfo-1.14.64-150200.62.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * zypper-log-1.14.64-150200.62.1 * zypper-needs-restarting-1.14.64-150200.62.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * zypper-debugsource-1.14.64-150200.62.1 * zypper-1.14.64-150200.62.1 * zypper-debuginfo-1.14.64-150200.62.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * zypper-log-1.14.64-150200.62.1 * zypper-needs-restarting-1.14.64-150200.62.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * zypper-debugsource-1.14.64-150200.62.1 * zypper-1.14.64-150200.62.1 * zypper-debuginfo-1.14.64-150200.62.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * zypper-log-1.14.64-150200.62.1 * zypper-needs-restarting-1.14.64-150200.62.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * zypper-debugsource-1.14.64-150200.62.1 * zypper-1.14.64-150200.62.1 * zypper-debuginfo-1.14.64-150200.62.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * zypper-log-1.14.64-150200.62.1 * zypper-needs-restarting-1.14.64-150200.62.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * zypper-debugsource-1.14.64-150200.62.1 * zypper-1.14.64-150200.62.1 * zypper-debuginfo-1.14.64-150200.62.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * zypper-log-1.14.64-150200.62.1 * zypper-needs-restarting-1.14.64-150200.62.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * zypper-debugsource-1.14.64-150200.62.1 * zypper-1.14.64-150200.62.1 * zypper-debuginfo-1.14.64-150200.62.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * zypper-log-1.14.64-150200.62.1 * zypper-needs-restarting-1.14.64-150200.62.1 * SUSE Manager Proxy 4.2 (x86_64) * zypper-debugsource-1.14.64-150200.62.1 * zypper-1.14.64-150200.62.1 * zypper-debuginfo-1.14.64-150200.62.1 * SUSE Manager Proxy 4.2 (noarch) * zypper-log-1.14.64-150200.62.1 * zypper-needs-restarting-1.14.64-150200.62.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213854 * https://bugzilla.suse.com/show_bug.cgi?id=1214292 * https://bugzilla.suse.com/show_bug.cgi?id=1214395 * https://bugzilla.suse.com/show_bug.cgi?id=1215007 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 9 08:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 09 Oct 2023 08:30:05 -0000 Subject: SUSE-RU-2023:4005-1: moderate: Recommended update for fusesource-pom Message-ID: <169684020565.23777.16617132974600874826@smelt2.prg2.suse.org> # Recommended update for fusesource-pom Announcement ID: SUSE-RU-2023:4005-1 Rating: moderate References: * PED-6376 * PED-6377 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 An update that contains two features can now be installed. ## Description: This update for fusesource-pom fixes the following issues: * Upgrade to version 1.12 * Make 1.8 the default java source/target levels for dependend packages ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4005=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4005=1 ## Package List: * openSUSE Leap 15.4 (noarch) * fusesource-pom-1.12-150200.3.3.1 * openSUSE Leap 15.5 (noarch) * fusesource-pom-1.12-150200.3.3.1 ## References: * https://jira.suse.com/browse/PED-6376 * https://jira.suse.com/browse/PED-6377 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 9 08:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 09 Oct 2023 08:30:07 -0000 Subject: SUSE-RU-2023:4004-1: moderate: Recommended update for picocli Message-ID: <169684020704.23777.14900602198464949702@smelt2.prg2.suse.org> # Recommended update for picocli Announcement ID: SUSE-RU-2023:4004-1 Rating: moderate References: * PED-6377 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 An update that contains one feature can now be installed. ## Description: This update for picocli fixes the following issues: * Version update to version 4.7.5 (jsc#SLE-23217): * Enhancements: * Java 22 update: improve logic for detecting if the output stream is connected to a terminal * Mask parameters in trace log when echo=false for interactive options and positional parameters * Bugfixes: * Fix positional parameters bug with late-resolved arity variable * Don't generate auto-complete for hidden attributes in picocli.shell.jline3.PicoCommand. * ArgGroup with exclusive=false and multiplicity=1 should require at least one option; fix regression * DOC fixes: * Improve GraalVM documentation: add graalvm-native-image-plugin. * Commit html files with LF line-endings. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4004=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4004=1 ## Package List: * openSUSE Leap 15.4 (noarch) * picocli-4.7.5-150200.3.14.2 * picocli-javadoc-4.7.5-150200.3.14.2 * openSUSE Leap 15.5 (noarch) * picocli-4.7.5-150200.3.14.2 * picocli-javadoc-4.7.5-150200.3.14.2 ## References: * https://jira.suse.com/browse/PED-6377 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 9 08:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 09 Oct 2023 08:30:08 -0000 Subject: SUSE-RU-2023:4003-1: moderate: Recommended update for apparmor Message-ID: <169684020884.23777.7813741753680377913@smelt2.prg2.suse.org> # Recommended update for apparmor Announcement ID: SUSE-RU-2023:4003-1 Rating: moderate References: * #1215596 Affected Products: * Basesystem Module 15-SP5 * Development Tools Module 15-SP5 * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one fix can now be installed. ## Description: This update for apparmor fixes the following issues: * Handle pam-config errors in pam_apparmor %post and %postun scripts (bsc#1215596) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4003=1 openSUSE-SLE-15.5-2023-4003=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4003=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4003=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4003=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4003=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libapparmor-devel-3.0.4-150500.11.9.1 * apache2-mod_apparmor-3.0.4-150500.11.9.1 * apparmor-parser-3.0.4-150500.11.9.1 * apparmor-parser-debuginfo-3.0.4-150500.11.9.1 * pam_apparmor-debuginfo-3.0.4-150500.11.9.1 * ruby-apparmor-debuginfo-3.0.4-150500.11.9.1 * ruby-apparmor-3.0.4-150500.11.9.1 * apparmor-debugsource-3.0.4-150500.11.9.1 * libapparmor1-3.0.4-150500.11.9.1 * apache2-mod_apparmor-debuginfo-3.0.4-150500.11.9.1 * pam_apparmor-3.0.4-150500.11.9.1 * perl-apparmor-debuginfo-3.0.4-150500.11.9.1 * perl-apparmor-3.0.4-150500.11.9.1 * python3-apparmor-debuginfo-3.0.4-150500.11.9.1 * libapparmor-debugsource-3.0.4-150500.11.9.1 * libapparmor1-debuginfo-3.0.4-150500.11.9.1 * python3-apparmor-3.0.4-150500.11.9.1 * openSUSE Leap 15.5 (noarch) * apparmor-profiles-3.0.4-150500.11.9.1 * apparmor-abstractions-3.0.4-150500.11.9.1 * apparmor-parser-lang-3.0.4-150500.11.9.1 * apparmor-docs-3.0.4-150500.11.9.1 * apparmor-utils-lang-3.0.4-150500.11.9.1 * apparmor-utils-3.0.4-150500.11.9.1 * openSUSE Leap 15.5 (x86_64) * pam_apparmor-32bit-3.0.4-150500.11.9.1 * pam_apparmor-32bit-debuginfo-3.0.4-150500.11.9.1 * libapparmor1-32bit-3.0.4-150500.11.9.1 * libapparmor1-32bit-debuginfo-3.0.4-150500.11.9.1 * openSUSE Leap 15.5 (aarch64_ilp32) * pam_apparmor-64bit-3.0.4-150500.11.9.1 * libapparmor1-64bit-debuginfo-3.0.4-150500.11.9.1 * pam_apparmor-64bit-debuginfo-3.0.4-150500.11.9.1 * libapparmor1-64bit-3.0.4-150500.11.9.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * apparmor-parser-3.0.4-150500.11.9.1 * apparmor-parser-debuginfo-3.0.4-150500.11.9.1 * pam_apparmor-debuginfo-3.0.4-150500.11.9.1 * apparmor-debugsource-3.0.4-150500.11.9.1 * libapparmor1-3.0.4-150500.11.9.1 * libapparmor-debugsource-3.0.4-150500.11.9.1 * libapparmor1-debuginfo-3.0.4-150500.11.9.1 * pam_apparmor-3.0.4-150500.11.9.1 * Basesystem Module 15-SP5 (noarch) * apparmor-profiles-3.0.4-150500.11.9.1 * apparmor-abstractions-3.0.4-150500.11.9.1 * apparmor-parser-lang-3.0.4-150500.11.9.1 * apparmor-docs-3.0.4-150500.11.9.1 * apparmor-utils-lang-3.0.4-150500.11.9.1 * apparmor-utils-3.0.4-150500.11.9.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * apparmor-parser-3.0.4-150500.11.9.1 * apparmor-parser-debuginfo-3.0.4-150500.11.9.1 * pam_apparmor-debuginfo-3.0.4-150500.11.9.1 * apparmor-debugsource-3.0.4-150500.11.9.1 * libapparmor1-3.0.4-150500.11.9.1 * libapparmor-debugsource-3.0.4-150500.11.9.1 * libapparmor1-debuginfo-3.0.4-150500.11.9.1 * pam_apparmor-3.0.4-150500.11.9.1 * python3-apparmor-debuginfo-3.0.4-150500.11.9.1 * libapparmor-devel-3.0.4-150500.11.9.1 * python3-apparmor-3.0.4-150500.11.9.1 * Basesystem Module 15-SP5 (x86_64) * pam_apparmor-32bit-3.0.4-150500.11.9.1 * pam_apparmor-32bit-debuginfo-3.0.4-150500.11.9.1 * libapparmor1-32bit-3.0.4-150500.11.9.1 * libapparmor1-32bit-debuginfo-3.0.4-150500.11.9.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * perl-apparmor-3.0.4-150500.11.9.1 * apparmor-debugsource-3.0.4-150500.11.9.1 * perl-apparmor-debuginfo-3.0.4-150500.11.9.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * apparmor-debugsource-3.0.4-150500.11.9.1 * apache2-mod_apparmor-3.0.4-150500.11.9.1 * apache2-mod_apparmor-debuginfo-3.0.4-150500.11.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215596 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 9 08:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 09 Oct 2023 08:30:10 -0000 Subject: SUSE-RU-2023:4002-1: moderate: Recommended update for selinux-policy Message-ID: <169684021001.23777.16580995539396190375@smelt2.prg2.suse.org> # Recommended update for selinux-policy Announcement ID: SUSE-RU-2023:4002-1 Rating: moderate References: Affected Products: * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that can now be installed. ## Description: This update for selinux-policy fixes the following issues: * Create path in macros.selinux-policy since is might not exist on transactional systems ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4002=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4002=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * selinux-policy-targeted-20230511+git3.b78f5aff-150400.4.12.1 * selinux-policy-20230511+git3.b78f5aff-150400.4.12.1 * selinux-policy-devel-20230511+git3.b78f5aff-150400.4.12.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * selinux-policy-targeted-20230511+git3.b78f5aff-150400.4.12.1 * selinux-policy-20230511+git3.b78f5aff-150400.4.12.1 * selinux-policy-devel-20230511+git3.b78f5aff-150400.4.12.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 9 12:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 09 Oct 2023 12:30:03 -0000 Subject: SUSE-RU-2023:4015-1: important: This is recommended update for slurm and pdsh_slurm Message-ID: <169685460305.8907.15611994116833272152@smelt2.prg2.suse.org> # This is recommended update for slurm and pdsh_slurm Announcement ID: SUSE-RU-2023:4015-1 Rating: important References: * #1215500 Affected Products: * HPC Module 15-SP2 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 An update that has one fix can now be installed. ## Description: This is only delivering packages into missing channels, No codestream changes: * This update delivers the 'slurm' and 'pdsh_slurm_20_11' to missing channels (bcn#1215500) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * HPC Module 15-SP2 zypper in -t patch SUSE-SLE-Module-HPC-15-SP2-2023-4015=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4015=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4015=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4015=1 ## Package List: * HPC Module 15-SP2 (aarch64 x86_64) * pdsh-genders-2.34-150200.4.13.1 * pdsh-genders-debuginfo-2.34-150200.4.13.1 * pdsh-debugsource-2.34-150200.4.13.1 * pdsh-2.34-150200.4.13.1 * pdsh-machines-debuginfo-2.34-150200.4.13.1 * pdsh-machines-2.34-150200.4.13.1 * pdsh-slurm-2.34-150200.4.13.1 * pdsh-netgroup-2.34-150200.4.13.1 * pdsh-slurm_20_11-2.34-150200.4.13.1 * pdsh-dshgroup-2.34-150200.4.13.1 * pdsh-debuginfo-2.34-150200.4.13.1 * pdsh-netgroup-debuginfo-2.34-150200.4.13.1 * pdsh-dshgroup-debuginfo-2.34-150200.4.13.1 * pdsh-slurm-debuginfo-2.34-150200.4.13.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * pdsh-genders-2.34-150200.4.13.1 * pdsh-slurm_23_02-2.34-150200.4.13.1 * pdsh-genders-debuginfo-2.34-150200.4.13.1 * pdsh-debugsource-2.34-150200.4.13.1 * pdsh-2.34-150200.4.13.1 * pdsh-machines-debuginfo-2.34-150200.4.13.1 * pdsh-machines-2.34-150200.4.13.1 * pdsh-slurm-2.34-150200.4.13.1 * pdsh-slurm_22_05-debuginfo-2.34-150200.4.13.1 * pdsh-netgroup-2.34-150200.4.13.1 * pdsh-slurm_20_11-2.34-150200.4.13.1 * pdsh-slurm_22_05-2.34-150200.4.13.1 * pdsh-slurm_23_02-debuginfo-2.34-150200.4.13.1 * pdsh-dshgroup-2.34-150200.4.13.1 * pdsh-debuginfo-2.34-150200.4.13.1 * pdsh-netgroup-debuginfo-2.34-150200.4.13.1 * pdsh-dshgroup-debuginfo-2.34-150200.4.13.1 * pdsh_slurm_22_05-debugsource-2.34-150200.4.13.1 * pdsh-slurm-debuginfo-2.34-150200.4.13.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * pdsh-slurm_20_11-debuginfo-2.34-150200.4.13.1 * pdsh_slurm_20_11-debugsource-2.34-150200.4.13.1 * pdsh-slurm_20_11-2.34-150200.4.13.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * pdsh-slurm_20_11-debuginfo-2.34-150200.4.13.1 * pdsh_slurm_20_11-debugsource-2.34-150200.4.13.1 * pdsh-slurm_20_11-2.34-150200.4.13.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215500 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 9 12:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 09 Oct 2023 12:30:04 -0000 Subject: SUSE-RU-2023:4014-1: important: This is recommended update for slurm and pdsh_slurm Message-ID: <169685460462.8907.3061917732712801100@smelt2.prg2.suse.org> # This is recommended update for slurm and pdsh_slurm Announcement ID: SUSE-RU-2023:4014-1 Rating: important References: * #1215500 Affected Products: * HPC Module 15-SP1 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 An update that has one fix can now be installed. ## Description: This is only delivering packages into missing channels, No codestream changes: * This update delivers the 'slurm' and 'pdsh_slurm_20_11' to missing channels (bcn#1215500) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4014=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4014=1 * HPC Module 15-SP1 zypper in -t patch SUSE-SLE-Module-HPC-15-SP1-2023-4014=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4014=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * pdsh-slurm_20_02-2.34-150100.10.21.2 * pdsh_slurm_20_02-debugsource-2.34-150100.10.21.2 * pdsh-slurm_20_02-debuginfo-2.34-150100.10.21.2 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * pdsh-slurm_20_02-2.34-150100.10.21.2 * pdsh_slurm_20_02-debugsource-2.34-150100.10.21.2 * pdsh-slurm_20_02-debuginfo-2.34-150100.10.21.2 * HPC Module 15-SP1 (aarch64 x86_64) * pdsh-debuginfo-2.34-150100.10.21.2 * pdsh-2.34-150100.10.21.2 * pdsh-debugsource-2.34-150100.10.21.2 * pdsh-slurm_20_11-2.34-150100.10.21.2 * pdsh-genders-debuginfo-2.34-150100.10.21.2 * pdsh-dshgroup-2.34-150100.10.21.2 * pdsh-machines-2.34-150100.10.21.2 * pdsh-netgroup-2.34-150100.10.21.2 * pdsh-dshgroup-debuginfo-2.34-150100.10.21.2 * pdsh-netgroup-debuginfo-2.34-150100.10.21.2 * pdsh-slurm_20_02-2.34-150100.10.21.2 * pdsh-genders-2.34-150100.10.21.2 * pdsh-slurm-2.34-150100.10.21.2 * pdsh-machines-debuginfo-2.34-150100.10.21.2 * pdsh-slurm-debuginfo-2.34-150100.10.21.2 * pdsh-slurm_20_02-debuginfo-2.34-150100.10.21.2 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * pdsh_slurm_22_05-debugsource-2.34-150100.10.21.2 * pdsh-debugsource-2.34-150100.10.21.2 * pdsh-slurm_20_11-2.34-150100.10.21.2 * pdsh-genders-debuginfo-2.34-150100.10.21.2 * pdsh-slurm_22_05-debuginfo-2.34-150100.10.21.2 * pdsh_slurm_20_02-debugsource-2.34-150100.10.21.2 * slurm_20_11-config-man-20.11.9-150100.3.16.2 * slurm_20_11-slurmdbd-20.11.9-150100.3.16.2 * slurm_20_11-pam_slurm-20.11.9-150100.3.16.2 * pdsh-netgroup-2.34-150100.10.21.2 * pdsh-dshgroup-debuginfo-2.34-150100.10.21.2 * slurm_20_11-webdoc-20.11.9-150100.3.16.2 * pdsh-slurm_20_02-2.34-150100.10.21.2 * slurm_20_11-node-20.11.9-150100.3.16.2 * perl-slurm_20_11-20.11.9-150100.3.16.2 * pdsh-machines-debuginfo-2.34-150100.10.21.2 * slurm_20_11-doc-20.11.9-150100.3.16.2 * pdsh-slurm_20_02-debuginfo-2.34-150100.10.21.2 * slurm_20_11-plugins-20.11.9-150100.3.16.2 * libnss_slurm2_20_11-20.11.9-150100.3.16.2 * pdsh-slurm_23_02-debuginfo-2.34-150100.10.21.2 * pdsh-2.34-150100.10.21.2 * slurm_20_11-lua-20.11.9-150100.3.16.2 * slurm_20_11-auth-none-20.11.9-150100.3.16.2 * pdsh-machines-2.34-150100.10.21.2 * pdsh-slurm_22_05-2.34-150100.10.21.2 * slurm_20_11-devel-20.11.9-150100.3.16.2 * slurm_20_11-torque-20.11.9-150100.3.16.2 * libpmi0_20_11-20.11.9-150100.3.16.2 * pdsh-genders-2.34-150100.10.21.2 * pdsh-slurm-debuginfo-2.34-150100.10.21.2 * pdsh-slurm_23_02-2.34-150100.10.21.2 * pdsh-debuginfo-2.34-150100.10.21.2 * slurm_20_11-config-20.11.9-150100.3.16.2 * slurm_20_11-sql-20.11.9-150100.3.16.2 * pdsh-dshgroup-2.34-150100.10.21.2 * slurm_20_11-munge-20.11.9-150100.3.16.2 * pdsh-netgroup-debuginfo-2.34-150100.10.21.2 * slurm_20_11-sview-20.11.9-150100.3.16.2 * slurm_20_11-20.11.9-150100.3.16.2 * pdsh-slurm-2.34-150100.10.21.2 * libslurm36-20.11.9-150100.3.16.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215500 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 9 12:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 09 Oct 2023 12:30:06 -0000 Subject: SUSE-RU-2023:4013-1: moderate: Recommended update for system-role-sap-business-one Message-ID: <169685460621.8907.5427333183299778466@smelt2.prg2.suse.org> # Recommended update for system-role-sap-business-one Announcement ID: SUSE-RU-2023:4013-1 Rating: moderate References: * #1212652 Affected Products: * openSUSE Leap 15.5 * SAP Business One Module 15-SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one fix can now be installed. ## Description: This update for system-role-sap-business-one fixes the following issues: * Fixed and issue whrn SAP BusinessOne Installer does partitioning not properly. (bsc#1212652) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4013=1 SUSE-2023-4013=1 * SAP Business One Module 15-SP5 zypper in -t patch SUSE-SLE-Module-SAP-Business-One-15-SP5-2023-4013=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * system-role-sap-business-one-15.5.1-150500.3.3.1 * SAP Business One Module 15-SP5 (x86_64) * system-role-sap-business-one-15.5.1-150500.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212652 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 9 12:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 09 Oct 2023 12:30:08 -0000 Subject: SUSE-RU-2023:4010-1: moderate: Recommended update for mlocate Message-ID: <169685460806.8907.448107836250623684@smelt2.prg2.suse.org> # Recommended update for mlocate Announcement ID: SUSE-RU-2023:4010-1 Rating: moderate References: * #1207884 * #1209409 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two fixes can now be installed. ## Description: This update for mlocate fixes the following issues: * Set umask 0022 before running /usr/bin/updatedb to avoid permission denied error (bsc#1209409) * Remove ProtectKernelModules from systemd unit to make it visible for locate (bsc#1207884) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4010=1 openSUSE-SLE-15.4-2023-4010=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4010=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4010=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4010=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * mlocate-debugsource-0.26-150400.16.6.1 * mlocate-0.26-150400.16.6.1 * mlocate-debuginfo-0.26-150400.16.6.1 * openSUSE Leap 15.4 (noarch) * mlocate-lang-0.26-150400.16.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * mlocate-debugsource-0.26-150400.16.6.1 * mlocate-0.26-150400.16.6.1 * mlocate-debuginfo-0.26-150400.16.6.1 * openSUSE Leap 15.5 (noarch) * mlocate-lang-0.26-150400.16.6.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * mlocate-debugsource-0.26-150400.16.6.1 * mlocate-0.26-150400.16.6.1 * mlocate-debuginfo-0.26-150400.16.6.1 * Basesystem Module 15-SP4 (noarch) * mlocate-lang-0.26-150400.16.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * mlocate-debugsource-0.26-150400.16.6.1 * mlocate-0.26-150400.16.6.1 * mlocate-debuginfo-0.26-150400.16.6.1 * Basesystem Module 15-SP5 (noarch) * mlocate-lang-0.26-150400.16.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207884 * https://bugzilla.suse.com/show_bug.cgi?id=1209409 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 9 12:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 09 Oct 2023 12:30:09 -0000 Subject: SUSE-SU-2023:4009-1: important: Security update for python-gevent Message-ID: <169685460962.8907.11807519227689178345@smelt2.prg2.suse.org> # Security update for python-gevent Announcement ID: SUSE-SU-2023:4009-1 Rating: important References: * #1215469 Cross-References: * CVE-2023-41419 CVSS scores: * CVE-2023-41419 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-41419 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * HPE Helion OpenStack 8 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise Server 12 SP3 * SUSE OpenStack Cloud 8 * SUSE OpenStack Cloud Crowbar 8 An update that solves one vulnerability can now be installed. ## Description: This update for python-gevent fixes the following issues: * CVE-2023-41419: Fixed a http request smuggling (bsc#1215469). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 8 zypper in -t patch SUSE-OpenStack-Cloud-8-2023-4009=1 * SUSE OpenStack Cloud Crowbar 8 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2023-4009=1 * HPE Helion OpenStack 8 zypper in -t patch HPE-Helion-OpenStack-8-2023-4009=1 ## Package List: * SUSE OpenStack Cloud 8 (x86_64) * python-gevent-1.1.2-3.3.1 * python-gevent-debugsource-1.1.2-3.3.1 * python-gevent-debuginfo-1.1.2-3.3.1 * SUSE OpenStack Cloud Crowbar 8 (x86_64) * python-gevent-1.1.2-3.3.1 * python-gevent-debugsource-1.1.2-3.3.1 * python-gevent-debuginfo-1.1.2-3.3.1 * HPE Helion OpenStack 8 (x86_64) * python-gevent-1.1.2-3.3.1 * python-gevent-debugsource-1.1.2-3.3.1 * python-gevent-debuginfo-1.1.2-3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41419.html * https://bugzilla.suse.com/show_bug.cgi?id=1215469 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 9 20:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 09 Oct 2023 20:30:03 -0000 Subject: SUSE-SU-2023:4018-1: important: Security update for go1.20 Message-ID: <169688340334.7786.10140805384227607099@smelt2.prg2.suse.org> # Security update for go1.20 Announcement ID: SUSE-SU-2023:4018-1 Rating: important References: * #1206346 * #1215985 Cross-References: * CVE-2023-39323 CVSS scores: * CVE-2023-39323 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for go1.20 fixes the following issues: * Updated to version 1.20.9 (bsc#1206346): * CVE-2023-39323: Fixed an arbitrary execution issue during build time due to path directive bypass (bsc#1215985). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4018=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4018=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4018=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4018=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * go1.20-doc-1.20.9-150000.1.26.1 * go1.20-race-1.20.9-150000.1.26.1 * go1.20-1.20.9-150000.1.26.1 * go1.20-debuginfo-1.20.9-150000.1.26.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * go1.20-doc-1.20.9-150000.1.26.1 * go1.20-race-1.20.9-150000.1.26.1 * go1.20-1.20.9-150000.1.26.1 * go1.20-debuginfo-1.20.9-150000.1.26.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * go1.20-doc-1.20.9-150000.1.26.1 * go1.20-1.20.9-150000.1.26.1 * Development Tools Module 15-SP4 (aarch64 x86_64) * go1.20-race-1.20.9-150000.1.26.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * go1.20-doc-1.20.9-150000.1.26.1 * go1.20-race-1.20.9-150000.1.26.1 * go1.20-1.20.9-150000.1.26.1 * go1.20-debuginfo-1.20.9-150000.1.26.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39323.html * https://bugzilla.suse.com/show_bug.cgi?id=1206346 * https://bugzilla.suse.com/show_bug.cgi?id=1215985 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 9 20:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 09 Oct 2023 20:30:05 -0000 Subject: SUSE-SU-2023:4017-1: important: Security update for go1.21 Message-ID: <169688340565.7786.3736645614965387250@smelt2.prg2.suse.org> # Security update for go1.21 Announcement ID: SUSE-SU-2023:4017-1 Rating: important References: * #1212475 * #1215985 Cross-References: * CVE-2023-39323 CVSS scores: * CVE-2023-39323 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for go1.21 fixes the following issues: * Updated to version 1.21.2 (bsc#1212475): * CVE-2023-39323: Fixed an arbitrary execution issue during build time due to path directive bypass (bsc#1215985). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4017=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4017=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4017=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4017=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * go1.21-race-1.21.2-150000.1.9.1 * go1.21-doc-1.21.2-150000.1.9.1 * go1.21-1.21.2-150000.1.9.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * go1.21-race-1.21.2-150000.1.9.1 * go1.21-doc-1.21.2-150000.1.9.1 * go1.21-1.21.2-150000.1.9.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * go1.21-doc-1.21.2-150000.1.9.1 * go1.21-1.21.2-150000.1.9.1 * Development Tools Module 15-SP4 (aarch64 x86_64) * go1.21-race-1.21.2-150000.1.9.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * go1.21-race-1.21.2-150000.1.9.1 * go1.21-doc-1.21.2-150000.1.9.1 * go1.21-1.21.2-150000.1.9.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39323.html * https://bugzilla.suse.com/show_bug.cgi?id=1212475 * https://bugzilla.suse.com/show_bug.cgi?id=1215985 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 9 20:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 09 Oct 2023 20:30:08 -0000 Subject: SUSE-SU-2023:4016-1: critical: Security update for MozillaThunderbird Message-ID: <169688340816.7786.3108887591625164561@smelt2.prg2.suse.org> # Security update for MozillaThunderbird Announcement ID: SUSE-SU-2023:4016-1 Rating: critical References: * #1210168 * #1215309 * #1215575 * #1215814 Cross-References: * CVE-2023-5168 * CVE-2023-5169 * CVE-2023-5171 * CVE-2023-5174 * CVE-2023-5176 * CVE-2023-5217 CVSS scores: * CVE-2023-5168 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5169 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-5171 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-5174 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5176 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5217 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5217 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves six vulnerabilities can now be installed. ## Description: This update for MozillaThunderbird fixes the following issues: Security fixes: \- CVE-2023-5217: Fixed a heap buffer overflow in libvpx. (bsc#1215814) \- CVE-2023-5168: Out-of-bounds write in FilterNodeD2D1. (bsc#1215575) \- CVE-2023-5169: Out-of-bounds write in PathOps. (bsc#1215575) \- CVE-2023-5171: Use-after-free in Ion Compiler. (bsc#1215575) \- CVE-2023-5174: Double-free in process spawning on Windows. (bsc#1215575) \- CVE-2023-5176: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. (bsc#1215575) Other fixes: * Mozilla Thunderbird 115.3.1 * fixed: In Unified Folders view, some folders had incorrect unified folder parent (bmo#1852525) * fixed: "Edit message as new" did not restore encrypted subject from selected message (bmo#1788534) * fixed: Importing some CalDAV calendars with yearly recurrence events caused Thunderbird to freeze (bmo#1850732) * fixed: Security fixes MFSA 2023-44 (bsc#1215814) * CVE-2023-5217 (bmo#1855550) Heap buffer overflow in libvpx * Mozilla Thunderbird 115.3 * fixed: Thunderbird could not import profiles with hostname ending in dot (".") (bmo#1825374) * fixed: Message header was occasionally missing in message preview (bmo#1840943) * fixed: Setting an existing folder's type flag did not add descendant folders to the Unified Folders view (bmo#1848904) * fixed: Thunderbird did not always delete all temporary mail files, sometimes preventing messages from being sent (bmo#673703) * fixed: Status bar in Message Compose window could not be hidden (bmo#1806860) * fixed: Message header was intermittently missing from message preview (bmo#1840943) * fixed: OAuth2 did not work on some profiles created in Thunderbird 102.6.1 or earlier (bmo#1814823) * fixed: In Vertical View, decrypted subject lines were displayed as ellipsis ("...") in message list (bmo#1831764) * fixed: Condensed address preference (mail.showCondensedAddresses) did not show condensed addresses in message list (bmo#1831280) * fixed: Spam folder could not be assigned non-ASCII names with IMAP UTF-8 enabled (bmo#1816332) * fixed: Message header was not displayed until images finished loading, causing noticeable delay for messages containing large images (bmo#1851871) * fixed: Large SVG favicons did not display on RSS feeds (bmo#1853895) * fixed: Context menu items did not display a hover background color (bmo#1852732) * fixed: Security fixes MFSA 2023-43 (bsc#1215575) * CVE-2023-5168 (bmo#1846683) Out-of-bounds write in FilterNodeD2D1 * CVE-2023-5169 (bmo#1846685) Out-of-bounds write in PathOps * CVE-2023-5171 (bmo#1851599) Use-after-free in Ion Compiler * CVE-2023-5174 (bmo#1848454) Double-free in process spawning on Windows * CVE-2023-5176 (bmo#1836353, bmo#1842674, bmo#1843824, bmo#1843962, bmo#1848890, bmo#1850180, bmo#1850983, bmo#1851195) Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 * Add patch mozilla-fix-broken-ffmpeg.patch to fix broken build with newer binutils (bsc#1215309) * Fix i586 build by reducing debug info to -g1. (bsc#1210168) * Mozilla Thunderbird 115.2.3 * changed: Card view and vertical layout are now default for new profiles (bmo#1849000) * fixed: Go - Folder menu was disabled (bmo#1849919) * fixed: "Tools" menu was blank when opened from compose window on macOS (bmo#1848155) * fixed: Deleting an attachment from a message on an IMAP server corrupted the local copy when configured with "mark as deleted" (bmo#1135434) * fixed: Manually entered passwords were not remembered for OAuth- authenticated accounts such as Yahoo mail (bmo#1673446) * fixed: Quick Filter's "Keep filters applied" did not persist after restarting Thunderbird (bmo#1846880,bmo#1849221) * fixed: Top-level Quick Filter settings did not persist after restart (bmo#1849249) * fixed: Notifications for new messages with non-ASCII characters in the subject were garbled (bmo#1842384) * fixed: "Mark Thread As Read" did not work when some messages in thread were already read (bmo#1850850) * fixed: New Groups tab in NNTP subscribe dialog id not work as expected (bmo#1848366) * fixed: Negative values were allowed in "Share for files larger than" field (bmo#1850281) * fixed: Thunderbird sometimes crashed when deleting a parent folder with subfolders (bmo#1851293) * fixed: "Send Message Error" appeared intermittently while Thunderbird was idle (bmo#1801668) * fixed: Focused but not selected messages were missing visual indication of focus in card view (bmo#1844263) * fixed: Notification dot did not disappear from taskbar icon on Windows after messages had already been read (bmo#1824889) * fixed: Multiple selected messages could not be opened simultaneously if selection included more than 19 messages (bmo#1851563) * fixed: Email replies received via BCC incorrectly populated From field with default identity (bmo#1851512) * fixed: User was not always notified of message send failures in outbox (bmo#1851542) * fixed: Tag dialog did not close properly after editing tag (bmo#1852414) * fixed: Newsgroup field in compose window did not autocomplete with suggested newsgroup names (bmo#1670457) * fixed: Canceling newsgroup messages did not check if sender matched user's own identity (bmo#1823274) * fixed: Event dialog with several invitees expanded beyond screen height (bmo#1848261) * fixed: Message check boxes were partially obstructed in message list (bmo#1850760) * unresolved: Some folders missing from Unified Folders () ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4016=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4016=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4016=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4016=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-4016=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4016=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * MozillaThunderbird-debuginfo-115.3.1-150200.8.133.1 * MozillaThunderbird-translations-other-115.3.1-150200.8.133.1 * MozillaThunderbird-translations-common-115.3.1-150200.8.133.1 * MozillaThunderbird-debugsource-115.3.1-150200.8.133.1 * MozillaThunderbird-115.3.1-150200.8.133.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * MozillaThunderbird-debuginfo-115.3.1-150200.8.133.1 * MozillaThunderbird-translations-other-115.3.1-150200.8.133.1 * MozillaThunderbird-translations-common-115.3.1-150200.8.133.1 * MozillaThunderbird-debugsource-115.3.1-150200.8.133.1 * MozillaThunderbird-115.3.1-150200.8.133.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x) * MozillaThunderbird-debuginfo-115.3.1-150200.8.133.1 * MozillaThunderbird-translations-other-115.3.1-150200.8.133.1 * MozillaThunderbird-translations-common-115.3.1-150200.8.133.1 * MozillaThunderbird-debugsource-115.3.1-150200.8.133.1 * MozillaThunderbird-115.3.1-150200.8.133.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x) * MozillaThunderbird-debuginfo-115.3.1-150200.8.133.1 * MozillaThunderbird-translations-other-115.3.1-150200.8.133.1 * MozillaThunderbird-translations-common-115.3.1-150200.8.133.1 * MozillaThunderbird-debugsource-115.3.1-150200.8.133.1 * MozillaThunderbird-115.3.1-150200.8.133.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * MozillaThunderbird-debuginfo-115.3.1-150200.8.133.1 * MozillaThunderbird-translations-other-115.3.1-150200.8.133.1 * MozillaThunderbird-translations-common-115.3.1-150200.8.133.1 * MozillaThunderbird-debugsource-115.3.1-150200.8.133.1 * MozillaThunderbird-115.3.1-150200.8.133.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * MozillaThunderbird-debuginfo-115.3.1-150200.8.133.1 * MozillaThunderbird-translations-other-115.3.1-150200.8.133.1 * MozillaThunderbird-translations-common-115.3.1-150200.8.133.1 * MozillaThunderbird-debugsource-115.3.1-150200.8.133.1 * MozillaThunderbird-115.3.1-150200.8.133.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5168.html * https://www.suse.com/security/cve/CVE-2023-5169.html * https://www.suse.com/security/cve/CVE-2023-5171.html * https://www.suse.com/security/cve/CVE-2023-5174.html * https://www.suse.com/security/cve/CVE-2023-5176.html * https://www.suse.com/security/cve/CVE-2023-5217.html * https://bugzilla.suse.com/show_bug.cgi?id=1210168 * https://bugzilla.suse.com/show_bug.cgi?id=1215309 * https://bugzilla.suse.com/show_bug.cgi?id=1215575 * https://bugzilla.suse.com/show_bug.cgi?id=1215814 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 10 07:03:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 09:03:49 +0200 (CEST) Subject: SUSE-CU-2023:3321-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20231010070349.61AB9FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3321-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.227 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.227 Severity : important Type : security References : 1215713 CVE-2023-35945 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). The following package changes have been done: - libnghttp2-14-1.40.0-150200.9.1 updated - container:sles15-image-15.0.0-27.14.104 updated From sle-updates at lists.suse.com Tue Oct 10 07:05:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 09:05:27 +0200 (CEST) Subject: SUSE-CU-2023:3323-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20231010070527.A7073FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3323-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.125 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.125 Severity : important Type : security References : 1215713 CVE-2023-35945 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). The following package changes have been done: - libnghttp2-14-1.40.0-150200.9.1 updated - container:sles15-image-15.0.0-27.14.104 updated From sle-updates at lists.suse.com Tue Oct 10 07:05:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 09:05:42 +0200 (CEST) Subject: SUSE-CU-2023:3324-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20231010070542.A2DA4FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3324-1 Container Tags : suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.68 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.68 Severity : moderate Type : recommended References : 1215596 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4003-1 Released: Mon Oct 9 08:29:33 2023 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1215596 This update for apparmor fixes the following issues: - Handle pam-config errors in pam_apparmor %post and %postun scripts (bsc#1215596) The following package changes have been done: - libapparmor1-3.0.4-150500.11.9.1 updated From sle-updates at lists.suse.com Tue Oct 10 07:08:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 09:08:32 +0200 (CEST) Subject: SUSE-CU-2023:3325-1: Security update of suse/sle15 Message-ID: <20231010070832.4D9DCFBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3325-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.352 Container Release : 9.5.352 Severity : important Type : security References : 1213854 1214292 1214395 1215007 1215713 CVE-2023-35945 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4006-1 Released: Mon Oct 9 08:35:50 2023 Summary: Recommended update for zypper Type: recommended Severity: moderate References: 1213854,1214292,1214395,1215007 This update for zypper fixes the following issues: - Fix name of the bash completion script (bsc#1215007) - Update notes about failing signature checks (bsc#1214395) - Improve the SIGINT handler to be signal safe (bsc#1214292) - Update to version 1.14.64 - Changed location of bash completion script (bsc#1213854). The following package changes have been done: - libnghttp2-14-1.40.0-150200.9.1 updated - zypper-1.14.64-150200.62.1 updated From sle-updates at lists.suse.com Tue Oct 10 07:10:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 09:10:30 +0200 (CEST) Subject: SUSE-CU-2023:3326-1: Security update of suse/sle15 Message-ID: <20231010071030.F18BFFBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3326-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.192 , suse/sle15:15.3 , suse/sle15:15.3.17.20.192 Container Release : 17.20.192 Severity : important Type : security References : 1213854 1214292 1214395 1215007 1215713 CVE-2023-35945 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4006-1 Released: Mon Oct 9 08:35:50 2023 Summary: Recommended update for zypper Type: recommended Severity: moderate References: 1213854,1214292,1214395,1215007 This update for zypper fixes the following issues: - Fix name of the bash completion script (bsc#1215007) - Update notes about failing signature checks (bsc#1214395) - Improve the SIGINT handler to be signal safe (bsc#1214292) - Update to version 1.14.64 - Changed location of bash completion script (bsc#1213854). The following package changes have been done: - libnghttp2-14-1.40.0-150200.9.1 updated - zypper-1.14.64-150200.62.1 updated From sle-updates at lists.suse.com Tue Oct 10 07:11:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 09:11:46 +0200 (CEST) Subject: SUSE-CU-2023:3327-1: Security update of bci/bci-init Message-ID: <20231010071146.14DFAFBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3327-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.29.66 Container Release : 29.66 Severity : important Type : security References : 1215713 CVE-2023-35945 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). The following package changes have been done: - libnghttp2-14-1.40.0-150200.9.1 updated From sle-updates at lists.suse.com Tue Oct 10 07:12:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 09:12:44 +0200 (CEST) Subject: SUSE-CU-2023:3328-1: Security update of suse/sle15 Message-ID: <20231010071244.5E3FBFBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3328-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.104 , suse/sle15:15.4 , suse/sle15:15.4.27.14.104 Container Release : 27.14.104 Severity : important Type : security References : 1215713 CVE-2023-35945 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). The following package changes have been done: - libnghttp2-14-1.40.0-150200.9.1 updated From sle-updates at lists.suse.com Tue Oct 10 07:13:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 09:13:06 +0200 (CEST) Subject: SUSE-CU-2023:3329-1: Security update of bci/bci-init Message-ID: <20231010071306.A764CFBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3329-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.10.7 , bci/bci-init:latest Container Release : 10.7 Severity : important Type : security References : 1215596 1215713 CVE-2023-35945 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4003-1 Released: Mon Oct 9 08:29:33 2023 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1215596 This update for apparmor fixes the following issues: - Handle pam-config errors in pam_apparmor %post and %postun scripts (bsc#1215596) The following package changes have been done: - libnghttp2-14-1.40.0-150200.9.1 updated - libapparmor1-3.0.4-150500.11.9.1 updated - container:sles15-image-15.0.0-36.5.40 updated From sle-updates at lists.suse.com Tue Oct 10 07:13:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 09:13:31 +0200 (CEST) Subject: SUSE-CU-2023:3330-1: Security update of bci/openjdk-devel Message-ID: <20231010071331.8C0E5FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3330-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-10.15 Container Release : 10.15 Severity : important Type : security References : 1215533 1215713 CVE-2023-35945 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3994-1 Released: Fri Oct 6 13:44:15 2023 Summary: Recommended update for git Type: recommended Severity: moderate References: 1215533 This update for git fixes the following issues: - Downgrade openssh dependency to recommends (bsc#1215533) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). The following package changes have been done: - libnghttp2-14-1.40.0-150200.9.1 updated - git-core-2.35.3-150300.10.30.1 updated - container:bci-openjdk-11-15.5.11-11.7 updated - libcbor0-0.5.0-150100.4.6.1 removed - libedit0-3.1.snap20150325-2.12 removed - libfido2-1-1.13.0-150400.5.6.1 removed - libhidapi-hidraw0-0.10.1-150300.3.2.1 removed - libudev1-249.16-150400.8.33.1 removed - openssh-clients-8.4p1-150300.3.22.1 removed - openssh-common-8.4p1-150300.3.22.1 removed - openssh-fips-8.4p1-150300.3.22.1 removed From sle-updates at lists.suse.com Tue Oct 10 07:13:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 09:13:53 +0200 (CEST) Subject: SUSE-CU-2023:3331-1: Security update of suse/pcp Message-ID: <20231010071353.EAA6EFBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3331-1 Container Tags : suse/pcp:5 , suse/pcp:5-15.15 , suse/pcp:5.2 , suse/pcp:5.2-15.15 , suse/pcp:5.2.5 , suse/pcp:5.2.5-15.15 , suse/pcp:latest Container Release : 15.15 Severity : important Type : security References : 1215596 1215713 CVE-2023-35945 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4003-1 Released: Mon Oct 9 08:29:33 2023 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1215596 This update for apparmor fixes the following issues: - Handle pam-config errors in pam_apparmor %post and %postun scripts (bsc#1215596) The following package changes have been done: - libnghttp2-14-1.40.0-150200.9.1 updated - libapparmor1-3.0.4-150500.11.9.1 updated - container:bci-bci-init-15.5-15.5-10.7 updated From sle-updates at lists.suse.com Tue Oct 10 07:14:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 09:14:12 +0200 (CEST) Subject: SUSE-CU-2023:3332-1: Security update of bci/php-fpm Message-ID: <20231010071412.185A3FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3332-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-8.7 Container Release : 8.7 Severity : important Type : security References : 1215596 1215713 CVE-2023-35945 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4003-1 Released: Mon Oct 9 08:29:33 2023 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1215596 This update for apparmor fixes the following issues: - Handle pam-config errors in pam_apparmor %post and %postun scripts (bsc#1215596) The following package changes have been done: - libnghttp2-14-1.40.0-150200.9.1 updated - libapparmor1-3.0.4-150500.11.9.1 updated - container:sles15-image-15.0.0-36.5.40 updated From sle-updates at lists.suse.com Tue Oct 10 07:14:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 09:14:29 +0200 (CEST) Subject: SUSE-CU-2023:3333-1: Security update of suse/postgres Message-ID: <20231010071429.636E4FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3333-1 Container Tags : suse/postgres:15 , suse/postgres:15-11.7 , suse/postgres:15.4 , suse/postgres:15.4-11.7 , suse/postgres:latest Container Release : 11.7 Severity : important Type : security References : 1215596 1215713 CVE-2023-35945 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4003-1 Released: Mon Oct 9 08:29:33 2023 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1215596 This update for apparmor fixes the following issues: - Handle pam-config errors in pam_apparmor %post and %postun scripts (bsc#1215596) The following package changes have been done: - libnghttp2-14-1.40.0-150200.9.1 updated - libapparmor1-3.0.4-150500.11.9.1 updated - container:sles15-image-15.0.0-36.5.40 updated From sle-updates at lists.suse.com Tue Oct 10 07:14:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 09:14:33 +0200 (CEST) Subject: SUSE-CU-2023:3334-1: Security update of suse/rmt-server Message-ID: <20231010071433.EA9D9FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3334-1 Container Tags : suse/rmt-server:2.14 , suse/rmt-server:2.14-11.6 , suse/rmt-server:latest Container Release : 11.6 Severity : important Type : security References : 1215713 CVE-2023-35945 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). The following package changes have been done: - libnghttp2-14-1.40.0-150200.9.1 updated From sle-updates at lists.suse.com Tue Oct 10 07:14:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 09:14:52 +0200 (CEST) Subject: SUSE-CU-2023:3335-1: Security update of bci/ruby Message-ID: <20231010071452.68EDCFBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3335-1 Container Tags : bci/ruby:2 , bci/ruby:2-12.6 , bci/ruby:2.5 , bci/ruby:2.5-12.6 , bci/ruby:latest Container Release : 12.6 Severity : important Type : security References : 1215533 1215713 CVE-2023-35945 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3994-1 Released: Fri Oct 6 13:44:15 2023 Summary: Recommended update for git Type: recommended Severity: moderate References: 1215533 This update for git fixes the following issues: - Downgrade openssh dependency to recommends (bsc#1215533) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). The following package changes have been done: - libnghttp2-14-1.40.0-150200.9.1 updated - git-core-2.35.3-150300.10.30.1 updated - libcbor0-0.5.0-150100.4.6.1 removed - libedit0-3.1.snap20150325-2.12 removed - libfido2-1-1.13.0-150400.5.6.1 removed - libhidapi-hidraw0-0.10.1-150300.3.2.1 removed - libudev1-249.16-150400.8.33.1 removed - openssh-clients-8.4p1-150300.3.22.1 removed - openssh-common-8.4p1-150300.3.22.1 removed - openssh-fips-8.4p1-150300.3.22.1 removed From sle-updates at lists.suse.com Tue Oct 10 07:15:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 09:15:12 +0200 (CEST) Subject: SUSE-CU-2023:3336-1: Security update of bci/rust Message-ID: <20231010071512.EE573FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3336-1 Container Tags : bci/rust:1.71 , bci/rust:1.71-2.4.6 , bci/rust:oldstable , bci/rust:oldstable-2.4.6 Container Release : 4.6 Severity : important Type : security References : 1215713 CVE-2023-35945 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). The following package changes have been done: - libnghttp2-14-1.40.0-150200.9.1 updated From sle-updates at lists.suse.com Tue Oct 10 07:15:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 09:15:29 +0200 (CEST) Subject: SUSE-CU-2023:3337-1: Security update of suse/sle15 Message-ID: <20231010071529.09BFCFBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3337-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.40 , suse/sle15:15.5 , suse/sle15:15.5.36.5.40 Container Release : 36.5.40 Severity : important Type : security References : 1215713 CVE-2023-35945 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). The following package changes have been done: - libnghttp2-14-1.40.0-150200.9.1 updated From sle-updates at lists.suse.com Tue Oct 10 07:16:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 09:16:20 +0200 (CEST) Subject: SUSE-CU-2023:3338-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20231010071620.DA293FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3338-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.469 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.469 Severity : important Type : security References : 1213854 1214292 1214395 1215007 1215713 CVE-2023-35945 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4006-1 Released: Mon Oct 9 08:35:50 2023 Summary: Recommended update for zypper Type: recommended Severity: moderate References: 1213854,1214292,1214395,1215007 This update for zypper fixes the following issues: - Fix name of the bash completion script (bsc#1215007) - Update notes about failing signature checks (bsc#1214395) - Improve the SIGINT handler to be signal safe (bsc#1214292) - Update to version 1.14.64 - Changed location of bash completion script (bsc#1213854). The following package changes have been done: - libnghttp2-14-1.40.0-150200.9.1 updated - zypper-1.14.64-150200.62.1 updated - container:sles15-image-15.0.0-17.20.192 updated From sle-updates at lists.suse.com Tue Oct 10 07:18:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 09:18:53 +0200 (CEST) Subject: SUSE-CU-2023:3340-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20231010071853.B5077FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3340-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.291 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.291 Severity : important Type : security References : 1213854 1214292 1214395 1215007 1215713 CVE-2023-35945 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4006-1 Released: Mon Oct 9 08:35:50 2023 Summary: Recommended update for zypper Type: recommended Severity: moderate References: 1213854,1214292,1214395,1215007 This update for zypper fixes the following issues: - Fix name of the bash completion script (bsc#1215007) - Update notes about failing signature checks (bsc#1214395) - Improve the SIGINT handler to be signal safe (bsc#1214292) - Update to version 1.14.64 - Changed location of bash completion script (bsc#1213854). The following package changes have been done: - libnghttp2-14-1.40.0-150200.9.1 updated - zypper-1.14.64-150200.62.1 updated - container:sles15-image-15.0.0-17.20.192 updated From sle-updates at lists.suse.com Tue Oct 10 08:08:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 10:08:08 +0200 (CEST) Subject: SUSE-CU-2023:3341-1: Security update of bci/nodejs Message-ID: <20231010080808.F40D6FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3341-1 Container Tags : bci/node:18 , bci/node:18-11.7 , bci/node:latest , bci/nodejs:18 , bci/nodejs:18-11.7 , bci/nodejs:latest Container Release : 11.7 Severity : important Type : security References : 1215533 1215713 CVE-2023-35945 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3994-1 Released: Fri Oct 6 13:44:15 2023 Summary: Recommended update for git Type: recommended Severity: moderate References: 1215533 This update for git fixes the following issues: - Downgrade openssh dependency to recommends (bsc#1215533) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). The following package changes have been done: - libnghttp2-14-1.40.0-150200.9.1 updated - git-core-2.35.3-150300.10.30.1 updated - container:sles15-image-15.0.0-36.5.40 updated - libcbor0-0.5.0-150100.4.6.1 removed - libedit0-3.1.snap20150325-2.12 removed - libfido2-1-1.13.0-150400.5.6.1 removed - libhidapi-hidraw0-0.10.1-150300.3.2.1 removed - libudev1-249.16-150400.8.33.1 removed - openssh-clients-8.4p1-150300.3.22.1 removed - openssh-common-8.4p1-150300.3.22.1 removed - openssh-fips-8.4p1-150300.3.22.1 removed From sle-updates at lists.suse.com Tue Oct 10 08:34:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 08:34:33 -0000 Subject: SUSE-RU-2023:4020-1: moderate: Recommended update for bpftool Message-ID: <169692687364.32462.4060847172563578014@smelt2.prg2.suse.org> # Recommended update for bpftool Announcement ID: SUSE-RU-2023:4020-1 Rating: moderate References: * PED-3774 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that contains one feature can now be installed. ## Description: This update for bpftool fixes the following issues: Ship bpftool to the SUSE Linux Enterprise 15 SP5 Basesystem module. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4020=1 openSUSE-SLE-15.5-2023-4020=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4020=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * bpftool-5.14.21-150500.12.3.1 * bpftool-debuginfo-5.14.21-150500.12.3.1 * bpftool-debugsource-5.14.21-150500.12.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * bpftool-5.14.21-150500.12.3.1 * bpftool-debuginfo-5.14.21-150500.12.3.1 * bpftool-debugsource-5.14.21-150500.12.3.1 ## References: * https://jira.suse.com/browse/PED-3774 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 10 12:18:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 14:18:29 +0200 (CEST) Subject: SUSE-CU-2023:3342-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20231010121829.F417CFBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3342-1 Container Tags : suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.69 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.69 Severity : important Type : security References : 1215713 CVE-2023-35945 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). The following package changes have been done: - libnghttp2-14-1.40.0-150200.9.1 updated - container:sles15-image-15.0.0-36.5.40 updated From sle-updates at lists.suse.com Tue Oct 10 12:21:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 14:21:00 +0200 (CEST) Subject: SUSE-CU-2023:3343-1: Security update of suse/pcp Message-ID: <20231010122100.A958FFBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3343-1 Container Tags : suse/pcp:5 , suse/pcp:5-17.140 , suse/pcp:5.2 , suse/pcp:5.2-17.140 , suse/pcp:5.2.5 , suse/pcp:5.2.5-17.140 Container Release : 17.140 Severity : important Type : security References : 1215713 CVE-2023-35945 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). The following package changes have been done: - libnghttp2-14-1.40.0-150200.9.1 updated - container:bci-bci-init-15.4-15.4-29.66 updated From sle-updates at lists.suse.com Tue Oct 10 12:21:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 14:21:23 +0200 (CEST) Subject: SUSE-CU-2023:3344-1: Security update of suse/postgres Message-ID: <20231010122123.7B000FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3344-1 Container Tags : suse/postgres:14 , suse/postgres:14-22.72 , suse/postgres:14.9 , suse/postgres:14.9-22.72 Container Release : 22.72 Severity : important Type : security References : 1215713 CVE-2023-35945 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). The following package changes have been done: - libnghttp2-14-1.40.0-150200.9.1 updated From sle-updates at lists.suse.com Tue Oct 10 12:21:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 14:21:43 +0200 (CEST) Subject: SUSE-CU-2023:3345-1: Security update of suse/389-ds Message-ID: <20231010122143.D0F9CFBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3345-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-16.7 , suse/389-ds:latest Container Release : 16.7 Severity : important Type : security References : 1215713 CVE-2023-35945 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). The following package changes have been done: - libnghttp2-14-1.40.0-150200.9.1 updated - container:sles15-image-15.0.0-36.5.40 updated From sle-updates at lists.suse.com Tue Oct 10 12:21:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 14:21:48 +0200 (CEST) Subject: SUSE-CU-2023:3346-1: Security update of suse/git Message-ID: <20231010122148.72C46FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3346-1 Container Tags : suse/git:2.35 , suse/git:2.35-4.2 , suse/git:latest Container Release : 4.2 Severity : important Type : security References : 1215533 1215713 CVE-2023-35945 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3994-1 Released: Fri Oct 6 13:44:15 2023 Summary: Recommended update for git Type: recommended Severity: moderate References: 1215533 This update for git fixes the following issues: - Downgrade openssh dependency to recommends (bsc#1215533) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). The following package changes have been done: - git-core-2.35.3-150300.10.30.1 updated - libnghttp2-14-1.40.0-150200.9.1 updated - libcbor0-0.5.0-150100.4.6.1 removed - libedit0-3.1.snap20150325-2.12 removed - libfido2-1-1.13.0-150400.5.6.1 removed - libhidapi-hidraw0-0.10.1-150300.3.2.1 removed - libudev1-249.16-150400.8.33.1 removed - openssh-clients-8.4p1-150300.3.22.1 removed - openssh-common-8.4p1-150300.3.22.1 removed From sle-updates at lists.suse.com Tue Oct 10 12:22:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 14:22:05 +0200 (CEST) Subject: SUSE-CU-2023:3347-1: Security update of bci/golang Message-ID: <20231010122205.EAB48FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3347-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-2.4.8 , bci/golang:oldstable , bci/golang:oldstable-2.4.8 Container Release : 4.8 Severity : important Type : security References : 1206346 1215533 1215713 1215985 CVE-2023-35945 CVE-2023-39323 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3994-1 Released: Fri Oct 6 13:44:15 2023 Summary: Recommended update for git Type: recommended Severity: moderate References: 1215533 This update for git fixes the following issues: - Downgrade openssh dependency to recommends (bsc#1215533) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4018-1 Released: Mon Oct 9 19:23:57 2023 Summary: Security update for go1.20 Type: security Severity: important References: 1206346,1215985,CVE-2023-39323 This update for go1.20 fixes the following issues: - Updated to version 1.20.9 (bsc#1206346): - CVE-2023-39323: Fixed an arbitrary execution issue during build time due to path directive bypass (bsc#1215985). The following package changes have been done: - libnghttp2-14-1.40.0-150200.9.1 updated - go1.20-doc-1.20.9-150000.1.26.1 updated - git-core-2.35.3-150300.10.30.1 updated - go1.20-1.20.9-150000.1.26.1 updated - go1.20-race-1.20.9-150000.1.26.1 updated - container:sles15-image-15.0.0-36.5.40 updated - libcbor0-0.5.0-150100.4.6.1 removed - libedit0-3.1.snap20150325-2.12 removed - libfido2-1-1.13.0-150400.5.6.1 removed - libhidapi-hidraw0-0.10.1-150300.3.2.1 removed - libudev1-249.16-150400.8.33.1 removed - openssh-clients-8.4p1-150300.3.22.1 removed - openssh-common-8.4p1-150300.3.22.1 removed - openssh-fips-8.4p1-150300.3.22.1 removed From sle-updates at lists.suse.com Tue Oct 10 12:22:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 14:22:12 +0200 (CEST) Subject: SUSE-CU-2023:3348-1: Security update of bci/golang Message-ID: <20231010122212.93B04FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3348-1 Container Tags : bci/golang:1.19-openssl , bci/golang:1.19-openssl-7.6 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-7.6 Container Release : 7.6 Severity : important Type : security References : 1211078 1215533 1215713 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 CVE-2023-35945 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3994-1 Released: Fri Oct 6 13:44:15 2023 Summary: Recommended update for git Type: recommended Severity: moderate References: 1215533 This update for git fixes the following issues: - Downgrade openssh dependency to recommends (bsc#1215533) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). The following package changes have been done: - libnghttp2-14-1.40.0-150200.9.1 updated - libeconf0-0.5.2-150400.3.6.1 updated - git-core-2.35.3-150300.10.30.1 updated - container:sles15-image-15.0.0-36.5.39 updated - libcbor0-0.5.0-150100.4.6.1 removed - libedit0-3.1.snap20150325-2.12 removed - libfido2-1-1.13.0-150400.5.6.1 removed - libhidapi-hidraw0-0.10.1-150300.3.2.1 removed - libudev1-249.16-150400.8.33.1 removed - openssh-clients-8.4p1-150300.3.22.1 removed - openssh-common-8.4p1-150300.3.22.1 removed - openssh-fips-8.4p1-150300.3.22.1 removed From sle-updates at lists.suse.com Tue Oct 10 12:22:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 14:22:35 +0200 (CEST) Subject: SUSE-CU-2023:3349-1: Security update of bci/golang Message-ID: <20231010122235.52C01FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3349-1 Container Tags : bci/golang:1.21 , bci/golang:1.21-1.4.7 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.4.7 Container Release : 4.7 Severity : important Type : security References : 1212475 1215533 1215713 1215985 CVE-2023-35945 CVE-2023-39323 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3994-1 Released: Fri Oct 6 13:44:15 2023 Summary: Recommended update for git Type: recommended Severity: moderate References: 1215533 This update for git fixes the following issues: - Downgrade openssh dependency to recommends (bsc#1215533) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4017-1 Released: Mon Oct 9 19:23:23 2023 Summary: Security update for go1.21 Type: security Severity: important References: 1212475,1215985,CVE-2023-39323 This update for go1.21 fixes the following issues: - Updated to version 1.21.2 (bsc#1212475): - CVE-2023-39323: Fixed an arbitrary execution issue during build time due to path directive bypass (bsc#1215985). The following package changes have been done: - libnghttp2-14-1.40.0-150200.9.1 updated - go1.21-doc-1.21.2-150000.1.9.1 updated - git-core-2.35.3-150300.10.30.1 updated - go1.21-1.21.2-150000.1.9.1 updated - go1.21-race-1.21.2-150000.1.9.1 updated - container:sles15-image-15.0.0-36.5.40 updated - libcbor0-0.5.0-150100.4.6.1 removed - libedit0-3.1.snap20150325-2.12 removed - libfido2-1-1.13.0-150400.5.6.1 removed - libhidapi-hidraw0-0.10.1-150300.3.2.1 removed - libudev1-249.16-150400.8.33.1 removed - openssh-clients-8.4p1-150300.3.22.1 removed - openssh-common-8.4p1-150300.3.22.1 removed - openssh-fips-8.4p1-150300.3.22.1 removed From sle-updates at lists.suse.com Tue Oct 10 12:22:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 14:22:41 +0200 (CEST) Subject: SUSE-CU-2023:3350-1: Security update of bci/golang Message-ID: <20231010122241.58CBBFBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3350-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-7.6 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-7.6 Container Release : 7.6 Severity : important Type : security References : 1215533 1215713 CVE-2023-35945 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3994-1 Released: Fri Oct 6 13:44:15 2023 Summary: Recommended update for git Type: recommended Severity: moderate References: 1215533 This update for git fixes the following issues: - Downgrade openssh dependency to recommends (bsc#1215533) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). The following package changes have been done: - libnghttp2-14-1.40.0-150200.9.1 updated - git-core-2.35.3-150300.10.30.1 updated - libcbor0-0.5.0-150100.4.6.1 removed - libedit0-3.1.snap20150325-2.12 removed - libfido2-1-1.13.0-150400.5.6.1 removed - libhidapi-hidraw0-0.10.1-150300.3.2.1 removed - libudev1-249.16-150400.8.33.1 removed - openssh-clients-8.4p1-150300.3.22.1 removed - openssh-common-8.4p1-150300.3.22.1 removed - openssh-fips-8.4p1-150300.3.22.1 removed From sle-updates at lists.suse.com Tue Oct 10 12:22:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 14:22:51 +0200 (CEST) Subject: SUSE-CU-2023:3351-1: Security update of suse/nginx Message-ID: <20231010122251.865F5FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3351-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-5.7 , suse/nginx:latest Container Release : 5.7 Severity : important Type : security References : 1215713 CVE-2023-35945 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). The following package changes have been done: - libnghttp2-14-1.40.0-150200.9.1 updated From sle-updates at lists.suse.com Tue Oct 10 12:23:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 14:23:11 +0200 (CEST) Subject: SUSE-CU-2023:3352-1: Security update of bci/openjdk Message-ID: <20231010122311.83D49FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3352-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-11.7 Container Release : 11.7 Severity : important Type : security References : 1215713 CVE-2023-35945 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). The following package changes have been done: - libnghttp2-14-1.40.0-150200.9.1 updated From sle-updates at lists.suse.com Tue Oct 10 12:23:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 14:23:35 +0200 (CEST) Subject: SUSE-CU-2023:3353-1: Security update of bci/openjdk-devel Message-ID: <20231010122335.626B9FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3353-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-12.14 , bci/openjdk-devel:latest Container Release : 12.14 Severity : important Type : security References : 1215533 1215713 CVE-2023-35945 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3994-1 Released: Fri Oct 6 13:44:15 2023 Summary: Recommended update for git Type: recommended Severity: moderate References: 1215533 This update for git fixes the following issues: - Downgrade openssh dependency to recommends (bsc#1215533) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). The following package changes have been done: - libnghttp2-14-1.40.0-150200.9.1 updated - git-core-2.35.3-150300.10.30.1 updated - container:bci-openjdk-17-15.5.17-12.7 updated - libcbor0-0.5.0-150100.4.6.1 removed - libedit0-3.1.snap20150325-2.12 removed - libfido2-1-1.13.0-150400.5.6.1 removed - libhidapi-hidraw0-0.10.1-150300.3.2.1 removed - libudev1-249.16-150400.8.33.1 removed - openssh-clients-8.4p1-150300.3.22.1 removed - openssh-common-8.4p1-150300.3.22.1 removed - openssh-fips-8.4p1-150300.3.22.1 removed From sle-updates at lists.suse.com Tue Oct 10 12:23:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 14:23:57 +0200 (CEST) Subject: SUSE-CU-2023:3354-1: Security update of bci/openjdk Message-ID: <20231010122357.470AAFBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3354-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-12.7 , bci/openjdk:latest Container Release : 12.7 Severity : important Type : security References : 1215713 CVE-2023-35945 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). The following package changes have been done: - libnghttp2-14-1.40.0-150200.9.1 updated From sle-updates at lists.suse.com Tue Oct 10 12:24:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 14:24:16 +0200 (CEST) Subject: SUSE-CU-2023:3355-1: Security update of bci/php-apache Message-ID: <20231010122416.EDB65FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3355-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-8.6 Container Release : 8.6 Severity : important Type : security References : 1215713 CVE-2023-35945 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). The following package changes have been done: - libnghttp2-14-1.40.0-150200.9.1 updated From sle-updates at lists.suse.com Tue Oct 10 12:24:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 14:24:38 +0200 (CEST) Subject: SUSE-CU-2023:3356-1: Security update of bci/python Message-ID: <20231010122438.C459BFBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3356-1 Container Tags : bci/python:3 , bci/python:3-12.2 , bci/python:3.11 , bci/python:3.11-12.2 , bci/python:latest Container Release : 12.2 Severity : important Type : security References : 1215533 1215713 CVE-2023-35945 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3994-1 Released: Fri Oct 6 13:44:15 2023 Summary: Recommended update for git Type: recommended Severity: moderate References: 1215533 This update for git fixes the following issues: - Downgrade openssh dependency to recommends (bsc#1215533) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). The following package changes have been done: - libnghttp2-14-1.40.0-150200.9.1 updated - git-core-2.35.3-150300.10.30.1 updated - libcbor0-0.5.0-150100.4.6.1 removed - libedit0-3.1.snap20150325-2.12 removed - libfido2-1-1.13.0-150400.5.6.1 removed - libhidapi-hidraw0-0.10.1-150300.3.2.1 removed - libudev1-249.16-150400.8.33.1 removed - openssh-clients-8.4p1-150300.3.22.1 removed - openssh-common-8.4p1-150300.3.22.1 removed - openssh-fips-8.4p1-150300.3.22.1 removed From sle-updates at lists.suse.com Tue Oct 10 12:25:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 14:25:01 +0200 (CEST) Subject: SUSE-CU-2023:3357-1: Security update of bci/python Message-ID: <20231010122501.94711FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3357-1 Container Tags : bci/python:3 , bci/python:3-14.2 , bci/python:3.6 , bci/python:3.6-14.2 Container Release : 14.2 Severity : important Type : security References : 1215533 1215713 CVE-2023-35945 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3994-1 Released: Fri Oct 6 13:44:15 2023 Summary: Recommended update for git Type: recommended Severity: moderate References: 1215533 This update for git fixes the following issues: - Downgrade openssh dependency to recommends (bsc#1215533) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). The following package changes have been done: - libnghttp2-14-1.40.0-150200.9.1 updated - git-core-2.35.3-150300.10.30.1 updated - libcbor0-0.5.0-150100.4.6.1 removed - libedit0-3.1.snap20150325-2.12 removed - libfido2-1-1.13.0-150400.5.6.1 removed - libhidapi-hidraw0-0.10.1-150300.3.2.1 removed - libudev1-249.16-150400.8.33.1 removed - openssh-clients-8.4p1-150300.3.22.1 removed - openssh-common-8.4p1-150300.3.22.1 removed - openssh-fips-8.4p1-150300.3.22.1 removed From sle-updates at lists.suse.com Tue Oct 10 12:25:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 14:25:22 +0200 (CEST) Subject: SUSE-CU-2023:3358-1: Security update of bci/rust Message-ID: <20231010122522.8F44BFBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3358-1 Container Tags : bci/rust:1.72 , bci/rust:1.72-1.4.7 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.4.7 Container Release : 4.7 Severity : important Type : security References : 1215713 1215834 CVE-2023-35945 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3993-1 Released: Fri Oct 6 12:04:30 2023 Summary: Recommended update for rust1.72 Type: recommended Severity: moderate References: 1215834 This update for rust1.72 fixes the following issues: - use gcc12 instead of gcc11 (bsc#1215834) Version 1.72.1 (2023-09-19) =========================== - Adjust codegen change to improve LLVM codegen - rustdoc: Fix self ty params in objects with lifetimes - Fix regression in compile times - Resolve some ICE regressions in the compiler. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). The following package changes have been done: - libnghttp2-14-1.40.0-150200.9.1 updated - libasan8-12.3.0+git1204-150000.1.16.1 added - libtsan2-12.3.0+git1204-150000.1.16.1 added - cpp12-12.3.0+git1204-150000.1.16.1 added - gcc12-12.3.0+git1204-150000.1.16.1 added - rust1.72-1.72.1-150400.9.6.1 updated - cargo1.72-1.72.1-150400.9.6.1 updated - cpp11-11.3.0+git1637-150000.1.11.2 removed - gcc11-11.3.0+git1637-150000.1.11.2 removed - libasan6-11.3.0+git1637-150000.1.11.2 removed - libtsan0-11.3.0+git1637-150000.1.11.2 removed From sle-updates at lists.suse.com Tue Oct 10 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 12:30:02 -0000 Subject: SUSE-SU-2023:4025-1: low: Security update for shadow Message-ID: <169694100279.544.16121602611349867711@smelt2.prg2.suse.org> # Security update for shadow Announcement ID: SUSE-SU-2023:4025-1 Rating: low References: * #1214806 Cross-References: * CVE-2023-4641 CVSS scores: * CVE-2023-4641 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Products: * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability can now be installed. ## Description: This update for shadow fixes the following issues: * CVE-2023-4641: Fixed potential password leak (bsc#1214806). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4025=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4025=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4025=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4025=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-4025=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4025=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4025=1 ## Package List: * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * shadow-debugsource-4.6-150100.3.11.1 * shadow-debuginfo-4.6-150100.3.11.1 * shadow-4.6-150100.3.11.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * shadow-debugsource-4.6-150100.3.11.1 * shadow-debuginfo-4.6-150100.3.11.1 * shadow-4.6-150100.3.11.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * shadow-debugsource-4.6-150100.3.11.1 * shadow-debuginfo-4.6-150100.3.11.1 * shadow-4.6-150100.3.11.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * shadow-debugsource-4.6-150100.3.11.1 * shadow-debuginfo-4.6-150100.3.11.1 * shadow-4.6-150100.3.11.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * shadow-debugsource-4.6-150100.3.11.1 * shadow-debuginfo-4.6-150100.3.11.1 * shadow-4.6-150100.3.11.1 * SUSE CaaS Platform 4.0 (x86_64) * shadow-debugsource-4.6-150100.3.11.1 * shadow-debuginfo-4.6-150100.3.11.1 * shadow-4.6-150100.3.11.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * shadow-debugsource-4.6-150100.3.11.1 * shadow-debuginfo-4.6-150100.3.11.1 * shadow-4.6-150100.3.11.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * shadow-debugsource-4.6-150100.3.11.1 * shadow-debuginfo-4.6-150100.3.11.1 * shadow-4.6-150100.3.11.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4641.html * https://bugzilla.suse.com/show_bug.cgi?id=1214806 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 10 12:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 12:30:05 -0000 Subject: SUSE-SU-2023:4024-1: low: Security update for shadow Message-ID: <169694100556.544.13537546098504810006@smelt2.prg2.suse.org> # Security update for shadow Announcement ID: SUSE-SU-2023:4024-1 Rating: low References: * #1214806 Cross-References: * CVE-2023-4641 CVSS scores: * CVE-2023-4641 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for shadow fixes the following issues: * CVE-2023-4641: Fixed potential password leak (bsc#1214806). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4024=1 SUSE-2023-4024=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4024=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4024=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4024=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4024=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4024=1 ## Package List: * openSUSE Leap 15.4 (noarch) * login_defs-4.8.1-150400.10.12.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * shadow-debugsource-4.8.1-150400.10.12.1 * shadow-4.8.1-150400.10.12.1 * shadow-debuginfo-4.8.1-150400.10.12.1 * openSUSE Leap 15.5 (noarch) * login_defs-4.8.1-150400.10.12.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * shadow-debugsource-4.8.1-150400.10.12.1 * shadow-4.8.1-150400.10.12.1 * shadow-debuginfo-4.8.1-150400.10.12.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * login_defs-4.8.1-150400.10.12.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * shadow-debugsource-4.8.1-150400.10.12.1 * shadow-4.8.1-150400.10.12.1 * shadow-debuginfo-4.8.1-150400.10.12.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * login_defs-4.8.1-150400.10.12.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * shadow-debugsource-4.8.1-150400.10.12.1 * shadow-4.8.1-150400.10.12.1 * shadow-debuginfo-4.8.1-150400.10.12.1 * Basesystem Module 15-SP4 (noarch) * login_defs-4.8.1-150400.10.12.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * shadow-debugsource-4.8.1-150400.10.12.1 * shadow-4.8.1-150400.10.12.1 * shadow-debuginfo-4.8.1-150400.10.12.1 * Basesystem Module 15-SP5 (noarch) * login_defs-4.8.1-150400.10.12.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * shadow-debugsource-4.8.1-150400.10.12.1 * shadow-4.8.1-150400.10.12.1 * shadow-debuginfo-4.8.1-150400.10.12.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4641.html * https://bugzilla.suse.com/show_bug.cgi?id=1214806 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 10 12:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 12:30:07 -0000 Subject: SUSE-SU-2023:4023-1: low: Security update for shadow Message-ID: <169694100768.544.2442550069624939742@smelt2.prg2.suse.org> # Security update for shadow Announcement ID: SUSE-SU-2023:4023-1 Rating: low References: * #1214806 Cross-References: * CVE-2023-4641 CVSS scores: * CVE-2023-4641 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for shadow fixes the following issues: * CVE-2023-4641: Fixed potential password leak (bsc#1214806). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4023=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4023=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4023=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * shadow-4.2.1-36.6.1 * shadow-debuginfo-4.2.1-36.6.1 * shadow-debugsource-4.2.1-36.6.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * shadow-4.2.1-36.6.1 * shadow-debuginfo-4.2.1-36.6.1 * shadow-debugsource-4.2.1-36.6.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * shadow-4.2.1-36.6.1 * shadow-debuginfo-4.2.1-36.6.1 * shadow-debugsource-4.2.1-36.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4641.html * https://bugzilla.suse.com/show_bug.cgi?id=1214806 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 10 12:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 12:30:10 -0000 Subject: SUSE-SU-2023:4022-1: important: Security update for conmon Message-ID: <169694101040.544.14259558307876573908@smelt2.prg2.suse.org> # Security update for conmon Announcement ID: SUSE-SU-2023:4022-1 Rating: important References: * #1215806 Affected Products: * Containers Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one security fix can now be installed. ## Description: This update for conmon fixes the following issues: conmon is rebuild with go1.21 to capture current stability, bug and security fixes. (bsc#1215806) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4022=1 openSUSE-SLE-15.5-2023-4022=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4022=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-4022=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * conmon-2.1.7-150500.9.6.1 * conmon-debuginfo-2.1.7-150500.9.6.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * conmon-2.1.7-150500.9.6.1 * conmon-debuginfo-2.1.7-150500.9.6.1 * Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64) * conmon-2.1.7-150500.9.6.1 * conmon-debuginfo-2.1.7-150500.9.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215806 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 10 12:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 12:30:12 -0000 Subject: SUSE-SU-2023:4021-1: important: Security update for conmon Message-ID: <169694101241.544.12675948656311022812@smelt2.prg2.suse.org> # Security update for conmon Announcement ID: SUSE-SU-2023:4021-1 Rating: important References: * #1215806 Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that has one security fix can now be installed. ## Description: This update for conmon fixes the following issues: conmon is rebuilt with go1.21. (bsc#1215806) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4021=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4021=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4021=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4021=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4021=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4021=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * conmon-debuginfo-2.1.3-150100.3.12.1 * conmon-2.1.3-150100.3.12.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * conmon-debuginfo-2.1.3-150100.3.12.1 * conmon-2.1.3-150100.3.12.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * conmon-debuginfo-2.1.3-150100.3.12.1 * conmon-2.1.3-150100.3.12.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * conmon-debuginfo-2.1.3-150100.3.12.1 * conmon-2.1.3-150100.3.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * conmon-debuginfo-2.1.3-150100.3.12.1 * conmon-2.1.3-150100.3.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * conmon-debuginfo-2.1.3-150100.3.12.1 * conmon-2.1.3-150100.3.12.1 * SUSE CaaS Platform 4.0 (x86_64) * conmon-debuginfo-2.1.3-150100.3.12.1 * conmon-2.1.3-150100.3.12.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215806 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 10 16:36:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 16:36:28 -0000 Subject: SUSE-SU-2023:4035-1: important: Security update for the Linux Kernel Message-ID: <169695578875.11211.2446830039997164272@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4035-1 Rating: important References: * #1152472 * #1202845 * #1206453 * #1213808 * #1214941 * #1214942 * #1214943 * #1214944 * #1214950 * #1214951 * #1214954 * #1214957 * #1214986 * #1214992 * #1214993 * #1215322 * #1215523 * #1215877 * #1215894 * #1215895 * #1215896 * #1215911 * #1215915 * #1215916 Cross-References: * CVE-2023-1206 * CVE-2023-39192 * CVE-2023-39193 * CVE-2023-39194 * CVE-2023-4155 * CVE-2023-42753 * CVE-2023-42754 * CVE-2023-4389 * CVE-2023-4622 * CVE-2023-4623 * CVE-2023-4921 * CVE-2023-5345 CVSS scores: * CVE-2023-1206 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1206 ( NVD ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39192 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H * CVE-2023-39192 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L * CVE-2023-39193 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39193 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39194 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2023-39194 ( NVD ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2023-4155 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-4155 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2023-42753 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-42754 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-42754 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4389 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-4389 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4921 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4921 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5345 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5345 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Real Time Module 15-SP5 An update that solves 12 vulnerabilities and has 12 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861). * CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). * CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858). * CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467). * CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351). * CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215899) * CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150). * CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703). * CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275). * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117). * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). * CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages. (bsc#1214022) The following non-security bugs were fixed: * ALSA: hda/realtek: Splitting the UX3402 into two separate models (git- fixes). * arm64: module-plts: inline linux/moduleloader.h (git-fixes) * arm64: module: Use module_init_layout_section() to spot init sections (git- fixes) * arm64: sdei: abort running SDEI handlers during crash (git-fixes) * arm64: tegra: Update AHUB clock parent and rate (git-fixes) * arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git- fixes) * ASoC: amd: yc: Fix non-functional mic on Lenovo 82QF and 82UG (git-fixes). * ASoC: hdaudio.c: Add missing check for devm_kstrdup (git-fixes). * ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes). * ASoC: meson: spdifin: start hw on dai probe (git-fixes). * ASoC: rt5640: Fix IRQ not being free-ed for HDA jack detect mode (git- fixes). * ASoC: rt5640: Fix sleep in atomic context (git-fixes). * ASoC: rt5640: Revert "Fix sleep in atomic context" (git-fixes). * ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes). * ASoC: SOF: core: Only call sof_ops_free() on remove if the probe was successful (git-fixes). * ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes). * blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986). * blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992). * block/mq-deadline: use correct way to throttling write requests (bsc#1214993). * bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322). * clocksource: hyper-v: Mark hyperv tsc page unencrypted in sev-snp enlightened guest (bsc#1206453). * drivers: hv: Mark percpu hvcall input arg page unencrypted in SEV-SNP enlightened guest (bsc#1206453). * Drivers: hv: vmbus: Bring the post_msg_page back for TDX VMs with the paravisor (bsc#1206453). * Drivers: hv: vmbus: Support >64 VPs for a fully enlightened TDX/SNP VM (bsc#1206453). * Drivers: hv: vmbus: Support fully enlightened TDX guests (bsc#1206453). * drm/ast: Add BMC virtual connector (bsc#1152472) Backporting changes: * rename ast_device to ast_private * drm/ast: report connection status on Display Port. (bsc#1152472) Backporting changes: * rename ast_device to ast_private * context changes * drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808). * drm/meson: fix memory leak on ->hpd_notify callback (git-fixes). * drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes). * drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes). * ext4: avoid potential data overflow in next_linear_group (bsc#1214951). * ext4: correct inline offset when handling xattrs in inode body (bsc#1214950). * ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954). * ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943). * ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944). * ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942). * ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941). * ext4: Remove ext4 locking of moved directory (bsc#1214957). * ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940). * fs: Establish locking order for unrelated directories (bsc#1214958). * fs: Lock moved directories (bsc#1214959). * fs: lockd: avoid possible wrong NULL parameter (git-fixes). * fs: no need to check source (bsc#1215752). * fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581). * gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479). * gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479). * gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479). * gve: Changes to add new TX queues (bsc#1214479). * gve: Control path for DQO-QPL (bsc#1214479). * gve: fix frag_list chaining (bsc#1214479). * gve: Fix gve interrupt names (bsc#1214479). * gve: RX path for DQO-QPL (bsc#1214479). * gve: trivial spell fix Recive to Receive (bsc#1214479). * gve: Tx path for DQO-QPL (bsc#1214479). * gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479). * gve: use vmalloc_array and vcalloc (bsc#1214479). * gve: XDP support GQI-QPL: helper function changes (bsc#1214479). * hwrng: virtio - add an internal buffer (git-fixes). * hwrng: virtio - always add a pending request (git-fixes). * hwrng: virtio - do not wait on cleanup (git-fixes). * hwrng: virtio - do not waste entropy (git-fixes). * hwrng: virtio - Fix race on data_avail and actual data (git-fixes). * i915/pmu: Move execlist stats initialization to execlist specific setup (git-fixes). * iommu/virtio: Detach domain on endpoint release (git-fixes). * iommu/virtio: Return size mapped for a detached domain (git-fixes). * jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953). * jbd2: correct the end of the journal recovery scan range (bsc#1214955). * jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949). * jbd2: fix checkpoint cleanup performance regression (bsc#1214952). * jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948). * jbd2: recheck chechpointing non-dirty buffer (bsc#1214945). * jbd2: remove journal_clean_one_cp_list() (bsc#1214947). * jbd2: remove t_checkpoint_io_list (bsc#1214946). * jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946). * kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template. * kernel-binary: python3 is needed for build At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar scripts may exist. * KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915). * KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896). * KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916). * KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894). * KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895). * KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911). * KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes). * KVM: x86/mmu: Include mmu.h in spte.h (git-fixes). * loop: Fix use-after-free issues (bsc#1214991). * loop: loop_set_status_from_info() check before assignment (bsc#1214990). * module: Expose module_init_layout_section() (git-fixes) * net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes). * net: mana: Add page pool for RX buffers (bsc#1214040). * net: mana: Configure hwc timeout from hardware (bsc#1214037). * net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes). * NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git- fixes). * nfs/blocklayout: Use the passed in gfp flags (git-fixes). * NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes). * NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes). * nfsd: fix change_info in NFSv4 RENAME replies (git-fixes). * nfsd: Fix race to FREE_STATEID and cl_revoked (git-fixes). * NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes). * NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes). * NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes). * NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes). * NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes). * nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543). * nvme-tcp: add recovery_delay to sysfs (bsc#1201284). * nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284). * nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284). * nvme-tcp: make 'err_work' a delayed work (bsc#1201284). * platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git- fixes). * platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes). * platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes). * platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes). * pNFS: Fix assignment of xprtdata.cred (git-fixes). * powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582). * printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875). * quota: add new helper dquot_active() (bsc#1214998). * quota: factor out dquot_write_dquot() (bsc#1214995). * quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963). * quota: fix warning in dqgrab() (bsc#1214962). * quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961). * quota: rename dquot_active() to inode_quota_active() (bsc#1214997). * RDMA/siw: Fabricate a GID on tun and loopback devices (git-fixes) * scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes). * scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git- fixes). * scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes). * scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658). * scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git- fixes). * scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes). * scsi: storvsc: Handle additional SRB status values (git-fixes). * scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941). * selftests: mlxsw: Fix test failure on Spectrum-4 (jsc#PED-1549). * spi: Add TPM HW flow flag (bsc#1213534) * spi: tegra210-quad: Enable TPM wait polling (bsc#1213534) * spi: tegra210-quad: set half duplex flag (bsc#1213534) * SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes). * tpm_tis_spi: Add hardware wait polling (bsc#1213534) * uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes). * udf: Fix extension of the last extent in the file (bsc#1214964). * udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965). * udf: Fix off-by-one error when discarding preallocation (bsc#1214966). * udf: Fix uninitialized array access for some pathnames (bsc#1214967). * Update metadata * usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes). * usb: ehci: move new member has_ci_pec_bug into hole (git-fixes). * vhost_vdpa: fix the crash in unmap a large memory (git-fixes). * vhost-scsi: unbreak any layout for response (git-fixes). * vhost: allow batching hint without size (git-fixes). * vhost: allow batching hint without size (git-fixes). * vhost: fix hung thread due to erroneous iotlb entries (git-fixes). * vhost: handle error while adding split ranges to iotlb (git-fixes). * virtio_net: add checking sq is full inside xdp xmit (git-fixes). * virtio_net: Fix probe failed when modprobe virtio_net (git-fixes). * virtio_net: reorder some funcs (git-fixes). * virtio_net: separate the logic of checking whether sq is full (git-fixes). * virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes). * virtio-blk: set req->state to MQ_RQ_COMPLETE after polling I/O is finished (git-fixes). * virtio-mmio: do not break lifecycle of vm_dev (git-fixes). * virtio-net: fix race between set queues and probe (git-fixes). * virtio-net: set queues after driver_ok (git-fixes). * virtio-rng: make device ready before making request (git-fixes). * virtio: acknowledge all features before access (git-fixes). * vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582). * x86/coco: Allow CPU online/offline for a TDX VM with the paravisor on Hyper-V (bsc#1206453). * x86/coco: Export cc_vendor (bsc#1206453). * x86/hyperv: Add hv_write_efer() for a TDX VM with the paravisor (bsc#1206453). * x86/hyperv: Add hyperv-specific handling for VMMCALL under SEV-ES (bsc#1206453). * x86/hyperv: Add missing 'inline' to hv_snp_boot_ap() stub (bsc#1206453). * x86/hyperv: Add sev-snp enlightened guest static key (bsc#1206453) * x86/hyperv: Add smp support for SEV-SNP guest (bsc#1206453). * x86/hyperv: Add VTL specific structs and hypercalls (bsc#1206453). * x86/hyperv: Fix serial console interrupts for fully enlightened TDX guests (bsc#1206453). * x86/hyperv: Fix undefined reference to isolation_type_en_snp without CONFIG_HYPERV (bsc#1206453). * x86/hyperv: Introduce a global variable hyperv_paravisor_present (bsc#1206453). * x86/hyperv: Mark hv_ghcb_terminate() as noreturn (bsc#1206453). * x86/hyperv: Mark Hyper-V vp assist page unencrypted in SEV-SNP enlightened guest (bsc#1206453). * x86/hyperv: Move the code in ivm.c around to avoid unnecessary ifdef's (bsc#1206453). * x86/hyperv: Remove hv_isolation_type_en_snp (bsc#1206453). * x86/hyperv: Set Virtual Trust Level in VMBus init message (bsc#1206453). * x86/hyperv: Support hypercalls for fully enlightened TDX guests (bsc#1206453). * x86/hyperv: Use TDX GHCI to access some MSRs in a TDX VM with the paravisor (bsc#1206453). * x86/hyperv: Use vmmcall to implement Hyper-V hypercall in sev-snp enlightened guest (bsc#1206453). * x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git- fixes). * x86/srso: Do not probe microcode in a guest (git-fixes). * x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes). * x86/srso: Fix srso_show_state() side effect (git-fixes). * x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes). * xen: remove a confusing comment on auto-translated guest I/O (git-fixes). * xprtrdma: Remap Receive buffers after a reconnect (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4035=1 openSUSE-SLE-15.5-2023-4035=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4035=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4035=1 * SUSE Real Time Module 15-SP5 zypper in -t patch SUSE-SLE-Module-RT-15-SP5-2023-4035=1 ## Package List: * openSUSE Leap 15.5 (noarch) * kernel-source-rt-5.14.21-150500.13.21.1 * kernel-devel-rt-5.14.21-150500.13.21.1 * openSUSE Leap 15.5 (x86_64) * ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.21.1 * reiserfs-kmp-rt-5.14.21-150500.13.21.1 * reiserfs-kmp-rt-debuginfo-5.14.21-150500.13.21.1 * kernel-rt_debug-vdso-5.14.21-150500.13.21.1 * kernel-rt_debug-devel-5.14.21-150500.13.21.1 * ocfs2-kmp-rt-5.14.21-150500.13.21.1 * kernel-rt-extra-debuginfo-5.14.21-150500.13.21.1 * kernel-livepatch-SLE15-SP5-RT_Update_6-debugsource-1-150500.11.3.1 * gfs2-kmp-rt-5.14.21-150500.13.21.1 * kselftests-kmp-rt-5.14.21-150500.13.21.1 * kernel-rt-devel-5.14.21-150500.13.21.1 * kernel-rt_debug-debugsource-5.14.21-150500.13.21.1 * kernel-syms-rt-5.14.21-150500.13.21.1 * kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1 * kernel-rt-optional-5.14.21-150500.13.21.1 * kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.21.1 * kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1 * kernel-rt-livepatch-devel-5.14.21-150500.13.21.1 * kernel-rt-debuginfo-5.14.21-150500.13.21.1 * kselftests-kmp-rt-debuginfo-5.14.21-150500.13.21.1 * dlm-kmp-rt-5.14.21-150500.13.21.1 * cluster-md-kmp-rt-5.14.21-150500.13.21.1 * kernel-livepatch-5_14_21-150500_13_21-rt-debuginfo-1-150500.11.3.1 * dlm-kmp-rt-debuginfo-5.14.21-150500.13.21.1 * kernel-rt-optional-debuginfo-5.14.21-150500.13.21.1 * kernel-rt-devel-debuginfo-5.14.21-150500.13.21.1 * gfs2-kmp-rt-debuginfo-5.14.21-150500.13.21.1 * kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.21.1 * kernel-rt-vdso-5.14.21-150500.13.21.1 * kernel-rt-extra-5.14.21-150500.13.21.1 * kernel-rt_debug-debuginfo-5.14.21-150500.13.21.1 * kernel-rt-livepatch-5.14.21-150500.13.21.1 * cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.21.1 * kernel-rt-vdso-debuginfo-5.14.21-150500.13.21.1 * kernel-rt-debugsource-5.14.21-150500.13.21.1 * openSUSE Leap 15.5 (nosrc x86_64) * kernel-rt_debug-5.14.21-150500.13.21.1 * kernel-rt-5.14.21-150500.13.21.1 * SUSE Linux Enterprise Micro 5.5 (nosrc x86_64) * kernel-rt-5.14.21-150500.13.21.1 * SUSE Linux Enterprise Micro 5.5 (x86_64) * kernel-rt-debuginfo-5.14.21-150500.13.21.1 * kernel-rt-debugsource-5.14.21-150500.13.21.1 * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1 * kernel-livepatch-SLE15-SP5-RT_Update_6-debugsource-1-150500.11.3.1 * kernel-livepatch-5_14_21-150500_13_21-rt-debuginfo-1-150500.11.3.1 * SUSE Real Time Module 15-SP5 (x86_64) * ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.21.1 * kernel-rt_debug-vdso-5.14.21-150500.13.21.1 * kernel-rt_debug-devel-5.14.21-150500.13.21.1 * ocfs2-kmp-rt-5.14.21-150500.13.21.1 * gfs2-kmp-rt-5.14.21-150500.13.21.1 * kernel-rt-vdso-debuginfo-5.14.21-150500.13.21.1 * kernel-rt-devel-5.14.21-150500.13.21.1 * kernel-syms-rt-5.14.21-150500.13.21.1 * kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.21.1 * kernel-rt-debuginfo-5.14.21-150500.13.21.1 * dlm-kmp-rt-5.14.21-150500.13.21.1 * cluster-md-kmp-rt-5.14.21-150500.13.21.1 * dlm-kmp-rt-debuginfo-5.14.21-150500.13.21.1 * kernel-rt-devel-debuginfo-5.14.21-150500.13.21.1 * gfs2-kmp-rt-debuginfo-5.14.21-150500.13.21.1 * kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.21.1 * kernel-rt-vdso-5.14.21-150500.13.21.1 * kernel-rt_debug-debuginfo-5.14.21-150500.13.21.1 * cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.21.1 * kernel-rt_debug-debugsource-5.14.21-150500.13.21.1 * kernel-rt-debugsource-5.14.21-150500.13.21.1 * SUSE Real Time Module 15-SP5 (noarch) * kernel-source-rt-5.14.21-150500.13.21.1 * kernel-devel-rt-5.14.21-150500.13.21.1 * SUSE Real Time Module 15-SP5 (nosrc x86_64) * kernel-rt_debug-5.14.21-150500.13.21.1 * kernel-rt-5.14.21-150500.13.21.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1206.html * https://www.suse.com/security/cve/CVE-2023-39192.html * https://www.suse.com/security/cve/CVE-2023-39193.html * https://www.suse.com/security/cve/CVE-2023-39194.html * https://www.suse.com/security/cve/CVE-2023-4155.html * https://www.suse.com/security/cve/CVE-2023-42753.html * https://www.suse.com/security/cve/CVE-2023-42754.html * https://www.suse.com/security/cve/CVE-2023-4389.html * https://www.suse.com/security/cve/CVE-2023-4622.html * https://www.suse.com/security/cve/CVE-2023-4623.html * https://www.suse.com/security/cve/CVE-2023-4921.html * https://www.suse.com/security/cve/CVE-2023-5345.html * https://bugzilla.suse.com/show_bug.cgi?id=1152472 * https://bugzilla.suse.com/show_bug.cgi?id=1202845 * https://bugzilla.suse.com/show_bug.cgi?id=1206453 * https://bugzilla.suse.com/show_bug.cgi?id=1213808 * https://bugzilla.suse.com/show_bug.cgi?id=1214941 * https://bugzilla.suse.com/show_bug.cgi?id=1214942 * https://bugzilla.suse.com/show_bug.cgi?id=1214943 * https://bugzilla.suse.com/show_bug.cgi?id=1214944 * https://bugzilla.suse.com/show_bug.cgi?id=1214950 * https://bugzilla.suse.com/show_bug.cgi?id=1214951 * https://bugzilla.suse.com/show_bug.cgi?id=1214954 * https://bugzilla.suse.com/show_bug.cgi?id=1214957 * https://bugzilla.suse.com/show_bug.cgi?id=1214986 * https://bugzilla.suse.com/show_bug.cgi?id=1214992 * https://bugzilla.suse.com/show_bug.cgi?id=1214993 * https://bugzilla.suse.com/show_bug.cgi?id=1215322 * https://bugzilla.suse.com/show_bug.cgi?id=1215523 * https://bugzilla.suse.com/show_bug.cgi?id=1215877 * https://bugzilla.suse.com/show_bug.cgi?id=1215894 * https://bugzilla.suse.com/show_bug.cgi?id=1215895 * https://bugzilla.suse.com/show_bug.cgi?id=1215896 * https://bugzilla.suse.com/show_bug.cgi?id=1215911 * https://bugzilla.suse.com/show_bug.cgi?id=1215915 * https://bugzilla.suse.com/show_bug.cgi?id=1215916 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 10 16:36:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 16:36:38 -0000 Subject: SUSE-SU-2023:4031-1: important: Security update for the Linux Kernel Message-ID: <169695579861.11211.380780706953834268@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4031-1 Rating: important References: * #1065729 * #1109837 * #1152446 * #1154048 * #1207168 * #1208995 * #1210169 * #1212703 * #1213016 * #1214157 * #1214380 * #1214386 * #1214586 * #1214940 * #1214943 * #1214945 * #1214946 * #1214948 * #1214949 * #1214950 * #1214952 * #1214953 * #1214961 * #1214962 * #1214964 * #1214965 * #1214966 * #1214967 * #1215115 * #1215117 * #1215121 * #1215122 * #1215136 * #1215149 * #1215152 * #1215162 * #1215164 * #1215165 * #1215207 * #1215221 * #1215275 * #1215299 * #1215467 * #1215607 * #1215634 * #1215858 * #1215860 * #1215861 * #1215877 * #1215897 * #1215898 * #1215954 * PED-5021 Cross-References: * CVE-2020-36766 * CVE-2023-0394 * CVE-2023-1192 * CVE-2023-1206 * CVE-2023-1859 * CVE-2023-39192 * CVE-2023-39193 * CVE-2023-39194 * CVE-2023-42754 * CVE-2023-4622 * CVE-2023-4623 * CVE-2023-4881 * CVE-2023-4921 CVSS scores: * CVE-2020-36766 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2020-36766 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-0394 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0394 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1192 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1206 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1206 ( NVD ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1859 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L * CVE-2023-1859 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39192 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H * CVE-2023-39192 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L * CVE-2023-39193 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39193 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39194 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2023-39194 ( NVD ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2023-42754 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-42754 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4881 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-4881 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2023-4921 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4921 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Availability Extension 12 SP5 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves 13 vulnerabilities, contains one feature and has 39 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858). * CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). * CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861). * CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467). * CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table which could be exploited by network adjacent attackers, increasing CPU usage by 95% (bsc#1212703). * CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalation (bsc#1215275). * CVE-2023-0394: Fixed a NULL pointer dereference in the IPv6 stack that could lead to denial of service (bsc#1207168). * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117). * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). * CVE-2020-36766: Fixed a potential information leak in in the CEC driver (bsc#1215299). * CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169). * CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). * CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995). The following non-security bugs were fixed: * 9p/trans_virtio: Remove sysfs file on probe failure (git-fixes). * Drivers: hv: vmbus: Do not dereference ACPI root object handle (git-fixes). * Input: psmouse - fix OOB access in Elantech protocol (git-fixes). * Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (git-fixes). * Input: xpad - add constants for GIP interface numbers (git-fixes). * Input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes). * KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215897). * KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215898). * NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes). * NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes). * README: update rebuilding information (jsc#PED-5021). * USB: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes). * USB: serial: option: add Quectel EM05G variant (0x030e) (git-fixes). * VSOCK: handle VIRTIO_VSOCK_OP_CREDIT_REQUEST (git-fixes). * arm64: insn: Fix ldadd instruction encoding (git-fixes) * arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes) * blacklist.conf: workqueue: compiler warning on 32-bit systems with Clang (bsc#1215877) * blk-mq: Add blk_mq_delay_run_hw_queues() API call (bsc#1214586). * blk-mq: In blk_mq_dispatch_rq_list() "no budget" is a reason to kick (bsc#1214586). * blk-mq: Rerun dispatching in the case of budget contention (bsc#1214586). * btrfs: output extra debug info on failure (bsc#1215136). * config: do not incorrectly set CONFIG_BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380). * direct-io: allow direct writes to empty inodes (bsc#1215164). * drm/ast: Fix DRAM init on AST2200 (bsc#1152446) * drm/client: Fix memory leak in drm_client_target_cloned (bsc#1152446). * drm/client: Send hotplug event after registering a client (bsc#1152446). * drm/virtio: Fix GEM handle creation UAF (git-fixes). * drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git- fixes). * ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016). * ext4: correct inline offset when handling xattrs in inode body (bsc#1214950). * ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943). * ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940). * fbcon: Fix null-ptr-deref in soft_cursor (bsc#1154048). * fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe (bsc#1154048) * fbdev: imxfb: warn about invalid left/right margin (bsc#1154048) * fbdev: modedb: Add 1920x1080 at 60 Hz video mode (bsc#1154048) * fbdev: omapfb: lcd_mipid: Fix an error handling path in (bsc#1154048). * firmware: raspberrypi: Introduce devm_rpi_firmware_get() (git-fixes). * firmware: raspberrypi: Keep count of all consumers (git-fixes). * firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() (git-fixes). * fs: avoid softlockups in s_inodes iterators (bsc#1215165). * fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215607). * hv_utils: Fix passing zero to 'PTR_ERR' warning (git-fixes). * idr: fix param name in idr_alloc_cyclic() doc (bsc#1109837). * jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948). * jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953). * jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949). * jbd2: fix checkpoint cleanup performance regression (bsc#1214952). * jbd2: recheck chechpointing non-dirty buffer (bsc#1214945). * jbd2: remove t_checkpoint_io_list (bsc#1214946). * jbd2: remove unused function '__cp_buffer_busy' (bsc#1215162). * jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946). * jbd2: simplify journal_clean_one_cp_list() (bsc#1215207). * media: b2c2: Add missing check in flexcop_pci_isr: (git-fixes). * media: cec-notifier: clear cec_adap in cec_notifier_unregister (git-fixes). * media: cec: copy sequence field for the reply (git-fixes). * media: cec: integrate cec_validate_phys_addr() in cec-api.c (git-fixes). * media: cec: make cec_get_edid_spa_location() an inline function (git-fixes). * media: flexcop-usb: fix NULL-ptr deref in flexcop_usb_transfer_init() (git- fixes). * media: mceusb: return without resubmitting URB in case of -EPROTO error (git-fixes). * media: s5p_cec: decrement usage count if disabled (git-fixes). * media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds (git-fixes). * mkspec: Allow unsupported KMPs (bsc#1214386) * net/mlx5: Fix size field in bufferx_reg struct (git-fixes). * net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes). * net: check if protocol extracted by virtio_net_hdr_set_proto is correct (git-fixes). * net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes). * net: ensure mac header is set in virtio_net_hdr_to_skb() (git-fixes). * net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null (git-fixes). * net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes). * net: virtio_vsock: Enhance connection semantics (git-fixes). * nfsd: fix change_info in NFSv4 RENAME replies (git-fixes). * powerpc/64s/exception: machine check use correct cfar for late handler (bsc#1065729). * powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729). * powerpc/xics: Remove unnecessary endian conversion (bsc#1065729). * quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961). * quota: fix warning in dqgrab() (bsc#1214962). * remoteproc: Add missing '\n' in log messages (git-fixes). * remoteproc: Fix NULL pointer dereference in rproc_virtio_notify (git-fixes). * s390/dasd: fix hanging device after request requeue (LTC#203632 bsc#1215121). * s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215152). * s390: add z16 elf platform (LTC#203790 bsc#1215954). * scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git- fixes). * scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes). * scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN (git-fixes bsc#1215149). * tools/virtio: fix the vringh test for virtio ring changes (git-fixes). * tracing: Reverse the order of trace_types_lock and event_mutex (git-fixes bsc#1215634). * udf: Fix extension of the last extent in the file (bsc#1214964). * udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965). * udf: Fix off-by-one error when discarding preallocation (bsc#1214966). * udf: Fix uninitialized array access for some pathnames (bsc#1214967). * usb: typec: altmodes/displayport: Add pin assignment helper (git-fixes). * usb: typec: altmodes/displayport: Fix pin assignment calculation (git- fixes). * vhost/net: Clear the pending messages when the backend is removed (git- fixes). * vhost/test: stop device before reset (git-fixes). * vhost/vsock: Fix error handling in vhost_vsock_init() (git-fixes). * vhost: Do not call access_ok() when using IOTLB (git-fixes). * vhost: Fix vhost_vq_reset() (git-fixes). * vhost: Use vhost_get_used_size() in vhost_vring_set_addr() (git-fixes). * vhost: fix range used in translate_desc() (git-fixes). * vhost: introduce helpers to get the size of metadata area (git-fixes). * vhost: missing __user tags (git-fixes). * vhost: vsock: kick send_pkt worker once device is started (git-fixes). * vhost_net: fix ubuf refcount incorrectly when sendmsg fails (git-fixes). * virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes). * virtio-gpu: fix possible memory allocation failure (git-fixes). * virtio-net: execute xdp_do_flush() before napi_complete_done() (git-fixes). * virtio-net: fix race between ndo_open() and virtio_device_ready() (git- fixes). * virtio-net: fix race between set queues and probe (git-fixes). * virtio-net: fix the race between refill work and close (git-fixes). * virtio-net: set queues after driver_ok (git-fixes). * virtio-rng: make device ready before making request (git-fixes). * virtio: acknowledge all features before access (git-fixes). * virtio_balloon: prevent pfn array overflow (git-fixes). * virtio_mmio: Add missing PM calls to freeze/restore (git-fixes). * virtio_mmio: Restore guest page size on resume (git-fixes). * virtio_net: Fix probe failed when modprobe virtio_net (git-fixes). * virtio_net: Remove BUG() to avoid machine dead (git-fixes). * virtio_net: add checking sq is full inside xdp xmit (git-fixes). * virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes). * virtio_net: reorder some funcs (git-fixes). * virtio_net: separate the logic of checking whether sq is full (git-fixes). * virtio_net: suppress cpu stall when free_unused_bufs (git-fixes). * virtio_pci: Support surprise removal of virtio pci device (git-fixes). * virtio_pci_modern: Fix the comment of virtio_pci_find_capability() (git- fixes). * virtio_ring: Avoid loop when vq is broken in virtqueue_poll (git-fixes). * vringh: Fix loop descriptors check in the indirect cases (git-fixes). * vsock/virtio: avoid potential deadlock when vsock device remove (git-fixes). * vsock/virtio: enable VQs early on probe (git-fixes). * vsock/virtio: free queued packets when closing socket (git-fixes). * vsock/virtio: update credit only if socket is not closed (git-fixes). * word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729). * x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails (git-fixes). * x86/srso: Do not probe microcode in a guest (git-fixes). * x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes). * x86/srso: Fix srso_show_state() side effect (git-fixes). * x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes). * xen: remove a confusing comment on auto-translated guest I/O (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-4031=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4031=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4031=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4031=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4031=1 SUSE-SLE- HA-12-SP5-2023-4031=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-4031=1 * SUSE Linux Enterprise High Availability Extension 12 SP5 zypper in -t patch SUSE-SLE-HA-12-SP5-2023-4031=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (nosrc) * kernel-default-4.12.14-122.179.1 * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kernel-default-debuginfo-4.12.14-122.179.1 * kernel-default-kgraft-devel-4.12.14-122.179.1 * kernel-default-debugsource-4.12.14-122.179.1 * kernel-default-kgraft-4.12.14-122.179.1 * kgraft-patch-4_12_14-122_179-default-1-8.3.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch nosrc) * kernel-docs-4.12.14-122.179.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-4.12.14-122.179.1 * kernel-obs-build-debugsource-4.12.14-122.179.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 nosrc x86_64) * kernel-default-4.12.14-122.179.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * kernel-default-debuginfo-4.12.14-122.179.1 * kernel-default-base-debuginfo-4.12.14-122.179.1 * kernel-default-devel-4.12.14-122.179.1 * kernel-default-base-4.12.14-122.179.1 * kernel-default-debugsource-4.12.14-122.179.1 * kernel-syms-4.12.14-122.179.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * kernel-source-4.12.14-122.179.1 * kernel-macros-4.12.14-122.179.1 * kernel-devel-4.12.14-122.179.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * kernel-default-devel-debuginfo-4.12.14-122.179.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-4.12.14-122.179.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * kernel-default-debuginfo-4.12.14-122.179.1 * kernel-default-base-debuginfo-4.12.14-122.179.1 * kernel-default-devel-4.12.14-122.179.1 * kernel-default-base-4.12.14-122.179.1 * kernel-default-debugsource-4.12.14-122.179.1 * kernel-syms-4.12.14-122.179.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * kernel-source-4.12.14-122.179.1 * kernel-macros-4.12.14-122.179.1 * kernel-devel-4.12.14-122.179.1 * SUSE Linux Enterprise Server 12 SP5 (s390x) * kernel-default-man-4.12.14-122.179.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * kernel-default-devel-debuginfo-4.12.14-122.179.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc ppc64le x86_64) * kernel-default-4.12.14-122.179.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * ocfs2-kmp-default-4.12.14-122.179.1 * kernel-default-debuginfo-4.12.14-122.179.1 * kernel-default-base-debuginfo-4.12.14-122.179.1 * ocfs2-kmp-default-debuginfo-4.12.14-122.179.1 * kernel-default-devel-4.12.14-122.179.1 * gfs2-kmp-default-debuginfo-4.12.14-122.179.1 * cluster-md-kmp-default-4.12.14-122.179.1 * cluster-md-kmp-default-debuginfo-4.12.14-122.179.1 * dlm-kmp-default-4.12.14-122.179.1 * kernel-default-base-4.12.14-122.179.1 * dlm-kmp-default-debuginfo-4.12.14-122.179.1 * kernel-default-debugsource-4.12.14-122.179.1 * kernel-syms-4.12.14-122.179.1 * gfs2-kmp-default-4.12.14-122.179.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * kernel-source-4.12.14-122.179.1 * kernel-macros-4.12.14-122.179.1 * kernel-devel-4.12.14-122.179.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * kernel-default-devel-debuginfo-4.12.14-122.179.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (nosrc) * kernel-default-4.12.14-122.179.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * kernel-default-debugsource-4.12.14-122.179.1 * kernel-default-extra-debuginfo-4.12.14-122.179.1 * kernel-default-debuginfo-4.12.14-122.179.1 * kernel-default-extra-4.12.14-122.179.1 * SUSE Linux Enterprise High Availability Extension 12 SP5 (ppc64le s390x x86_64) * ocfs2-kmp-default-4.12.14-122.179.1 * kernel-default-debuginfo-4.12.14-122.179.1 * ocfs2-kmp-default-debuginfo-4.12.14-122.179.1 * gfs2-kmp-default-debuginfo-4.12.14-122.179.1 * dlm-kmp-default-4.12.14-122.179.1 * cluster-md-kmp-default-4.12.14-122.179.1 * cluster-md-kmp-default-debuginfo-4.12.14-122.179.1 * dlm-kmp-default-debuginfo-4.12.14-122.179.1 * kernel-default-debugsource-4.12.14-122.179.1 * gfs2-kmp-default-4.12.14-122.179.1 * SUSE Linux Enterprise High Availability Extension 12 SP5 (nosrc) * kernel-default-4.12.14-122.179.1 ## References: * https://www.suse.com/security/cve/CVE-2020-36766.html * https://www.suse.com/security/cve/CVE-2023-0394.html * https://www.suse.com/security/cve/CVE-2023-1192.html * https://www.suse.com/security/cve/CVE-2023-1206.html * https://www.suse.com/security/cve/CVE-2023-1859.html * https://www.suse.com/security/cve/CVE-2023-39192.html * https://www.suse.com/security/cve/CVE-2023-39193.html * https://www.suse.com/security/cve/CVE-2023-39194.html * https://www.suse.com/security/cve/CVE-2023-42754.html * https://www.suse.com/security/cve/CVE-2023-4622.html * https://www.suse.com/security/cve/CVE-2023-4623.html * https://www.suse.com/security/cve/CVE-2023-4881.html * https://www.suse.com/security/cve/CVE-2023-4921.html * https://bugzilla.suse.com/show_bug.cgi?id=1065729 * https://bugzilla.suse.com/show_bug.cgi?id=1109837 * https://bugzilla.suse.com/show_bug.cgi?id=1152446 * https://bugzilla.suse.com/show_bug.cgi?id=1154048 * https://bugzilla.suse.com/show_bug.cgi?id=1207168 * https://bugzilla.suse.com/show_bug.cgi?id=1208995 * https://bugzilla.suse.com/show_bug.cgi?id=1210169 * https://bugzilla.suse.com/show_bug.cgi?id=1212703 * https://bugzilla.suse.com/show_bug.cgi?id=1213016 * https://bugzilla.suse.com/show_bug.cgi?id=1214157 * https://bugzilla.suse.com/show_bug.cgi?id=1214380 * https://bugzilla.suse.com/show_bug.cgi?id=1214386 * https://bugzilla.suse.com/show_bug.cgi?id=1214586 * https://bugzilla.suse.com/show_bug.cgi?id=1214940 * https://bugzilla.suse.com/show_bug.cgi?id=1214943 * https://bugzilla.suse.com/show_bug.cgi?id=1214945 * https://bugzilla.suse.com/show_bug.cgi?id=1214946 * https://bugzilla.suse.com/show_bug.cgi?id=1214948 * https://bugzilla.suse.com/show_bug.cgi?id=1214949 * https://bugzilla.suse.com/show_bug.cgi?id=1214950 * https://bugzilla.suse.com/show_bug.cgi?id=1214952 * https://bugzilla.suse.com/show_bug.cgi?id=1214953 * https://bugzilla.suse.com/show_bug.cgi?id=1214961 * https://bugzilla.suse.com/show_bug.cgi?id=1214962 * https://bugzilla.suse.com/show_bug.cgi?id=1214964 * https://bugzilla.suse.com/show_bug.cgi?id=1214965 * https://bugzilla.suse.com/show_bug.cgi?id=1214966 * https://bugzilla.suse.com/show_bug.cgi?id=1214967 * https://bugzilla.suse.com/show_bug.cgi?id=1215115 * https://bugzilla.suse.com/show_bug.cgi?id=1215117 * https://bugzilla.suse.com/show_bug.cgi?id=1215121 * https://bugzilla.suse.com/show_bug.cgi?id=1215122 * https://bugzilla.suse.com/show_bug.cgi?id=1215136 * https://bugzilla.suse.com/show_bug.cgi?id=1215149 * https://bugzilla.suse.com/show_bug.cgi?id=1215152 * https://bugzilla.suse.com/show_bug.cgi?id=1215162 * https://bugzilla.suse.com/show_bug.cgi?id=1215164 * https://bugzilla.suse.com/show_bug.cgi?id=1215165 * https://bugzilla.suse.com/show_bug.cgi?id=1215207 * https://bugzilla.suse.com/show_bug.cgi?id=1215221 * https://bugzilla.suse.com/show_bug.cgi?id=1215275 * https://bugzilla.suse.com/show_bug.cgi?id=1215299 * https://bugzilla.suse.com/show_bug.cgi?id=1215467 * https://bugzilla.suse.com/show_bug.cgi?id=1215607 * https://bugzilla.suse.com/show_bug.cgi?id=1215634 * https://bugzilla.suse.com/show_bug.cgi?id=1215858 * https://bugzilla.suse.com/show_bug.cgi?id=1215860 * https://bugzilla.suse.com/show_bug.cgi?id=1215861 * https://bugzilla.suse.com/show_bug.cgi?id=1215877 * https://bugzilla.suse.com/show_bug.cgi?id=1215897 * https://bugzilla.suse.com/show_bug.cgi?id=1215898 * https://bugzilla.suse.com/show_bug.cgi?id=1215954 * https://jira.suse.com/browse/PED-5021 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 10 16:36:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 16:36:42 -0000 Subject: SUSE-SU-2023:4030-1: important: Security update for the Linux Kernel Message-ID: <169695580267.11211.17619040005400224093@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4030-1 Rating: important References: * #1207036 * #1208995 * #1210169 * #1210643 * #1212703 * #1214233 * #1214351 * #1214380 * #1214386 * #1215115 * #1215117 * #1215150 * #1215221 * #1215275 * #1215299 Cross-References: * CVE-2020-36766 * CVE-2023-1192 * CVE-2023-1206 * CVE-2023-1859 * CVE-2023-2177 * CVE-2023-23454 * CVE-2023-40283 * CVE-2023-42753 * CVE-2023-4389 * CVE-2023-4622 * CVE-2023-4623 * CVE-2023-4881 * CVE-2023-4921 CVSS scores: * CVE-2020-36766 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2020-36766 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-1192 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1206 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1206 ( NVD ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1859 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L * CVE-2023-1859 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2177 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2177 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-40283 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-40283 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-42753 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4389 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-4389 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4881 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-4881 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2023-4921 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4921 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Availability Extension 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Manager Proxy 4.1 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Server 4.1 An update that solves 13 vulnerabilities and has two security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351). * CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150). * CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table which could be exploited by network adjacent attackers, increasing CPU usage by 95% (bsc#1212703). * CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275). * CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036). * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117). * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). * CVE-2020-36766: Fixed a potential information leak in in the CEC driver (bsc#1215299). * CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169). * CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system (bsc#1210643). * CVE-2023-4881: Fixed an out-of-bounds write flaw in the netfilter subsystem that could lead to information disclosure or denial of service (bsc#1215221). * CVE-2023-40283: Fixed a use-after-free issue in the Bluetooth subsystem (bsc#1214233). * CVE-2023-1192: Fixed a use-after-free in the CIFS subsystem (bsc#1208995). The following non-security bugs were fixed: * check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380). * mkspec: Allow unsupported KMPs (bsc#1214386) * rpm/mkspec-dtb: support for nested subdirs. * x86/srso: Do not probe microcode in a guest (git-fixes). * x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes). * x86/srso: Fix srso_show_state() side effect (git-fixes). * x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-4030=1 * SUSE Linux Enterprise High Availability Extension 15 SP2 zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-4030=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4030=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4030=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4030=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (nosrc) * kernel-default-5.3.18-150200.24.166.1 * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-default-livepatch-5.3.18-150200.24.166.1 * kernel-livepatch-SLE15-SP2_Update_41-debugsource-1-150200.5.3.1 * kernel-default-livepatch-devel-5.3.18-150200.24.166.1 * kernel-default-debuginfo-5.3.18-150200.24.166.1 * kernel-livepatch-5_3_18-150200_24_166-default-1-150200.5.3.1 * kernel-livepatch-5_3_18-150200_24_166-default-debuginfo-1-150200.5.3.1 * kernel-default-debugsource-5.3.18-150200.24.166.1 * SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64) * dlm-kmp-default-debuginfo-5.3.18-150200.24.166.1 * gfs2-kmp-default-debuginfo-5.3.18-150200.24.166.1 * gfs2-kmp-default-5.3.18-150200.24.166.1 * kernel-default-debuginfo-5.3.18-150200.24.166.1 * cluster-md-kmp-default-debuginfo-5.3.18-150200.24.166.1 * ocfs2-kmp-default-5.3.18-150200.24.166.1 * cluster-md-kmp-default-5.3.18-150200.24.166.1 * dlm-kmp-default-5.3.18-150200.24.166.1 * kernel-default-debugsource-5.3.18-150200.24.166.1 * ocfs2-kmp-default-debuginfo-5.3.18-150200.24.166.1 * SUSE Linux Enterprise High Availability Extension 15 SP2 (nosrc) * kernel-default-5.3.18-150200.24.166.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64) * kernel-default-5.3.18-150200.24.166.1 * kernel-preempt-5.3.18-150200.24.166.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * kernel-obs-build-debugsource-5.3.18-150200.24.166.1 * kernel-preempt-debugsource-5.3.18-150200.24.166.1 * kernel-preempt-devel-debuginfo-5.3.18-150200.24.166.1 * kernel-syms-5.3.18-150200.24.166.1 * kernel-default-devel-5.3.18-150200.24.166.1 * kernel-default-devel-debuginfo-5.3.18-150200.24.166.1 * kernel-default-debuginfo-5.3.18-150200.24.166.1 * kernel-preempt-devel-5.3.18-150200.24.166.1 * kernel-default-base-5.3.18-150200.24.166.1.150200.9.83.1 * kernel-obs-build-5.3.18-150200.24.166.1 * kernel-default-debugsource-5.3.18-150200.24.166.1 * kernel-preempt-debuginfo-5.3.18-150200.24.166.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * kernel-source-5.3.18-150200.24.166.1 * kernel-devel-5.3.18-150200.24.166.1 * kernel-macros-5.3.18-150200.24.166.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch nosrc) * kernel-docs-5.3.18-150200.24.166.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.3.18-150200.24.166.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * reiserfs-kmp-default-debuginfo-5.3.18-150200.24.166.1 * kernel-obs-build-debugsource-5.3.18-150200.24.166.1 * reiserfs-kmp-default-5.3.18-150200.24.166.1 * kernel-syms-5.3.18-150200.24.166.1 * kernel-default-devel-5.3.18-150200.24.166.1 * kernel-default-devel-debuginfo-5.3.18-150200.24.166.1 * kernel-default-debuginfo-5.3.18-150200.24.166.1 * kernel-default-base-5.3.18-150200.24.166.1.150200.9.83.1 * kernel-obs-build-5.3.18-150200.24.166.1 * kernel-default-debugsource-5.3.18-150200.24.166.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * kernel-source-5.3.18-150200.24.166.1 * kernel-devel-5.3.18-150200.24.166.1 * kernel-macros-5.3.18-150200.24.166.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch nosrc) * kernel-docs-5.3.18-150200.24.166.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150200.24.166.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * kernel-preempt-devel-5.3.18-150200.24.166.1 * kernel-preempt-debugsource-5.3.18-150200.24.166.1 * kernel-preempt-debuginfo-5.3.18-150200.24.166.1 * kernel-preempt-devel-debuginfo-5.3.18-150200.24.166.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc ppc64le x86_64) * kernel-default-5.3.18-150200.24.166.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * reiserfs-kmp-default-debuginfo-5.3.18-150200.24.166.1 * kernel-obs-build-debugsource-5.3.18-150200.24.166.1 * reiserfs-kmp-default-5.3.18-150200.24.166.1 * kernel-syms-5.3.18-150200.24.166.1 * kernel-default-devel-5.3.18-150200.24.166.1 * kernel-default-devel-debuginfo-5.3.18-150200.24.166.1 * kernel-default-debuginfo-5.3.18-150200.24.166.1 * kernel-default-base-5.3.18-150200.24.166.1.150200.9.83.1 * kernel-obs-build-5.3.18-150200.24.166.1 * kernel-default-debugsource-5.3.18-150200.24.166.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * kernel-source-5.3.18-150200.24.166.1 * kernel-devel-5.3.18-150200.24.166.1 * kernel-macros-5.3.18-150200.24.166.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch nosrc) * kernel-docs-5.3.18-150200.24.166.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc x86_64) * kernel-preempt-5.3.18-150200.24.166.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * kernel-preempt-devel-5.3.18-150200.24.166.1 * kernel-preempt-debugsource-5.3.18-150200.24.166.1 * kernel-preempt-debuginfo-5.3.18-150200.24.166.1 * kernel-preempt-devel-debuginfo-5.3.18-150200.24.166.1 ## References: * https://www.suse.com/security/cve/CVE-2020-36766.html * https://www.suse.com/security/cve/CVE-2023-1192.html * https://www.suse.com/security/cve/CVE-2023-1206.html * https://www.suse.com/security/cve/CVE-2023-1859.html * https://www.suse.com/security/cve/CVE-2023-2177.html * https://www.suse.com/security/cve/CVE-2023-23454.html * https://www.suse.com/security/cve/CVE-2023-40283.html * https://www.suse.com/security/cve/CVE-2023-42753.html * https://www.suse.com/security/cve/CVE-2023-4389.html * https://www.suse.com/security/cve/CVE-2023-4622.html * https://www.suse.com/security/cve/CVE-2023-4623.html * https://www.suse.com/security/cve/CVE-2023-4881.html * https://www.suse.com/security/cve/CVE-2023-4921.html * https://bugzilla.suse.com/show_bug.cgi?id=1207036 * https://bugzilla.suse.com/show_bug.cgi?id=1208995 * https://bugzilla.suse.com/show_bug.cgi?id=1210169 * https://bugzilla.suse.com/show_bug.cgi?id=1210643 * https://bugzilla.suse.com/show_bug.cgi?id=1212703 * https://bugzilla.suse.com/show_bug.cgi?id=1214233 * https://bugzilla.suse.com/show_bug.cgi?id=1214351 * https://bugzilla.suse.com/show_bug.cgi?id=1214380 * https://bugzilla.suse.com/show_bug.cgi?id=1214386 * https://bugzilla.suse.com/show_bug.cgi?id=1215115 * https://bugzilla.suse.com/show_bug.cgi?id=1215117 * https://bugzilla.suse.com/show_bug.cgi?id=1215150 * https://bugzilla.suse.com/show_bug.cgi?id=1215221 * https://bugzilla.suse.com/show_bug.cgi?id=1215275 * https://bugzilla.suse.com/show_bug.cgi?id=1215299 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 10 16:36:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 16:36:44 -0000 Subject: SUSE-SU-2023:4040-1: moderate: Security update for samba Message-ID: <169695580471.11211.860145635552598143@smelt2.prg2.suse.org> # Security update for samba Announcement ID: SUSE-SU-2023:4040-1 Rating: moderate References: * #1215904 Cross-References: * CVE-2023-4091 CVSS scores: * CVE-2023-4091 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: * SUSE Linux Enterprise High Availability Extension 12 SP5 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for samba fixes the following issues: * CVE-2023-4091: Fixed a bug where a client can truncate file with read-only permissions. (bsc#1215904) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4040=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4040=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4040=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4040=1 SUSE-SLE- HA-12-SP5-2023-4040=1 * SUSE Linux Enterprise High Availability Extension 12 SP5 zypper in -t patch SUSE-SLE-HA-12-SP5-2023-4040=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libsamba-policy-devel-4.15.13+git.625.ac658f2f12-3.88.1 * samba-debuginfo-4.15.13+git.625.ac658f2f12-3.88.1 * samba-devel-4.15.13+git.625.ac658f2f12-3.88.1 * samba-debugsource-4.15.13+git.625.ac658f2f12-3.88.1 * libsamba-policy-python3-devel-4.15.13+git.625.ac658f2f12-3.88.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (s390x x86_64) * samba-devel-32bit-4.15.13+git.625.ac658f2f12-3.88.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * samba-python3-debuginfo-4.15.13+git.625.ac658f2f12-3.88.1 * samba-client-libs-debuginfo-4.15.13+git.625.ac658f2f12-3.88.1 * samba-libs-4.15.13+git.625.ac658f2f12-3.88.1 * samba-tool-4.15.13+git.625.ac658f2f12-3.88.1 * samba-client-debuginfo-4.15.13+git.625.ac658f2f12-3.88.1 * samba-ldb-ldap-debuginfo-4.15.13+git.625.ac658f2f12-3.88.1 * samba-client-4.15.13+git.625.ac658f2f12-3.88.1 * samba-libs-python3-debuginfo-4.15.13+git.625.ac658f2f12-3.88.1 * samba-ldb-ldap-4.15.13+git.625.ac658f2f12-3.88.1 * samba-debuginfo-4.15.13+git.625.ac658f2f12-3.88.1 * samba-python3-4.15.13+git.625.ac658f2f12-3.88.1 * samba-libs-debuginfo-4.15.13+git.625.ac658f2f12-3.88.1 * samba-libs-python3-4.15.13+git.625.ac658f2f12-3.88.1 * samba-4.15.13+git.625.ac658f2f12-3.88.1 * samba-winbind-debuginfo-4.15.13+git.625.ac658f2f12-3.88.1 * samba-client-libs-4.15.13+git.625.ac658f2f12-3.88.1 * libsamba-policy0-python3-4.15.13+git.625.ac658f2f12-3.88.1 * libsamba-policy0-python3-debuginfo-4.15.13+git.625.ac658f2f12-3.88.1 * samba-winbind-libs-debuginfo-4.15.13+git.625.ac658f2f12-3.88.1 * samba-winbind-4.15.13+git.625.ac658f2f12-3.88.1 * samba-winbind-libs-4.15.13+git.625.ac658f2f12-3.88.1 * samba-debugsource-4.15.13+git.625.ac658f2f12-3.88.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64) * samba-devel-4.15.13+git.625.ac658f2f12-3.88.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * samba-doc-4.15.13+git.625.ac658f2f12-3.88.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * samba-client-libs-debuginfo-32bit-4.15.13+git.625.ac658f2f12-3.88.1 * samba-client-32bit-4.15.13+git.625.ac658f2f12-3.88.1 * libsamba-policy0-python3-32bit-4.15.13+git.625.ac658f2f12-3.88.1 * samba-client-debuginfo-32bit-4.15.13+git.625.ac658f2f12-3.88.1 * samba-client-libs-32bit-4.15.13+git.625.ac658f2f12-3.88.1 * samba-libs-debuginfo-32bit-4.15.13+git.625.ac658f2f12-3.88.1 * samba-libs-python3-32bit-4.15.13+git.625.ac658f2f12-3.88.1 * samba-libs-python3-debuginfo-32bit-4.15.13+git.625.ac658f2f12-3.88.1 * samba-winbind-libs-32bit-4.15.13+git.625.ac658f2f12-3.88.1 * samba-winbind-libs-debuginfo-32bit-4.15.13+git.625.ac658f2f12-3.88.1 * samba-libs-32bit-4.15.13+git.625.ac658f2f12-3.88.1 * libsamba-policy0-python3-debuginfo-32bit-4.15.13+git.625.ac658f2f12-3.88.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * samba-python3-debuginfo-4.15.13+git.625.ac658f2f12-3.88.1 * samba-client-libs-debuginfo-4.15.13+git.625.ac658f2f12-3.88.1 * samba-libs-4.15.13+git.625.ac658f2f12-3.88.1 * samba-tool-4.15.13+git.625.ac658f2f12-3.88.1 * samba-client-debuginfo-4.15.13+git.625.ac658f2f12-3.88.1 * samba-ldb-ldap-debuginfo-4.15.13+git.625.ac658f2f12-3.88.1 * samba-client-4.15.13+git.625.ac658f2f12-3.88.1 * samba-libs-python3-debuginfo-4.15.13+git.625.ac658f2f12-3.88.1 * samba-ldb-ldap-4.15.13+git.625.ac658f2f12-3.88.1 * samba-debuginfo-4.15.13+git.625.ac658f2f12-3.88.1 * samba-python3-4.15.13+git.625.ac658f2f12-3.88.1 * samba-libs-debuginfo-4.15.13+git.625.ac658f2f12-3.88.1 * samba-libs-python3-4.15.13+git.625.ac658f2f12-3.88.1 * samba-4.15.13+git.625.ac658f2f12-3.88.1 * samba-winbind-debuginfo-4.15.13+git.625.ac658f2f12-3.88.1 * samba-client-libs-4.15.13+git.625.ac658f2f12-3.88.1 * libsamba-policy0-python3-4.15.13+git.625.ac658f2f12-3.88.1 * libsamba-policy0-python3-debuginfo-4.15.13+git.625.ac658f2f12-3.88.1 * samba-winbind-libs-debuginfo-4.15.13+git.625.ac658f2f12-3.88.1 * samba-winbind-4.15.13+git.625.ac658f2f12-3.88.1 * samba-winbind-libs-4.15.13+git.625.ac658f2f12-3.88.1 * samba-debugsource-4.15.13+git.625.ac658f2f12-3.88.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64) * samba-devel-4.15.13+git.625.ac658f2f12-3.88.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * samba-doc-4.15.13+git.625.ac658f2f12-3.88.1 * SUSE Linux Enterprise Server 12 SP5 (ppc64le) * libsamba-policy-python3-devel-4.15.13+git.625.ac658f2f12-3.88.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * samba-client-libs-debuginfo-32bit-4.15.13+git.625.ac658f2f12-3.88.1 * samba-client-32bit-4.15.13+git.625.ac658f2f12-3.88.1 * libsamba-policy0-python3-32bit-4.15.13+git.625.ac658f2f12-3.88.1 * samba-client-debuginfo-32bit-4.15.13+git.625.ac658f2f12-3.88.1 * samba-client-libs-32bit-4.15.13+git.625.ac658f2f12-3.88.1 * samba-libs-debuginfo-32bit-4.15.13+git.625.ac658f2f12-3.88.1 * samba-libs-python3-32bit-4.15.13+git.625.ac658f2f12-3.88.1 * samba-libs-python3-debuginfo-32bit-4.15.13+git.625.ac658f2f12-3.88.1 * samba-winbind-libs-32bit-4.15.13+git.625.ac658f2f12-3.88.1 * samba-winbind-libs-debuginfo-32bit-4.15.13+git.625.ac658f2f12-3.88.1 * samba-libs-32bit-4.15.13+git.625.ac658f2f12-3.88.1 * libsamba-policy0-python3-debuginfo-32bit-4.15.13+git.625.ac658f2f12-3.88.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le) * libsamba-policy-python3-devel-4.15.13+git.625.ac658f2f12-3.88.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * samba-python3-debuginfo-4.15.13+git.625.ac658f2f12-3.88.1 * samba-client-libs-debuginfo-4.15.13+git.625.ac658f2f12-3.88.1 * samba-libs-4.15.13+git.625.ac658f2f12-3.88.1 * samba-tool-4.15.13+git.625.ac658f2f12-3.88.1 * samba-client-debuginfo-4.15.13+git.625.ac658f2f12-3.88.1 * ctdb-4.15.13+git.625.ac658f2f12-3.88.1 * samba-ldb-ldap-debuginfo-4.15.13+git.625.ac658f2f12-3.88.1 * samba-client-4.15.13+git.625.ac658f2f12-3.88.1 * samba-libs-python3-debuginfo-4.15.13+git.625.ac658f2f12-3.88.1 * samba-ldb-ldap-4.15.13+git.625.ac658f2f12-3.88.1 * ctdb-debuginfo-4.15.13+git.625.ac658f2f12-3.88.1 * samba-debuginfo-4.15.13+git.625.ac658f2f12-3.88.1 * samba-python3-4.15.13+git.625.ac658f2f12-3.88.1 * samba-libs-debuginfo-4.15.13+git.625.ac658f2f12-3.88.1 * samba-libs-python3-4.15.13+git.625.ac658f2f12-3.88.1 * samba-4.15.13+git.625.ac658f2f12-3.88.1 * samba-winbind-debuginfo-4.15.13+git.625.ac658f2f12-3.88.1 * samba-client-libs-4.15.13+git.625.ac658f2f12-3.88.1 * libsamba-policy0-python3-4.15.13+git.625.ac658f2f12-3.88.1 * libsamba-policy0-python3-debuginfo-4.15.13+git.625.ac658f2f12-3.88.1 * samba-winbind-libs-debuginfo-4.15.13+git.625.ac658f2f12-3.88.1 * samba-winbind-4.15.13+git.625.ac658f2f12-3.88.1 * samba-winbind-libs-4.15.13+git.625.ac658f2f12-3.88.1 * samba-debugsource-4.15.13+git.625.ac658f2f12-3.88.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * samba-doc-4.15.13+git.625.ac658f2f12-3.88.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * samba-client-libs-debuginfo-32bit-4.15.13+git.625.ac658f2f12-3.88.1 * samba-client-32bit-4.15.13+git.625.ac658f2f12-3.88.1 * libsamba-policy0-python3-32bit-4.15.13+git.625.ac658f2f12-3.88.1 * samba-client-debuginfo-32bit-4.15.13+git.625.ac658f2f12-3.88.1 * samba-client-libs-32bit-4.15.13+git.625.ac658f2f12-3.88.1 * samba-libs-debuginfo-32bit-4.15.13+git.625.ac658f2f12-3.88.1 * samba-libs-python3-32bit-4.15.13+git.625.ac658f2f12-3.88.1 * samba-libs-python3-debuginfo-32bit-4.15.13+git.625.ac658f2f12-3.88.1 * samba-winbind-libs-32bit-4.15.13+git.625.ac658f2f12-3.88.1 * samba-winbind-libs-debuginfo-32bit-4.15.13+git.625.ac658f2f12-3.88.1 * samba-libs-32bit-4.15.13+git.625.ac658f2f12-3.88.1 * libsamba-policy0-python3-debuginfo-32bit-4.15.13+git.625.ac658f2f12-3.88.1 * SUSE Linux Enterprise High Availability Extension 12 SP5 (ppc64le s390x x86_64) * ctdb-debuginfo-4.15.13+git.625.ac658f2f12-3.88.1 * ctdb-4.15.13+git.625.ac658f2f12-3.88.1 * samba-debugsource-4.15.13+git.625.ac658f2f12-3.88.1 * samba-debuginfo-4.15.13+git.625.ac658f2f12-3.88.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4091.html * https://bugzilla.suse.com/show_bug.cgi?id=1215904 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 10 16:36:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 16:36:46 -0000 Subject: SUSE-RU-2023:4037-1: moderate: Recommended update for cloud-regionsrv-client Message-ID: <169695580669.11211.16362715944999775864@smelt2.prg2.suse.org> # Recommended update for cloud-regionsrv-client Announcement ID: SUSE-RU-2023:4037-1 Rating: moderate References: * #1211282 * #1214801 Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has two fixes can now be installed. ## Description: This update for cloud-regionsrv-client fixes the following issues: * Update to version 10.1.3 (bsc#1214801): * Fixes an issue when it is unable to register a 'payg' instance. * Update to version 10.1.2 (bsc#1211282) * Properly handle Ipv6 when checking update server responsiveness. If not available fall back and use IPv4 information * Use systemd_ordered to allow use in a container without pulling systemd into the container as a requirement ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-4037=1 ## Package List: * Public Cloud Module 12 (noarch) * cloud-regionsrv-client-plugin-azure-2.0.0-52.99.1 * cloud-regionsrv-client-plugin-ec2-1.0.2-52.99.1 * cloud-regionsrv-client-addon-azure-1.0.5-52.99.1 * cloud-regionsrv-client-generic-config-1.0.0-52.99.1 * cloud-regionsrv-client-10.1.3-52.99.1 * cloud-regionsrv-client-plugin-gce-1.0.0-52.99.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211282 * https://bugzilla.suse.com/show_bug.cgi?id=1214801 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 10 16:36:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 16:36:48 -0000 Subject: SUSE-RU-2023:4034-1: moderate: Recommended update for transactional-update Message-ID: <169695580810.11211.355342162858222360@smelt2.prg2.suse.org> # Recommended update for transactional-update Announcement ID: SUSE-RU-2023:4034-1 Rating: moderate References: * #1215878 Affected Products: * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 An update that has one fix can now be installed. ## Description: This update for transactional-update fixes the following issues: Version 4.1.6 * Use permissions of real /etc when creating overlay [bsc#1215878] * Add support for configuration file snippets * Workaround for broken Tumbleweed package libfdisk1 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4034=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4034=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * transactional-update-zypp-config-4.1.6-150400.3.6.1 * dracut-transactional-update-4.1.6-150400.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libtukit4-4.1.6-150400.3.6.1 * tukit-4.1.6-150400.3.6.1 * libtukit4-debuginfo-4.1.6-150400.3.6.1 * transactional-update-4.1.6-150400.3.6.1 * transactional-update-debuginfo-4.1.6-150400.3.6.1 * tukitd-debuginfo-4.1.6-150400.3.6.1 * tukit-debuginfo-4.1.6-150400.3.6.1 * tukitd-4.1.6-150400.3.6.1 * transactional-update-debugsource-4.1.6-150400.3.6.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * transactional-update-zypp-config-4.1.6-150400.3.6.1 * dracut-transactional-update-4.1.6-150400.3.6.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libtukit4-4.1.6-150400.3.6.1 * tukit-4.1.6-150400.3.6.1 * libtukit4-debuginfo-4.1.6-150400.3.6.1 * transactional-update-4.1.6-150400.3.6.1 * transactional-update-debuginfo-4.1.6-150400.3.6.1 * tukitd-debuginfo-4.1.6-150400.3.6.1 * tukit-debuginfo-4.1.6-150400.3.6.1 * tukitd-4.1.6-150400.3.6.1 * transactional-update-debugsource-4.1.6-150400.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215878 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 10 16:36:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 16:36:57 -0000 Subject: SUSE-SU-2023:4033-1: important: Security update for the Linux Kernel Message-ID: <169695581731.11211.16454268728412213105@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4033-1 Rating: important References: * #1065729 * #1109837 * #1152446 * #1154048 * #1208995 * #1210169 * #1212703 * #1213016 * #1214157 * #1214380 * #1214386 * #1214586 * #1214940 * #1214943 * #1214945 * #1214946 * #1214948 * #1214949 * #1214950 * #1214952 * #1214953 * #1214961 * #1214962 * #1214964 * #1214965 * #1214966 * #1214967 * #1215115 * #1215117 * #1215121 * #1215122 * #1215136 * #1215149 * #1215152 * #1215162 * #1215164 * #1215165 * #1215207 * #1215221 * #1215275 * #1215299 * #1215467 * #1215607 * #1215634 * #1215858 * #1215860 * #1215861 * #1215877 * #1215897 * #1215898 * #1215954 Cross-References: * CVE-2020-36766 * CVE-2023-1192 * CVE-2023-1206 * CVE-2023-1859 * CVE-2023-39192 * CVE-2023-39193 * CVE-2023-39194 * CVE-2023-42754 * CVE-2023-4622 * CVE-2023-4623 * CVE-2023-4881 * CVE-2023-4921 CVSS scores: * CVE-2020-36766 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2020-36766 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-1192 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1206 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1206 ( NVD ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1859 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L * CVE-2023-1859 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39192 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H * CVE-2023-39192 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L * CVE-2023-39193 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39193 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39194 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2023-39194 ( NVD ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2023-42754 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-42754 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4881 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-4881 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2023-4921 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4921 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Real Time 12 SP5 * SUSE Linux Enterprise Server 12 SP5 An update that solves 12 vulnerabilities and has 39 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861). * CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). * CVE-2023-39192: Fixed an out of bounds read in the netfilter subsystem (bsc#1215858). * CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467). * CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table which could be exploited by network adjacent attackers, increasing CPU usage by 95% (bsc#1212703). * CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275). * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117). * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). * CVE-2020-36766: Fixed a potential information leak in in the CEC driver (bsc#1215299). * CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169). * CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). * CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995). The following non-security bugs were fixed: * 9p/trans_virtio: Remove sysfs file on probe failure (git-fixes). * Drivers: hv: vmbus: Do not dereference ACPI root object handle (git-fixes). * Input: psmouse - fix OOB access in Elantech protocol (git-fixes). * Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (git-fixes). * Input: xpad - add constants for GIP interface numbers (git-fixes). * Input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes). * KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215897). * KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215898). * NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes). * NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes). * USB: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes). * USB: serial: option: add Quectel EM05G variant (0x030e) (git-fixes). * VSOCK: handle VIRTIO_VSOCK_OP_CREDIT_REQUEST (git-fixes). * arm64: insn: Fix ldadd instruction encoding (git-fixes) * arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes) * blacklist.conf: workqueue: compiler warning on 32-bit systems with Clang (bsc#1215877) * blk-mq: Add blk_mq_delay_run_hw_queues() API call (bsc#1214586). * blk-mq: In blk_mq_dispatch_rq_list() "no budget" is a reason to kick (bsc#1214586). * blk-mq: Rerun dispatching in the case of budget contention (bsc#1214586). * btrfs: output extra information on failure (bsc#1215136). * check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380) * direct-io: allow direct writes to empty inodes (bsc#1215164). * drm/ast: Fix DRAM init on AST2200 (bsc#1152446) * drm/client: Fix memory leak in drm_client_target_cloned (bsc#1152446) Backporting changes: * move changes to drm_fb_helper.c * context changes * drm/client: Send hotplug event after registering a client (bsc#1152446) Backporting changes: * send hotplug event from drm_client_add() * remove drm_dbg_kms() * drm/virtio: Fix GEM handle creation UAF (git-fixes). * drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git- fixes). * ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016). * ext4: correct inline offset when handling xattrs in inode body (bsc#1214950). * ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943). * ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940). * fbcon: Fix null-ptr-deref in soft_cursor (bsc#1154048). * fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe (bsc#1154048) * fbdev: imxfb: warn about invalid left/right margin (bsc#1154048) * fbdev: modedb: Add 1920x1080 at 60 Hz video mode (bsc#1154048) * fbdev: omapfb: lcd_mipid: Fix an error handling path in (bsc#1154048). * firmware: raspberrypi: Introduce devm_rpi_firmware_get() (git-fixes). * firmware: raspberrypi: Keep count of all consumers (git-fixes). * firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() (git-fixes). * fs: avoid softlockups in s_inodes iterators (bsc#1215165). * fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215607). * hv_utils: Fix passing zero to 'PTR_ERR' warning (git-fixes). * idr: fix param name in idr_alloc_cyclic() doc (bsc#1109837). * jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948). * jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953). * jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949). * jbd2: fix checkpoint cleanup performance regression (bsc#1214952). * jbd2: recheck chechpointing non-dirty buffer (bsc#1214945). * jbd2: remove t_checkpoint_io_list (bsc#1214946). * jbd2: remove unused function '__cp_buffer_busy' (bsc#1215162). * jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946). * jbd2: simplify journal_clean_one_cp_list() (bsc#1215207). * kernel-binary: Common dependencies cleanup Common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there. * kernel-binary: Drop code for kerntypes support Kerntypes was a SUSE-specific feature dropped before SLE 12. * media: b2c2: Add missing check in flexcop_pci_isr: (git-fixes). * media: cec-notifier: clear cec_adap in cec_notifier_unregister (git-fixes). * media: cec: copy sequence field for the reply (git-fixes). * media: cec: integrate cec_validate_phys_addr() in cec-api.c (git-fixes). * media: cec: make cec_get_edid_spa_location() an inline function (git-fixes). * media: flexcop-usb: fix NULL-ptr deref in flexcop_usb_transfer_init() (git- fixes). * media: mceusb: return without resubmitting URB in case of -EPROTO error (git-fixes). * media: s5p_cec: decrement usage count if disabled (git-fixes). * media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds (git-fixes). * mkspec: Allow unsupported KMPs (bsc#1214386) * net/mlx5: Fix size field in bufferx_reg struct (git-fixes). * net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes). * net: check if protocol extracted by virtio_net_hdr_set_proto is correct (git-fixes). * net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes). * net: ensure mac header is set in virtio_net_hdr_to_skb() (git-fixes). * net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null (git-fixes). * net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes). * net: virtio_vsock: Enhance connection semantics (git-fixes). * nfsd: fix change_info in NFSv4 RENAME replies (git-fixes). * old-flavors: Drop 2.6 kernels. 2.6 based kernels are EOL, upgrading from them is no longer suported. * powerpc/64s/exception: machine check use correct cfar for late handler (bsc#1065729). * powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729). * powerpc/xics: Remove unnecessary endian conversion (bsc#1065729). * quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961). * quota: fix warning in dqgrab() (bsc#1214962). * remoteproc: Add missing '\n' in log messages (git-fixes). * remoteproc: Fix NULL pointer dereference in rproc_virtio_notify (git-fixes). * s390/dasd: fix hanging device after request requeue (bsc#1215121). * s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215152). * s390: add z16 elf platform (bsc#1215954). * scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git- fixes). * scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes). * scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN (git-fixes bsc#1215149). * tools/virtio: fix the vringh test for virtio ring changes (git-fixes). * tracing: Reverse the order of trace_types_lock and event_mutex (git-fixes bsc#1215634). * udf: Fix extension of the last extent in the file (bsc#1214964). * udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965). * udf: Fix off-by-one error when discarding preallocation (bsc#1214966). * udf: Fix uninitialized array access for some pathnames (bsc#1214967). * usb: typec: altmodes/displayport: Add pin assignment helper (git-fixes). * usb: typec: altmodes/displayport: Fix pin assignment calculation (git- fixes). * vhost/net: Clear the pending messages when the backend is removed (git- fixes). * vhost/test: stop device before reset (git-fixes). * vhost/vsock: Fix error handling in vhost_vsock_init() (git-fixes). * vhost: Do not call access_ok() when using IOTLB (git-fixes). * vhost: Fix vhost_vq_reset() (git-fixes). * vhost: Use vhost_get_used_size() in vhost_vring_set_addr() (git-fixes). * vhost: fix range used in translate_desc() (git-fixes). * vhost: introduce helpers to get the size of metadata area (git-fixes). * vhost: missing __user tags (git-fixes). * vhost: vsock: kick send_pkt worker once device is started (git-fixes). * vhost_net: fix ubuf refcount incorrectly when sendmsg fails (git-fixes). * virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes). * virtio-gpu: fix possible memory allocation failure (git-fixes). * virtio-net: execute xdp_do_flush() before napi_complete_done() (git-fixes). * virtio-net: fix race between ndo_open() and virtio_device_ready() (git- fixes). * virtio-net: fix race between set queues and probe (git-fixes). * virtio-net: fix the race between refill work and close (git-fixes). * virtio-net: set queues after driver_ok (git-fixes). * virtio-rng: make device ready before making request (git-fixes). * virtio: acknowledge all features before access (git-fixes). * virtio_balloon: prevent pfn array overflow (git-fixes). * virtio_mmio: Add missing PM calls to freeze/restore (git-fixes). * virtio_mmio: Restore guest page size on resume (git-fixes). * virtio_net: Fix probe failed when modprobe virtio_net (git-fixes). * virtio_net: Remove BUG() to avoid machine dead (git-fixes). * virtio_net: add checking sq is full inside xdp xmit (git-fixes). * virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes). * virtio_net: reorder some funcs (git-fixes). * virtio_net: separate the logic of checking whether sq is full (git-fixes). * virtio_net: suppress cpu stall when free_unused_bufs (git-fixes). * virtio_pci: Support surprise removal of virtio pci device (git-fixes). * virtio_pci_modern: Fix the comment of virtio_pci_find_capability() (git- fixes). * virtio_ring: Avoid loop when vq is broken in virtqueue_poll (git-fixes). * vringh: Fix loop descriptors check in the indirect cases (git-fixes). * vsock/virtio: avoid potential deadlock when vsock device remove (git-fixes). * vsock/virtio: enable VQs early on probe (git-fixes). * vsock/virtio: free queued packets when closing socket (git-fixes). * vsock/virtio: update credit only if socket is not closed (git-fixes). * word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729). * x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails (git-fixes). * x86/srso: Do not probe microcode in a guest (git-fixes). * x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes). * x86/srso: Fix srso_show_state() side effect (git-fixes). * x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes). * xen: remove a confusing comment on auto-translated guest I/O (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Real Time 12 SP5 zypper in -t patch SUSE-SLE-RT-12-SP5-2023-4033=1 ## Package List: * SUSE Linux Enterprise Real Time 12 SP5 (x86_64) * kernel-rt-debugsource-4.12.14-10.144.1 * ocfs2-kmp-rt-4.12.14-10.144.1 * kernel-rt-devel-debuginfo-4.12.14-10.144.1 * kernel-rt_debug-debuginfo-4.12.14-10.144.1 * kernel-syms-rt-4.12.14-10.144.1 * cluster-md-kmp-rt-debuginfo-4.12.14-10.144.1 * kernel-rt-devel-4.12.14-10.144.1 * gfs2-kmp-rt-debuginfo-4.12.14-10.144.1 * ocfs2-kmp-rt-debuginfo-4.12.14-10.144.1 * gfs2-kmp-rt-4.12.14-10.144.1 * kernel-rt_debug-debugsource-4.12.14-10.144.1 * kernel-rt-base-debuginfo-4.12.14-10.144.1 * kernel-rt_debug-devel-debuginfo-4.12.14-10.144.1 * dlm-kmp-rt-debuginfo-4.12.14-10.144.1 * cluster-md-kmp-rt-4.12.14-10.144.1 * kernel-rt-base-4.12.14-10.144.1 * kernel-rt-debuginfo-4.12.14-10.144.1 * kernel-rt_debug-devel-4.12.14-10.144.1 * dlm-kmp-rt-4.12.14-10.144.1 * SUSE Linux Enterprise Real Time 12 SP5 (noarch) * kernel-devel-rt-4.12.14-10.144.1 * kernel-source-rt-4.12.14-10.144.1 * SUSE Linux Enterprise Real Time 12 SP5 (nosrc x86_64) * kernel-rt-4.12.14-10.144.1 * kernel-rt_debug-4.12.14-10.144.1 ## References: * https://www.suse.com/security/cve/CVE-2020-36766.html * https://www.suse.com/security/cve/CVE-2023-1192.html * https://www.suse.com/security/cve/CVE-2023-1206.html * https://www.suse.com/security/cve/CVE-2023-1859.html * https://www.suse.com/security/cve/CVE-2023-39192.html * https://www.suse.com/security/cve/CVE-2023-39193.html * https://www.suse.com/security/cve/CVE-2023-39194.html * https://www.suse.com/security/cve/CVE-2023-42754.html * https://www.suse.com/security/cve/CVE-2023-4622.html * https://www.suse.com/security/cve/CVE-2023-4623.html * https://www.suse.com/security/cve/CVE-2023-4881.html * https://www.suse.com/security/cve/CVE-2023-4921.html * https://bugzilla.suse.com/show_bug.cgi?id=1065729 * https://bugzilla.suse.com/show_bug.cgi?id=1109837 * https://bugzilla.suse.com/show_bug.cgi?id=1152446 * https://bugzilla.suse.com/show_bug.cgi?id=1154048 * https://bugzilla.suse.com/show_bug.cgi?id=1208995 * https://bugzilla.suse.com/show_bug.cgi?id=1210169 * https://bugzilla.suse.com/show_bug.cgi?id=1212703 * https://bugzilla.suse.com/show_bug.cgi?id=1213016 * https://bugzilla.suse.com/show_bug.cgi?id=1214157 * https://bugzilla.suse.com/show_bug.cgi?id=1214380 * https://bugzilla.suse.com/show_bug.cgi?id=1214386 * https://bugzilla.suse.com/show_bug.cgi?id=1214586 * https://bugzilla.suse.com/show_bug.cgi?id=1214940 * https://bugzilla.suse.com/show_bug.cgi?id=1214943 * https://bugzilla.suse.com/show_bug.cgi?id=1214945 * https://bugzilla.suse.com/show_bug.cgi?id=1214946 * https://bugzilla.suse.com/show_bug.cgi?id=1214948 * https://bugzilla.suse.com/show_bug.cgi?id=1214949 * https://bugzilla.suse.com/show_bug.cgi?id=1214950 * https://bugzilla.suse.com/show_bug.cgi?id=1214952 * https://bugzilla.suse.com/show_bug.cgi?id=1214953 * https://bugzilla.suse.com/show_bug.cgi?id=1214961 * https://bugzilla.suse.com/show_bug.cgi?id=1214962 * https://bugzilla.suse.com/show_bug.cgi?id=1214964 * https://bugzilla.suse.com/show_bug.cgi?id=1214965 * https://bugzilla.suse.com/show_bug.cgi?id=1214966 * https://bugzilla.suse.com/show_bug.cgi?id=1214967 * https://bugzilla.suse.com/show_bug.cgi?id=1215115 * https://bugzilla.suse.com/show_bug.cgi?id=1215117 * https://bugzilla.suse.com/show_bug.cgi?id=1215121 * https://bugzilla.suse.com/show_bug.cgi?id=1215122 * https://bugzilla.suse.com/show_bug.cgi?id=1215136 * https://bugzilla.suse.com/show_bug.cgi?id=1215149 * https://bugzilla.suse.com/show_bug.cgi?id=1215152 * https://bugzilla.suse.com/show_bug.cgi?id=1215162 * https://bugzilla.suse.com/show_bug.cgi?id=1215164 * https://bugzilla.suse.com/show_bug.cgi?id=1215165 * https://bugzilla.suse.com/show_bug.cgi?id=1215207 * https://bugzilla.suse.com/show_bug.cgi?id=1215221 * https://bugzilla.suse.com/show_bug.cgi?id=1215275 * https://bugzilla.suse.com/show_bug.cgi?id=1215299 * https://bugzilla.suse.com/show_bug.cgi?id=1215467 * https://bugzilla.suse.com/show_bug.cgi?id=1215607 * https://bugzilla.suse.com/show_bug.cgi?id=1215634 * https://bugzilla.suse.com/show_bug.cgi?id=1215858 * https://bugzilla.suse.com/show_bug.cgi?id=1215860 * https://bugzilla.suse.com/show_bug.cgi?id=1215861 * https://bugzilla.suse.com/show_bug.cgi?id=1215877 * https://bugzilla.suse.com/show_bug.cgi?id=1215897 * https://bugzilla.suse.com/show_bug.cgi?id=1215898 * https://bugzilla.suse.com/show_bug.cgi?id=1215954 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 10 16:37:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 16:37:01 -0000 Subject: SUSE-SU-2023:4032-1: important: Security update for the Linux Kernel Message-ID: <169695582146.11211.14779444532685922576@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4032-1 Rating: important References: * #1109837 * #1152446 * #1154048 * #1213016 * #1214157 * #1214380 * #1214586 * #1214940 * #1214943 * #1214945 * #1214946 * #1214948 * #1214949 * #1214950 * #1214952 * #1214953 * #1215122 * #1215136 * #1215164 * #1215165 * #1215607 * #1215877 * #1215897 * #1215898 Cross-References: * CVE-2020-36766 * CVE-2023-1192 * CVE-2023-1206 * CVE-2023-1859 * CVE-2023-39192 * CVE-2023-39193 * CVE-2023-39194 * CVE-2023-42754 * CVE-2023-4622 * CVE-2023-4623 * CVE-2023-4881 * CVE-2023-4921 CVSS scores: * CVE-2020-36766 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2020-36766 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-1192 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1206 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1206 ( NVD ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1859 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L * CVE-2023-1859 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39192 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H * CVE-2023-39192 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L * CVE-2023-39193 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39193 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39194 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2023-39194 ( NVD ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2023-42754 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-42754 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4881 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-4881 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2023-4921 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4921 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves 12 vulnerabilities and has 12 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-39194: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215861) * CVE-2023-39193: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215860) * CVE-2023-39192: Fixed a flaw in the u32_match_it function which could allow a local attackers to disclose sensitive information. (bsc#1215858) * CVE-2023-42754: Fixed a null pointer dereference in ipv4_link_failure which could lead an authenticated attacker to trigger a DoS. (bsc#1215467) * CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703). * CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275). * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117). * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). * CVE-2020-36766: Fixed a potential information leak in in the CEC driver (bsc#1215299). * CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169). * CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). * CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995). The following non-security bugs were fixed: * 9p/trans_virtio: Remove sysfs file on probe failure (git-fixes). * arm64: insn: Fix ldadd instruction encoding (git-fixes) * arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes) * blk-mq: Add blk_mq_delay_run_hw_queues() API call (bsc#1214586). * blk-mq: In blk_mq_dispatch_rq_list() "no budget" is a reason to kick (bsc#1214586). * blk-mq: Rerun dispatching in the case of budget contention (bsc#1214586). * check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380). gcc7 on SLE 15 does not support this while later gcc does. * direct-io: allow direct writes to empty inodes (bsc#1215164). * Drivers: hv: vmbus: Do not dereference ACPI root object handle (git-fixes). * drm/ast: Fix DRAM init on AST2200 (bsc#1152446) * drm/client: Fix memory leak in drm_client_target_cloned (bsc#1152446) Backporting changes: * move changes to drm_fb_helper.c * context changes * drm/client: Send hotplug event after registering a client (bsc#1152446) Backporting changes: * send hotplug event from drm_client_add() * remove drm_dbg_kms() * drm/virtio: Fix GEM handle creation UAF (git-fixes). * drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git- fixes). * ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016). * ext4: correct inline offset when handling xattrs in inode body (bsc#1214950). * ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943). * ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940). * fbcon: Fix null-ptr-deref in soft_cursor (bsc#1154048) * fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe (bsc#1154048) * fbdev: imxfb: warn about invalid left/right margin (bsc#1154048) * fbdev: modedb: Add 1920x1080 at 60 Hz video mode (bsc#1154048) * fbdev: omapfb: lcd_mipid: Fix an error handling path in (bsc#1154048) * firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() (git-fixes). * firmware: raspberrypi: Introduce devm_rpi_firmware_get() (git-fixes). * firmware: raspberrypi: Keep count of all consumers (git-fixes). * fs: avoid softlockups in s_inodes iterators (bsc#1215165). * fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215607). * hv_utils: Fix passing zero to 'PTR_ERR' warning (git-fixes). * idr: fix param name in idr_alloc_cyclic() doc (bsc#1109837). * Input: psmouse - fix OOB access in Elantech protocol (git-fixes). * Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (git-fixes). * Input: xpad - add constants for GIP interface numbers (git-fixes). * Input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes). * jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953). * jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949). * jbd2: fix checkpoint cleanup performance regression (bsc#1214952). * jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948). * jbd2: recheck chechpointing non-dirty buffer (bsc#1214945). * jbd2: remove t_checkpoint_io_list (bsc#1214946). * jbd2: remove unused function '__cp_buffer_busy' (bsc#1215162). * jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946). * jbd2: simplify journal_clean_one_cp_list() (bsc#1215207). * KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215897). * KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215898). * media: b2c2: Add missing check in flexcop_pci_isr: (git-fixes). * media: cec-notifier: clear cec_adap in cec_notifier_unregister (git-fixes). * media: cec: copy sequence field for the reply (git-fixes). * media: cec: integrate cec_validate_phys_addr() in cec-api.c (git-fixes). * media: cec: make cec_get_edid_spa_location() an inline function (git-fixes). * media: flexcop-usb: fix NULL-ptr deref in flexcop_usb_transfer_init() (git- fixes). * media: mceusb: return without resubmitting URB in case of -EPROTO error (git-fixes). * media: s5p_cec: decrement usage count if disabled (git-fixes). * media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds (git-fixes). * mkspec: Allow unsupported KMPs (bsc#1214386) * net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes). * net: check if protocol extracted by virtio_net_hdr_set_proto is correct (git-fixes). * net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes). * net: ensure mac header is set in virtio_net_hdr_to_skb() (git-fixes). * net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null (git-fixes). * net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes). * net: virtio_vsock: Enhance connection semantics (git-fixes). * net/mlx5: Fix size field in bufferx_reg struct (git-fixes). * NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes). * NFSD: fix change_info in NFSv4 RENAME replies (git-fixes). * NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes). * powerpc/64s/exception: machine check use correct cfar for late handler (bsc#1065729). * powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729). * powerpc/xics: Remove unnecessary endian conversion (bsc#1065729). * quota: fix warning in dqgrab() (bsc#1214962). * quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961). * remoteproc: Add missing '\n' in log messages (git-fixes). * remoteproc: Fix NULL pointer dereference in rproc_virtio_notify (git-fixes). * s390: add z16 elf platform (LTC#203790 bsc#1215954). * s390/dasd: fix hanging device after request requeue (LTC#203632 bsc#1215121). * s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215152). * scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git- fixes). * scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes). * scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN (git-fixes bsc#1215149). * tools/virtio: fix the vringh test for virtio ring changes (git-fixes). * tracing: Reverse the order of trace_types_lock and event_mutex (git-fixes bsc#1215634). * udf: Fix extension of the last extent in the file (bsc#1214964). * udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965). * udf: Fix off-by-one error when discarding preallocation (bsc#1214966). * udf: Fix uninitialized array access for some pathnames (bsc#1214967). * usb: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes). * usb: serial: option: add Quectel EM05G variant (0x030e) (git-fixes). * usb: typec: altmodes/displayport: Add pin assignment helper (git-fixes). * usb: typec: altmodes/displayport: Fix pin assignment calculation (git- fixes). * vhost_net: fix ubuf refcount incorrectly when sendmsg fails (git-fixes). * vhost: Do not call access_ok() when using IOTLB (git-fixes). * vhost: fix range used in translate_desc() (git-fixes). * vhost: Fix vhost_vq_reset() (git-fixes). * vhost: introduce helpers to get the size of metadata area (git-fixes). * vhost: missing __user tags (git-fixes). * vhost: Use vhost_get_used_size() in vhost_vring_set_addr() (git-fixes). * vhost: vsock: kick send_pkt worker once device is started (git-fixes). * vhost/net: Clear the pending messages when the backend is removed (git- fixes). * vhost/test: stop device before reset (git-fixes). * vhost/vsock: Fix error handling in vhost_vsock_init() (git-fixes). * virtio_balloon: prevent pfn array overflow (git-fixes). * virtio_mmio: Add missing PM calls to freeze/restore (git-fixes). * virtio_mmio: Restore guest page size on resume (git-fixes). * virtio_net: add checking sq is full inside xdp xmit (git-fixes). * virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes). * virtio_net: Fix probe failed when modprobe virtio_net (git-fixes). * virtio_net: Remove BUG() to avoid machine dead (git-fixes). * virtio_net: reorder some funcs (git-fixes). * virtio_net: separate the logic of checking whether sq is full (git-fixes). * virtio_net: suppress cpu stall when free_unused_bufs (git-fixes). * virtio_pci_modern: Fix the comment of virtio_pci_find_capability() (git- fixes). * virtio_pci: Support surprise removal of virtio pci device (git-fixes). * virtio_ring: Avoid loop when vq is broken in virtqueue_poll (git-fixes). * virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes). * virtio-gpu: fix possible memory allocation failure (git-fixes). * virtio-net: execute xdp_do_flush() before napi_complete_done() (git-fixes). * virtio-net: fix race between ndo_open() and virtio_device_ready() (git- fixes). * virtio-net: fix race between set queues and probe (git-fixes). * virtio-net: fix the race between refill work and close (git-fixes). * virtio-net: set queues after driver_ok (git-fixes). * virtio-rng: make device ready before making request (git-fixes). * virtio: acknowledge all features before access (git-fixes). * vringh: Fix loop descriptors check in the indirect cases (git-fixes). * VSOCK: handle VIRTIO_VSOCK_OP_CREDIT_REQUEST (git-fixes). * vsock/virtio: avoid potential deadlock when vsock device remove (git-fixes). * vsock/virtio: enable VQs early on probe (git-fixes). * vsock/virtio: free queued packets when closing socket (git-fixes). * vsock/virtio: update credit only if socket is not closed (git-fixes). * word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729). * x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails (git-fixes). * x86/srso: Do not probe microcode in a guest (git-fixes). * x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes). * x86/srso: Fix srso_show_state() side effect (git-fixes). * x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes). * xen: remove a confusing comment on auto-translated guest I/O (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4032=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4032=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4032=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc x86_64) * kernel-azure-4.12.14-16.152.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * kernel-azure-base-4.12.14-16.152.1 * kernel-azure-debuginfo-4.12.14-16.152.1 * kernel-azure-devel-4.12.14-16.152.1 * kernel-azure-debugsource-4.12.14-16.152.1 * kernel-syms-azure-4.12.14-16.152.1 * kernel-azure-base-debuginfo-4.12.14-16.152.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * kernel-source-azure-4.12.14-16.152.1 * kernel-devel-azure-4.12.14-16.152.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (nosrc x86_64) * kernel-azure-4.12.14-16.152.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * kernel-azure-base-4.12.14-16.152.1 * kernel-azure-debuginfo-4.12.14-16.152.1 * kernel-azure-devel-4.12.14-16.152.1 * kernel-azure-debugsource-4.12.14-16.152.1 * kernel-syms-azure-4.12.14-16.152.1 * kernel-azure-base-debuginfo-4.12.14-16.152.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * kernel-source-azure-4.12.14-16.152.1 * kernel-devel-azure-4.12.14-16.152.1 * SUSE Linux Enterprise Server 12 SP5 (nosrc x86_64) * kernel-azure-4.12.14-16.152.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * kernel-azure-base-4.12.14-16.152.1 * kernel-azure-debuginfo-4.12.14-16.152.1 * kernel-azure-devel-4.12.14-16.152.1 * kernel-azure-debugsource-4.12.14-16.152.1 * kernel-syms-azure-4.12.14-16.152.1 * kernel-azure-base-debuginfo-4.12.14-16.152.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * kernel-source-azure-4.12.14-16.152.1 * kernel-devel-azure-4.12.14-16.152.1 ## References: * https://www.suse.com/security/cve/CVE-2020-36766.html * https://www.suse.com/security/cve/CVE-2023-1192.html * https://www.suse.com/security/cve/CVE-2023-1206.html * https://www.suse.com/security/cve/CVE-2023-1859.html * https://www.suse.com/security/cve/CVE-2023-39192.html * https://www.suse.com/security/cve/CVE-2023-39193.html * https://www.suse.com/security/cve/CVE-2023-39194.html * https://www.suse.com/security/cve/CVE-2023-42754.html * https://www.suse.com/security/cve/CVE-2023-4622.html * https://www.suse.com/security/cve/CVE-2023-4623.html * https://www.suse.com/security/cve/CVE-2023-4881.html * https://www.suse.com/security/cve/CVE-2023-4921.html * https://bugzilla.suse.com/show_bug.cgi?id=1109837 * https://bugzilla.suse.com/show_bug.cgi?id=1152446 * https://bugzilla.suse.com/show_bug.cgi?id=1154048 * https://bugzilla.suse.com/show_bug.cgi?id=1213016 * https://bugzilla.suse.com/show_bug.cgi?id=1214157 * https://bugzilla.suse.com/show_bug.cgi?id=1214380 * https://bugzilla.suse.com/show_bug.cgi?id=1214586 * https://bugzilla.suse.com/show_bug.cgi?id=1214940 * https://bugzilla.suse.com/show_bug.cgi?id=1214943 * https://bugzilla.suse.com/show_bug.cgi?id=1214945 * https://bugzilla.suse.com/show_bug.cgi?id=1214946 * https://bugzilla.suse.com/show_bug.cgi?id=1214948 * https://bugzilla.suse.com/show_bug.cgi?id=1214949 * https://bugzilla.suse.com/show_bug.cgi?id=1214950 * https://bugzilla.suse.com/show_bug.cgi?id=1214952 * https://bugzilla.suse.com/show_bug.cgi?id=1214953 * https://bugzilla.suse.com/show_bug.cgi?id=1215122 * https://bugzilla.suse.com/show_bug.cgi?id=1215136 * https://bugzilla.suse.com/show_bug.cgi?id=1215164 * https://bugzilla.suse.com/show_bug.cgi?id=1215165 * https://bugzilla.suse.com/show_bug.cgi?id=1215607 * https://bugzilla.suse.com/show_bug.cgi?id=1215877 * https://bugzilla.suse.com/show_bug.cgi?id=1215897 * https://bugzilla.suse.com/show_bug.cgi?id=1215898 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 10 16:37:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 16:37:04 -0000 Subject: SUSE-SU-2023:4028-1: important: Security update for the Linux Kernel Message-ID: <169695582446.11211.8081722054514727223@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4028-1 Rating: important References: * #1208600 * #1208995 * #1210448 * #1213666 * #1213927 * #1214348 * #1214451 * #1215115 * PED-4579 Cross-References: * CVE-2023-1077 * CVE-2023-1192 * CVE-2023-2007 * CVE-2023-20588 * CVE-2023-3772 * CVE-2023-4385 * CVE-2023-4459 * CVE-2023-4623 CVSS scores: * CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1192 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2007 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2007 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-20588 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20588 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-3772 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3772 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4385 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4385 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4459 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 11 SP4 * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 An update that solves eight vulnerabilities and contains one feature can now be installed. ## Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity() that could cause memory corruption (bsc#1208600). * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). * CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995). * CVE-2023-20588: Fixed a potential data leak that could be triggered through a side channel when division by zero occurred on some AMD processors (bsc#1213927). * CVE-2023-4459: Fixed a NULL pointer dereference flaw in the vmxnet3 driver that may have allowed a local attacker with user privileges to cause a denial of service (bsc#1214451). * CVE-2023-3772: Fixed a flaw in the XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to denial of service (bsc#1213666). * CVE-2023-2007: Removed the dpt_i2o driver due to security issues (bsc#1210448, jsc#PED-4579). * CVE-2023-4385: Fixed a NULL pointer dereference flaw in dbFree that may have allowed a local attacker to crash the system due to a missing sanity check (bsc#1214348). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2023-4028=1 * SUSE Linux Enterprise Server 11 SP4 zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2023-4028=1 ## Package List: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 (nosrc x86_64) * kernel-xen-3.0.101-108.147.1 * kernel-trace-3.0.101-108.147.1 * kernel-default-3.0.101-108.147.1 * kernel-ec2-3.0.101-108.147.1 * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 (x86_64) * kernel-trace-base-3.0.101-108.147.1 * kernel-ec2-base-3.0.101-108.147.1 * kernel-ec2-devel-3.0.101-108.147.1 * kernel-syms-3.0.101-108.147.1 * kernel-xen-base-3.0.101-108.147.1 * kernel-trace-devel-3.0.101-108.147.1 * kernel-xen-devel-3.0.101-108.147.1 * kernel-source-3.0.101-108.147.1 * kernel-default-devel-3.0.101-108.147.1 * kernel-default-base-3.0.101-108.147.1 * SUSE Linux Enterprise Server 11 SP4 (nosrc x86_64) * kernel-xen-3.0.101-108.147.1 * kernel-trace-3.0.101-108.147.1 * kernel-default-3.0.101-108.147.1 * kernel-ec2-3.0.101-108.147.1 * SUSE Linux Enterprise Server 11 SP4 (x86_64) * kernel-trace-base-3.0.101-108.147.1 * kernel-ec2-base-3.0.101-108.147.1 * kernel-ec2-devel-3.0.101-108.147.1 * kernel-syms-3.0.101-108.147.1 * kernel-xen-base-3.0.101-108.147.1 * kernel-trace-devel-3.0.101-108.147.1 * kernel-xen-devel-3.0.101-108.147.1 * kernel-source-3.0.101-108.147.1 * kernel-default-devel-3.0.101-108.147.1 * kernel-default-base-3.0.101-108.147.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1077.html * https://www.suse.com/security/cve/CVE-2023-1192.html * https://www.suse.com/security/cve/CVE-2023-2007.html * https://www.suse.com/security/cve/CVE-2023-20588.html * https://www.suse.com/security/cve/CVE-2023-3772.html * https://www.suse.com/security/cve/CVE-2023-4385.html * https://www.suse.com/security/cve/CVE-2023-4459.html * https://www.suse.com/security/cve/CVE-2023-4623.html * https://bugzilla.suse.com/show_bug.cgi?id=1208600 * https://bugzilla.suse.com/show_bug.cgi?id=1208995 * https://bugzilla.suse.com/show_bug.cgi?id=1210448 * https://bugzilla.suse.com/show_bug.cgi?id=1213666 * https://bugzilla.suse.com/show_bug.cgi?id=1213927 * https://bugzilla.suse.com/show_bug.cgi?id=1214348 * https://bugzilla.suse.com/show_bug.cgi?id=1214451 * https://bugzilla.suse.com/show_bug.cgi?id=1215115 * https://jira.suse.com/browse/PED-4579 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 10 16:37:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 16:37:06 -0000 Subject: SUSE-SU-2023:4027-1: low: Security update for shadow Message-ID: <169695582631.11211.10778325467475191800@smelt2.prg2.suse.org> # Security update for shadow Announcement ID: SUSE-SU-2023:4027-1 Rating: low References: * #1214806 Cross-References: * CVE-2023-4641 CVSS scores: * CVE-2023-4641 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves one vulnerability can now be installed. ## Description: This update for shadow fixes the following issues: * CVE-2023-4641: Fixed potential password leak (bsc#1214806). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4027=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4027=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4027=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4027=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4027=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4027=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4027=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4027=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4027=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4027=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4027=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * login_defs-4.8.1-150300.4.12.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * shadow-debuginfo-4.8.1-150300.4.12.1 * shadow-debugsource-4.8.1-150300.4.12.1 * shadow-4.8.1-150300.4.12.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * login_defs-4.8.1-150300.4.12.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * shadow-debuginfo-4.8.1-150300.4.12.1 * shadow-debugsource-4.8.1-150300.4.12.1 * shadow-4.8.1-150300.4.12.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * login_defs-4.8.1-150300.4.12.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * shadow-debuginfo-4.8.1-150300.4.12.1 * shadow-debugsource-4.8.1-150300.4.12.1 * shadow-4.8.1-150300.4.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * login_defs-4.8.1-150300.4.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * shadow-debuginfo-4.8.1-150300.4.12.1 * shadow-debugsource-4.8.1-150300.4.12.1 * shadow-4.8.1-150300.4.12.1 * SUSE Manager Proxy 4.2 (noarch) * login_defs-4.8.1-150300.4.12.1 * SUSE Manager Proxy 4.2 (x86_64) * shadow-debuginfo-4.8.1-150300.4.12.1 * shadow-debugsource-4.8.1-150300.4.12.1 * shadow-4.8.1-150300.4.12.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * login_defs-4.8.1-150300.4.12.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * shadow-debuginfo-4.8.1-150300.4.12.1 * shadow-debugsource-4.8.1-150300.4.12.1 * shadow-4.8.1-150300.4.12.1 * SUSE Manager Server 4.2 (noarch) * login_defs-4.8.1-150300.4.12.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * shadow-debuginfo-4.8.1-150300.4.12.1 * shadow-debugsource-4.8.1-150300.4.12.1 * shadow-4.8.1-150300.4.12.1 * SUSE Enterprise Storage 7.1 (noarch) * login_defs-4.8.1-150300.4.12.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * shadow-debuginfo-4.8.1-150300.4.12.1 * shadow-debugsource-4.8.1-150300.4.12.1 * shadow-4.8.1-150300.4.12.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * login_defs-4.8.1-150300.4.12.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * shadow-debuginfo-4.8.1-150300.4.12.1 * shadow-debugsource-4.8.1-150300.4.12.1 * shadow-4.8.1-150300.4.12.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * login_defs-4.8.1-150300.4.12.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * shadow-debuginfo-4.8.1-150300.4.12.1 * shadow-debugsource-4.8.1-150300.4.12.1 * shadow-4.8.1-150300.4.12.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * login_defs-4.8.1-150300.4.12.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * shadow-debuginfo-4.8.1-150300.4.12.1 * shadow-debugsource-4.8.1-150300.4.12.1 * shadow-4.8.1-150300.4.12.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4641.html * https://bugzilla.suse.com/show_bug.cgi?id=1214806 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 10 20:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 20:30:02 -0000 Subject: SUSE-SU-2023:4042-1: important: Security update for conmon Message-ID: <169696980203.16005.6093811945592430160@smelt2.prg2.suse.org> # Security update for conmon Announcement ID: SUSE-SU-2023:4042-1 Rating: important References: * #1215806 Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one security fix can now be installed. ## Description: This update for conmon fixes the following issues: conmon was rebuilt using go1.21 (bsc#1215806) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4042=1 SUSE-2023-4042=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4042=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4042=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4042=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4042=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-4042=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * conmon-debuginfo-2.1.7-150400.3.14.1 * conmon-2.1.7-150400.3.14.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * conmon-debuginfo-2.1.7-150400.3.14.1 * conmon-2.1.7-150400.3.14.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * conmon-debuginfo-2.1.7-150400.3.14.1 * conmon-2.1.7-150400.3.14.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * conmon-debuginfo-2.1.7-150400.3.14.1 * conmon-2.1.7-150400.3.14.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * conmon-debuginfo-2.1.7-150400.3.14.1 * conmon-2.1.7-150400.3.14.1 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * conmon-debuginfo-2.1.7-150400.3.14.1 * conmon-2.1.7-150400.3.14.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215806 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 10 20:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Oct 2023 20:30:04 -0000 Subject: SUSE-SU-2023:4041-1: moderate: Security update for php-composer2 Message-ID: <169696980420.16005.12330329993998934505@smelt2.prg2.suse.org> # Security update for php-composer2 Announcement ID: SUSE-SU-2023:4041-1 Rating: moderate References: * #1215859 Cross-References: * CVE-2023-43655 CVSS scores: * CVE-2023-43655 ( SUSE ): 6.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H * CVE-2023-43655 ( NVD ): 6.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * Web and Scripting Module 15-SP4 * Web and Scripting Module 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for php-composer2 fixes the following issues: * CVE-2023-43655: Fixed a remote code execution issue that could be triggered if users published a web-accessible composer.phar file (bsc#1215859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4041=1 openSUSE-SLE-15.4-2023-4041=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4041=1 * Web and Scripting Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2023-4041=1 * Web and Scripting Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP5-2023-4041=1 ## Package List: * openSUSE Leap 15.4 (noarch) * php-composer2-2.2.3-150400.3.6.1 * openSUSE Leap 15.5 (noarch) * php-composer2-2.2.3-150400.3.6.1 * Web and Scripting Module 15-SP4 (noarch) * php-composer2-2.2.3-150400.3.6.1 * Web and Scripting Module 15-SP5 (noarch) * php-composer2-2.2.3-150400.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-43655.html * https://bugzilla.suse.com/show_bug.cgi?id=1215859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 11 08:35:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Oct 2023 08:35:11 -0000 Subject: SUSE-SU-2023:4046-1: important: Security update for samba Message-ID: <169701331194.8264.3136436805656331484@smelt2.prg2.suse.org> # Security update for samba Announcement ID: SUSE-SU-2023:4046-1 Rating: important References: * #1215904 * #1215905 * #1215906 * #1215907 * #1215908 Cross-References: * CVE-2023-3961 * CVE-2023-4091 * CVE-2023-4154 * CVE-2023-42669 * CVE-2023-42670 CVSS scores: * CVE-2023-3961 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N * CVE-2023-4091 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2023-4154 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-42669 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-42670 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for samba fixes the following issues: * CVE-2023-4091: Fixed a bug where a client can truncate file with read-only permissions. (bsc#1215904) * CVE-2023-42669: Fixed a bug in "rpcecho" development server which allows Denial of Service via sleep() call on AD DC. (bsc#1215905) * CVE-2023-42670: Fixed the procedure number which was out of range when starting Active Directory Users and Computers. (bsc#1215906) * CVE-2023-3961: Fixed an unsanitized client pipe name passed to local_np_connect(). (bsc#1215907) * CVE-2023-4154: Fixed a bug in dirsync which allows SYSTEM access with only "GUID_DRS_GET_CHANGES" right. (bsc#1215908) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4046=1 openSUSE-SLE-15.5-2023-4046=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4046=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4046=1 * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2023-4046=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * samba-gpupdate-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-winbind-libs-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-devel-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * libsamba-policy0-python3-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * libsamba-policy-devel-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-ldb-ldap-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-libs-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-libs-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-client-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * ctdb-pcp-pmda-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * ctdb-pcp-pmda-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-python3-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * libsamba-policy-python3-devel-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-libs-python3-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-winbind-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-ldb-ldap-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * ctdb-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-libs-python3-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-test-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-tool-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * ctdb-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-client-libs-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-client-libs-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-debugsource-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-winbind-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-client-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * libsamba-policy0-python3-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-winbind-libs-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-python3-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-test-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * openSUSE Leap 15.5 (x86_64) * samba-devel-32bit-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-client-libs-32bit-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-client-32bit-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-client-libs-32bit-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-libs-32bit-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-libs-python3-32bit-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * libsamba-policy0-python3-32bit-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-client-32bit-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-winbind-libs-32bit-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-libs-python3-32bit-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-libs-32bit-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-winbind-libs-32bit-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * libsamba-policy0-python3-32bit-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * openSUSE Leap 15.5 (noarch) * samba-doc-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * openSUSE Leap 15.5 (aarch64 x86_64) * samba-ceph-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-ceph-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * openSUSE Leap 15.5 (aarch64_ilp32) * samba-winbind-libs-64bit-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-winbind-libs-64bit-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-libs-64bit-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * libsamba-policy0-python3-64bit-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-client-libs-64bit-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * libsamba-policy0-python3-64bit-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-devel-64bit-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-client-libs-64bit-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-libs-64bit-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-client-64bit-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-client-64bit-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-libs-python3-64bit-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-libs-python3-64bit-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * samba-debugsource-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-client-libs-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-client-libs-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * samba-gpupdate-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-winbind-libs-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-devel-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * libsamba-policy0-python3-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * libsamba-policy-devel-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-ldb-ldap-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-libs-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-libs-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-client-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-python3-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-libs-python3-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * libsamba-policy-python3-devel-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-winbind-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-ldb-ldap-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-libs-python3-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-tool-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-client-libs-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-client-libs-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-debugsource-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-winbind-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-client-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * libsamba-policy0-python3-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-winbind-libs-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-python3-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * Basesystem Module 15-SP5 (aarch64 x86_64) * samba-ceph-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-ceph-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * Basesystem Module 15-SP5 (x86_64) * samba-client-libs-32bit-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-client-libs-32bit-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-libs-32bit-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-winbind-libs-32bit-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-libs-32bit-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-winbind-libs-32bit-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * samba-debugsource-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * ctdb-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * ctdb-4.17.9+git.421.abde31ca5c2-150500.3.11.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3961.html * https://www.suse.com/security/cve/CVE-2023-4091.html * https://www.suse.com/security/cve/CVE-2023-4154.html * https://www.suse.com/security/cve/CVE-2023-42669.html * https://www.suse.com/security/cve/CVE-2023-42670.html * https://bugzilla.suse.com/show_bug.cgi?id=1215904 * https://bugzilla.suse.com/show_bug.cgi?id=1215905 * https://bugzilla.suse.com/show_bug.cgi?id=1215906 * https://bugzilla.suse.com/show_bug.cgi?id=1215907 * https://bugzilla.suse.com/show_bug.cgi?id=1215908 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 11 08:35:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Oct 2023 08:35:14 -0000 Subject: SUSE-SU-2023:4045-1: moderate: Security update for curl Message-ID: <169701331417.8264.17950884433571711830@smelt2.prg2.suse.org> # Security update for curl Announcement ID: SUSE-SU-2023:4045-1 Rating: moderate References: * #1215889 Cross-References: * CVE-2023-38546 CVSS scores: * CVE-2023-38546 ( SUSE ): 4.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves one vulnerability can now be installed. ## Description: This update for curl fixes the following issues: * CVE-2023-38546: Fixed a cookie injection with none file (bsc#1215889). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4045=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4045=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4045=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4045=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4045=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4045=1 ## Package List: * SUSE Manager Proxy 4.2 (x86_64) * curl-7.66.0-150200.4.60.1 * curl-debuginfo-7.66.0-150200.4.60.1 * libcurl4-32bit-7.66.0-150200.4.60.1 * libcurl4-7.66.0-150200.4.60.1 * libcurl4-debuginfo-7.66.0-150200.4.60.1 * libcurl4-32bit-debuginfo-7.66.0-150200.4.60.1 * curl-debugsource-7.66.0-150200.4.60.1 * libcurl-devel-7.66.0-150200.4.60.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * curl-7.66.0-150200.4.60.1 * curl-debuginfo-7.66.0-150200.4.60.1 * libcurl4-32bit-7.66.0-150200.4.60.1 * libcurl4-7.66.0-150200.4.60.1 * libcurl4-debuginfo-7.66.0-150200.4.60.1 * libcurl4-32bit-debuginfo-7.66.0-150200.4.60.1 * curl-debugsource-7.66.0-150200.4.60.1 * libcurl-devel-7.66.0-150200.4.60.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * curl-7.66.0-150200.4.60.1 * curl-debuginfo-7.66.0-150200.4.60.1 * libcurl4-7.66.0-150200.4.60.1 * libcurl4-debuginfo-7.66.0-150200.4.60.1 * curl-debugsource-7.66.0-150200.4.60.1 * libcurl-devel-7.66.0-150200.4.60.1 * SUSE Manager Server 4.2 (x86_64) * libcurl4-32bit-debuginfo-7.66.0-150200.4.60.1 * libcurl4-32bit-7.66.0-150200.4.60.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * curl-7.66.0-150200.4.60.1 * curl-debuginfo-7.66.0-150200.4.60.1 * libcurl4-7.66.0-150200.4.60.1 * libcurl4-debuginfo-7.66.0-150200.4.60.1 * curl-debugsource-7.66.0-150200.4.60.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * curl-7.66.0-150200.4.60.1 * curl-debuginfo-7.66.0-150200.4.60.1 * libcurl4-7.66.0-150200.4.60.1 * libcurl4-debuginfo-7.66.0-150200.4.60.1 * curl-debugsource-7.66.0-150200.4.60.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * curl-7.66.0-150200.4.60.1 * curl-debuginfo-7.66.0-150200.4.60.1 * libcurl4-7.66.0-150200.4.60.1 * libcurl4-debuginfo-7.66.0-150200.4.60.1 * curl-debugsource-7.66.0-150200.4.60.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38546.html * https://bugzilla.suse.com/show_bug.cgi?id=1215889 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 11 08:35:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Oct 2023 08:35:16 -0000 Subject: SUSE-SU-2023:4044-1: important: Security update for curl Message-ID: <169701331631.8264.11920271898194994426@smelt2.prg2.suse.org> # Security update for curl Announcement ID: SUSE-SU-2023:4044-1 Rating: important References: * #1215888 * #1215889 Cross-References: * CVE-2023-38545 * CVE-2023-38546 CVSS scores: * CVE-2023-38545 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-38546 ( SUSE ): 4.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for curl fixes the following issues: * CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) * CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4044=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4044=1 SUSE-2023-4044=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4044=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4044=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4044=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4044=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4044=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4044=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4044=1 ## Package List: * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * curl-debuginfo-8.0.1-150400.5.32.1 * curl-8.0.1-150400.5.32.1 * curl-debugsource-8.0.1-150400.5.32.1 * libcurl4-debuginfo-8.0.1-150400.5.32.1 * libcurl-devel-8.0.1-150400.5.32.1 * libcurl4-8.0.1-150400.5.32.1 * Basesystem Module 15-SP5 (x86_64) * libcurl4-32bit-8.0.1-150400.5.32.1 * libcurl4-32bit-debuginfo-8.0.1-150400.5.32.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * curl-debuginfo-8.0.1-150400.5.32.1 * curl-8.0.1-150400.5.32.1 * curl-debugsource-8.0.1-150400.5.32.1 * libcurl4-debuginfo-8.0.1-150400.5.32.1 * libcurl-devel-8.0.1-150400.5.32.1 * libcurl4-8.0.1-150400.5.32.1 * openSUSE Leap 15.4 (x86_64) * libcurl-devel-32bit-8.0.1-150400.5.32.1 * libcurl4-32bit-8.0.1-150400.5.32.1 * libcurl4-32bit-debuginfo-8.0.1-150400.5.32.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libcurl-devel-64bit-8.0.1-150400.5.32.1 * libcurl4-64bit-8.0.1-150400.5.32.1 * libcurl4-64bit-debuginfo-8.0.1-150400.5.32.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * curl-debuginfo-8.0.1-150400.5.32.1 * curl-8.0.1-150400.5.32.1 * curl-debugsource-8.0.1-150400.5.32.1 * libcurl4-debuginfo-8.0.1-150400.5.32.1 * libcurl-devel-8.0.1-150400.5.32.1 * libcurl4-8.0.1-150400.5.32.1 * openSUSE Leap 15.5 (x86_64) * libcurl-devel-32bit-8.0.1-150400.5.32.1 * libcurl4-32bit-8.0.1-150400.5.32.1 * libcurl4-32bit-debuginfo-8.0.1-150400.5.32.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * curl-debuginfo-8.0.1-150400.5.32.1 * curl-8.0.1-150400.5.32.1 * curl-debugsource-8.0.1-150400.5.32.1 * libcurl4-debuginfo-8.0.1-150400.5.32.1 * libcurl4-8.0.1-150400.5.32.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * curl-debuginfo-8.0.1-150400.5.32.1 * curl-8.0.1-150400.5.32.1 * curl-debugsource-8.0.1-150400.5.32.1 * libcurl4-debuginfo-8.0.1-150400.5.32.1 * libcurl4-8.0.1-150400.5.32.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * curl-debuginfo-8.0.1-150400.5.32.1 * curl-8.0.1-150400.5.32.1 * curl-debugsource-8.0.1-150400.5.32.1 * libcurl4-debuginfo-8.0.1-150400.5.32.1 * libcurl4-8.0.1-150400.5.32.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * curl-debuginfo-8.0.1-150400.5.32.1 * curl-8.0.1-150400.5.32.1 * curl-debugsource-8.0.1-150400.5.32.1 * libcurl4-debuginfo-8.0.1-150400.5.32.1 * libcurl4-8.0.1-150400.5.32.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * curl-debuginfo-8.0.1-150400.5.32.1 * curl-8.0.1-150400.5.32.1 * curl-debugsource-8.0.1-150400.5.32.1 * libcurl4-debuginfo-8.0.1-150400.5.32.1 * libcurl4-8.0.1-150400.5.32.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * curl-debuginfo-8.0.1-150400.5.32.1 * curl-8.0.1-150400.5.32.1 * curl-debugsource-8.0.1-150400.5.32.1 * libcurl4-debuginfo-8.0.1-150400.5.32.1 * libcurl-devel-8.0.1-150400.5.32.1 * libcurl4-8.0.1-150400.5.32.1 * Basesystem Module 15-SP4 (x86_64) * libcurl4-32bit-8.0.1-150400.5.32.1 * libcurl4-32bit-debuginfo-8.0.1-150400.5.32.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38545.html * https://www.suse.com/security/cve/CVE-2023-38546.html * https://bugzilla.suse.com/show_bug.cgi?id=1215888 * https://bugzilla.suse.com/show_bug.cgi?id=1215889 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 11 08:35:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Oct 2023 08:35:18 -0000 Subject: SUSE-SU-2023:4043-1: important: Security update for curl Message-ID: <169701331870.8264.11722552296380730721@smelt2.prg2.suse.org> # Security update for curl Announcement ID: SUSE-SU-2023:4043-1 Rating: important References: * #1215888 * #1215889 Cross-References: * CVE-2023-38545 * CVE-2023-38546 CVSS scores: * CVE-2023-38545 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-38546 ( SUSE ): 4.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for curl fixes the following issues: * CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) * CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4043=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4043=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4043=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4043=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * curl-debugsource-8.0.1-11.74.1 * curl-debuginfo-8.0.1-11.74.1 * libcurl-devel-8.0.1-11.74.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * curl-debugsource-8.0.1-11.74.1 * curl-8.0.1-11.74.1 * libcurl4-debuginfo-8.0.1-11.74.1 * curl-debuginfo-8.0.1-11.74.1 * libcurl4-8.0.1-11.74.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libcurl4-32bit-8.0.1-11.74.1 * libcurl4-debuginfo-32bit-8.0.1-11.74.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * curl-debugsource-8.0.1-11.74.1 * curl-8.0.1-11.74.1 * libcurl4-debuginfo-8.0.1-11.74.1 * curl-debuginfo-8.0.1-11.74.1 * libcurl4-8.0.1-11.74.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libcurl4-32bit-8.0.1-11.74.1 * libcurl4-debuginfo-32bit-8.0.1-11.74.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * curl-debugsource-8.0.1-11.74.1 * curl-8.0.1-11.74.1 * libcurl4-debuginfo-8.0.1-11.74.1 * curl-debuginfo-8.0.1-11.74.1 * libcurl4-8.0.1-11.74.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libcurl4-32bit-8.0.1-11.74.1 * libcurl4-debuginfo-32bit-8.0.1-11.74.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38545.html * https://www.suse.com/security/cve/CVE-2023-38546.html * https://bugzilla.suse.com/show_bug.cgi?id=1215888 * https://bugzilla.suse.com/show_bug.cgi?id=1215889 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 11 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Oct 2023 12:30:02 -0000 Subject: SUSE-SU-2023:4048-1: important: Security update for python-reportlab Message-ID: <169702740208.4853.15543675243255173476@smelt2.prg2.suse.org> # Security update for python-reportlab Announcement ID: SUSE-SU-2023:4048-1 Rating: important References: * #1215560 Cross-References: * CVE-2019-19450 CVSS scores: * CVE-2019-19450 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2019-19450 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for python-reportlab fixes the following issues: * CVE-2019-19450: Fixed an issue which allowed remote code execution via start_unichar in paraparser.py evaluating untrusted user input. (bsc#1215560) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-4048=1 ## Package List: * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * python-reportlab-debuginfo-2.7-3.16.1 * python-reportlab-debugsource-2.7-3.16.1 * python-reportlab-2.7-3.16.1 ## References: * https://www.suse.com/security/cve/CVE-2019-19450.html * https://bugzilla.suse.com/show_bug.cgi?id=1215560 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 11 12:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Oct 2023 12:30:04 -0000 Subject: SUSE-SU-2023:4047-1: moderate: Security update for glibc Message-ID: <169702740455.4853.12735606730832744620@smelt2.prg2.suse.org> # Security update for glibc Announcement ID: SUSE-SU-2023:4047-1 Rating: moderate References: * #1215286 * #1215505 * PED-4908 Cross-References: * CVE-2023-4813 CVSS scores: * CVE-2023-4813 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4813 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability, contains one feature and has one security fix can now be installed. ## Description: This update for glibc fixes the following issues: Security issue fixed: * CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Other changes: * Added GB18030-2022 charmap (jsc#PED-4908, BZ #30243) * Run vismain only if linker supports protected data symbol (bsc#1215505) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4047=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4047=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4047=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4047=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4047=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4047=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * nscd-debuginfo-2.26-150000.13.70.1 * glibc-profile-2.26-150000.13.70.1 * glibc-locale-base-2.26-150000.13.70.1 * glibc-debugsource-2.26-150000.13.70.1 * glibc-utils-src-debugsource-2.26-150000.13.70.1 * glibc-2.26-150000.13.70.1 * glibc-debuginfo-2.26-150000.13.70.1 * nscd-2.26-150000.13.70.1 * glibc-locale-base-debuginfo-2.26-150000.13.70.1 * glibc-extra-debuginfo-2.26-150000.13.70.1 * glibc-locale-2.26-150000.13.70.1 * glibc-devel-2.26-150000.13.70.1 * glibc-devel-static-2.26-150000.13.70.1 * glibc-utils-2.26-150000.13.70.1 * glibc-devel-debuginfo-2.26-150000.13.70.1 * glibc-utils-debuginfo-2.26-150000.13.70.1 * glibc-extra-2.26-150000.13.70.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * glibc-locale-base-32bit-debuginfo-2.26-150000.13.70.1 * glibc-32bit-2.26-150000.13.70.1 * glibc-devel-32bit-debuginfo-2.26-150000.13.70.1 * glibc-devel-32bit-2.26-150000.13.70.1 * glibc-32bit-debuginfo-2.26-150000.13.70.1 * glibc-locale-base-32bit-2.26-150000.13.70.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * glibc-info-2.26-150000.13.70.1 * glibc-i18ndata-2.26-150000.13.70.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (nosrc) * glibc-utils-src-2.26-150000.13.70.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * nscd-debuginfo-2.26-150000.13.70.1 * glibc-profile-2.26-150000.13.70.1 * glibc-locale-base-2.26-150000.13.70.1 * glibc-debugsource-2.26-150000.13.70.1 * glibc-utils-src-debugsource-2.26-150000.13.70.1 * glibc-2.26-150000.13.70.1 * glibc-debuginfo-2.26-150000.13.70.1 * nscd-2.26-150000.13.70.1 * glibc-locale-base-debuginfo-2.26-150000.13.70.1 * glibc-extra-debuginfo-2.26-150000.13.70.1 * glibc-locale-2.26-150000.13.70.1 * glibc-devel-2.26-150000.13.70.1 * glibc-devel-static-2.26-150000.13.70.1 * glibc-utils-2.26-150000.13.70.1 * glibc-devel-debuginfo-2.26-150000.13.70.1 * glibc-utils-debuginfo-2.26-150000.13.70.1 * glibc-extra-2.26-150000.13.70.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * glibc-info-2.26-150000.13.70.1 * glibc-i18ndata-2.26-150000.13.70.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (nosrc) * glibc-utils-src-2.26-150000.13.70.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * glibc-locale-base-32bit-debuginfo-2.26-150000.13.70.1 * glibc-32bit-2.26-150000.13.70.1 * glibc-devel-32bit-debuginfo-2.26-150000.13.70.1 * glibc-devel-32bit-2.26-150000.13.70.1 * glibc-32bit-debuginfo-2.26-150000.13.70.1 * glibc-locale-base-32bit-2.26-150000.13.70.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * nscd-debuginfo-2.26-150000.13.70.1 * glibc-profile-2.26-150000.13.70.1 * glibc-locale-base-2.26-150000.13.70.1 * glibc-debugsource-2.26-150000.13.70.1 * glibc-utils-src-debugsource-2.26-150000.13.70.1 * glibc-2.26-150000.13.70.1 * glibc-debuginfo-2.26-150000.13.70.1 * nscd-2.26-150000.13.70.1 * glibc-locale-base-debuginfo-2.26-150000.13.70.1 * glibc-extra-debuginfo-2.26-150000.13.70.1 * glibc-locale-2.26-150000.13.70.1 * glibc-devel-2.26-150000.13.70.1 * glibc-devel-static-2.26-150000.13.70.1 * glibc-utils-2.26-150000.13.70.1 * glibc-devel-debuginfo-2.26-150000.13.70.1 * glibc-utils-debuginfo-2.26-150000.13.70.1 * glibc-extra-2.26-150000.13.70.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * glibc-info-2.26-150000.13.70.1 * glibc-i18ndata-2.26-150000.13.70.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (nosrc) * glibc-utils-src-2.26-150000.13.70.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * glibc-locale-base-32bit-debuginfo-2.26-150000.13.70.1 * glibc-32bit-2.26-150000.13.70.1 * glibc-devel-32bit-debuginfo-2.26-150000.13.70.1 * glibc-devel-32bit-2.26-150000.13.70.1 * glibc-32bit-debuginfo-2.26-150000.13.70.1 * glibc-locale-base-32bit-2.26-150000.13.70.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * nscd-debuginfo-2.26-150000.13.70.1 * glibc-profile-2.26-150000.13.70.1 * glibc-locale-base-2.26-150000.13.70.1 * glibc-debugsource-2.26-150000.13.70.1 * glibc-utils-src-debugsource-2.26-150000.13.70.1 * glibc-2.26-150000.13.70.1 * glibc-debuginfo-2.26-150000.13.70.1 * nscd-2.26-150000.13.70.1 * glibc-locale-base-debuginfo-2.26-150000.13.70.1 * glibc-extra-debuginfo-2.26-150000.13.70.1 * glibc-locale-2.26-150000.13.70.1 * glibc-devel-2.26-150000.13.70.1 * glibc-devel-static-2.26-150000.13.70.1 * glibc-utils-2.26-150000.13.70.1 * glibc-devel-debuginfo-2.26-150000.13.70.1 * glibc-utils-debuginfo-2.26-150000.13.70.1 * glibc-extra-2.26-150000.13.70.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * glibc-info-2.26-150000.13.70.1 * glibc-i18ndata-2.26-150000.13.70.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (nosrc) * glibc-utils-src-2.26-150000.13.70.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * glibc-locale-base-32bit-debuginfo-2.26-150000.13.70.1 * glibc-32bit-2.26-150000.13.70.1 * glibc-devel-32bit-debuginfo-2.26-150000.13.70.1 * glibc-devel-32bit-2.26-150000.13.70.1 * glibc-32bit-debuginfo-2.26-150000.13.70.1 * glibc-locale-base-32bit-2.26-150000.13.70.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * nscd-debuginfo-2.26-150000.13.70.1 * glibc-profile-2.26-150000.13.70.1 * glibc-locale-base-2.26-150000.13.70.1 * glibc-debugsource-2.26-150000.13.70.1 * glibc-utils-src-debugsource-2.26-150000.13.70.1 * glibc-2.26-150000.13.70.1 * glibc-debuginfo-2.26-150000.13.70.1 * nscd-2.26-150000.13.70.1 * glibc-locale-base-debuginfo-2.26-150000.13.70.1 * glibc-extra-debuginfo-2.26-150000.13.70.1 * glibc-locale-2.26-150000.13.70.1 * glibc-devel-2.26-150000.13.70.1 * glibc-devel-static-2.26-150000.13.70.1 * glibc-utils-2.26-150000.13.70.1 * glibc-devel-debuginfo-2.26-150000.13.70.1 * glibc-utils-debuginfo-2.26-150000.13.70.1 * glibc-extra-2.26-150000.13.70.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * glibc-info-2.26-150000.13.70.1 * glibc-i18ndata-2.26-150000.13.70.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (nosrc) * glibc-utils-src-2.26-150000.13.70.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * glibc-locale-base-32bit-debuginfo-2.26-150000.13.70.1 * glibc-32bit-2.26-150000.13.70.1 * glibc-devel-32bit-debuginfo-2.26-150000.13.70.1 * glibc-devel-32bit-2.26-150000.13.70.1 * glibc-32bit-debuginfo-2.26-150000.13.70.1 * glibc-locale-base-32bit-2.26-150000.13.70.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * nscd-debuginfo-2.26-150000.13.70.1 * glibc-profile-2.26-150000.13.70.1 * glibc-locale-base-2.26-150000.13.70.1 * glibc-debugsource-2.26-150000.13.70.1 * glibc-utils-src-debugsource-2.26-150000.13.70.1 * glibc-2.26-150000.13.70.1 * glibc-debuginfo-2.26-150000.13.70.1 * nscd-2.26-150000.13.70.1 * glibc-locale-base-debuginfo-2.26-150000.13.70.1 * glibc-extra-debuginfo-2.26-150000.13.70.1 * glibc-locale-2.26-150000.13.70.1 * glibc-devel-2.26-150000.13.70.1 * glibc-devel-static-2.26-150000.13.70.1 * glibc-utils-2.26-150000.13.70.1 * glibc-devel-debuginfo-2.26-150000.13.70.1 * glibc-utils-debuginfo-2.26-150000.13.70.1 * glibc-extra-2.26-150000.13.70.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * glibc-info-2.26-150000.13.70.1 * glibc-i18ndata-2.26-150000.13.70.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc) * glibc-utils-src-2.26-150000.13.70.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * glibc-locale-base-32bit-debuginfo-2.26-150000.13.70.1 * glibc-32bit-2.26-150000.13.70.1 * glibc-devel-32bit-debuginfo-2.26-150000.13.70.1 * glibc-devel-32bit-2.26-150000.13.70.1 * glibc-32bit-debuginfo-2.26-150000.13.70.1 * glibc-locale-base-32bit-2.26-150000.13.70.1 * SUSE CaaS Platform 4.0 (x86_64) * glibc-32bit-2.26-150000.13.70.1 * glibc-profile-2.26-150000.13.70.1 * glibc-debugsource-2.26-150000.13.70.1 * glibc-extra-debuginfo-2.26-150000.13.70.1 * glibc-utils-2.26-150000.13.70.1 * glibc-locale-base-debuginfo-2.26-150000.13.70.1 * glibc-locale-base-2.26-150000.13.70.1 * glibc-utils-src-debugsource-2.26-150000.13.70.1 * nscd-2.26-150000.13.70.1 * glibc-utils-debuginfo-2.26-150000.13.70.1 * glibc-devel-32bit-2.26-150000.13.70.1 * glibc-locale-base-32bit-debuginfo-2.26-150000.13.70.1 * nscd-debuginfo-2.26-150000.13.70.1 * glibc-locale-2.26-150000.13.70.1 * glibc-32bit-debuginfo-2.26-150000.13.70.1 * glibc-devel-32bit-debuginfo-2.26-150000.13.70.1 * glibc-2.26-150000.13.70.1 * glibc-debuginfo-2.26-150000.13.70.1 * glibc-devel-2.26-150000.13.70.1 * glibc-devel-static-2.26-150000.13.70.1 * glibc-devel-debuginfo-2.26-150000.13.70.1 * glibc-locale-base-32bit-2.26-150000.13.70.1 * glibc-extra-2.26-150000.13.70.1 * SUSE CaaS Platform 4.0 (noarch) * glibc-info-2.26-150000.13.70.1 * glibc-i18ndata-2.26-150000.13.70.1 * SUSE CaaS Platform 4.0 (nosrc) * glibc-utils-src-2.26-150000.13.70.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4813.html * https://bugzilla.suse.com/show_bug.cgi?id=1215286 * https://bugzilla.suse.com/show_bug.cgi?id=1215505 * https://jira.suse.com/browse/PED-4908 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 11 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Oct 2023 16:30:02 -0000 Subject: SUSE-RU-2023:4052-1: moderate: Recommended update for babeltrace Message-ID: <169704180239.20535.2739232701795324441@smelt2.prg2.suse.org> # Recommended update for babeltrace Announcement ID: SUSE-RU-2023:4052-1 Rating: moderate References: * #1209275 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update ships missing babeltrace-devel to the Basesystem module to allow building gdb source rpms. (bsc#1209275) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4052=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4052=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4052=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4052=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4052=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4052=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4052=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * babeltrace-debugsource-1.5.8-150300.3.2.1 * babeltrace-devel-1.5.8-150300.3.2.1 * babeltrace-debuginfo-1.5.8-150300.3.2.1 * python3-babeltrace-1.5.8-150300.3.2.1 * python3-babeltrace-debuginfo-1.5.8-150300.3.2.1 * babeltrace-1.5.8-150300.3.2.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * babeltrace-debugsource-1.5.8-150300.3.2.1 * babeltrace-devel-1.5.8-150300.3.2.1 * babeltrace-debuginfo-1.5.8-150300.3.2.1 * python3-babeltrace-1.5.8-150300.3.2.1 * python3-babeltrace-debuginfo-1.5.8-150300.3.2.1 * babeltrace-1.5.8-150300.3.2.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * babeltrace-debuginfo-1.5.8-150300.3.2.1 * babeltrace-devel-1.5.8-150300.3.2.1 * babeltrace-1.5.8-150300.3.2.1 * babeltrace-debugsource-1.5.8-150300.3.2.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * babeltrace-debuginfo-1.5.8-150300.3.2.1 * babeltrace-devel-1.5.8-150300.3.2.1 * babeltrace-1.5.8-150300.3.2.1 * babeltrace-debugsource-1.5.8-150300.3.2.1 * SUSE Manager Proxy 4.2 (x86_64) * babeltrace-debuginfo-1.5.8-150300.3.2.1 * babeltrace-devel-1.5.8-150300.3.2.1 * babeltrace-1.5.8-150300.3.2.1 * babeltrace-debugsource-1.5.8-150300.3.2.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * babeltrace-debuginfo-1.5.8-150300.3.2.1 * babeltrace-devel-1.5.8-150300.3.2.1 * babeltrace-1.5.8-150300.3.2.1 * babeltrace-debugsource-1.5.8-150300.3.2.1 * SUSE Manager Server 4.2 (ppc64le x86_64) * babeltrace-debuginfo-1.5.8-150300.3.2.1 * babeltrace-1.5.8-150300.3.2.1 * babeltrace-debugsource-1.5.8-150300.3.2.1 * SUSE Manager Server 4.2 (x86_64) * babeltrace-devel-1.5.8-150300.3.2.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209275 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 11 16:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Oct 2023 16:30:04 -0000 Subject: SUSE-SU-2023:4051-1: moderate: Security update for gsl Message-ID: <169704180427.20535.2885642133423633149@smelt2.prg2.suse.org> # Security update for gsl Announcement ID: SUSE-SU-2023:4051-1 Rating: moderate References: * #1214681 Cross-References: * CVE-2020-35357 CVSS scores: * CVE-2020-35357 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2020-35357 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for gsl fixes the following issues: * CVE-2020-35357: Fixed a stack out of bounds read in gsl_stats_quantile_from_sorted_data(). (bsc#1214681) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4051=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-4051=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * gsl-debuginfo-1.16-5.4.1 * gsl-debugsource-1.16-5.4.1 * gsl-devel-1.16-5.4.1 * gsl-1.16-5.4.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * gsl-debuginfo-1.16-5.4.1 * gsl-debugsource-1.16-5.4.1 * gsl-1.16-5.4.1 ## References: * https://www.suse.com/security/cve/CVE-2020-35357.html * https://bugzilla.suse.com/show_bug.cgi?id=1214681 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 11 16:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Oct 2023 16:30:06 -0000 Subject: SUSE-SU-2023:4050-1: moderate: Security update for ImageMagick Message-ID: <169704180611.20535.353721293150468203@smelt2.prg2.suse.org> # Security update for ImageMagick Announcement ID: SUSE-SU-2023:4050-1 Rating: moderate References: * #1215939 Cross-References: * CVE-2023-5341 CVSS scores: * CVE-2023-5341 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2023-5341: Fixed a heap use-after-free in coders/bmp.c. (bsc#1215939) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4050=1 openSUSE-SLE-15.4-2023-4050=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4050=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4050=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4050=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4050=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4050=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.27.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.27.1 * ImageMagick-7.1.0.9-150400.6.27.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.27.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.27.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.27.1 * ImageMagick-extra-7.1.0.9-150400.6.27.1 * ImageMagick-debugsource-7.1.0.9-150400.6.27.1 * ImageMagick-extra-debuginfo-7.1.0.9-150400.6.27.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.27.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.27.1 * libMagick++-devel-7.1.0.9-150400.6.27.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.27.1 * ImageMagick-devel-7.1.0.9-150400.6.27.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.27.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.27.1 * perl-PerlMagick-7.1.0.9-150400.6.27.1 * openSUSE Leap 15.4 (x86_64) * libMagick++-devel-32bit-7.1.0.9-150400.6.27.1 * ImageMagick-devel-32bit-7.1.0.9-150400.6.27.1 * libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-150400.6.27.1 * libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-150400.6.27.1 * libMagickWand-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.27.1 * libMagickCore-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.27.1 * libMagick++-7_Q16HDRI5-32bit-7.1.0.9-150400.6.27.1 * libMagick++-7_Q16HDRI5-32bit-debuginfo-7.1.0.9-150400.6.27.1 * openSUSE Leap 15.4 (noarch) * ImageMagick-doc-7.1.0.9-150400.6.27.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libMagick++-7_Q16HDRI5-64bit-debuginfo-7.1.0.9-150400.6.27.1 * libMagickCore-7_Q16HDRI10-64bit-7.1.0.9-150400.6.27.1 * libMagick++-devel-64bit-7.1.0.9-150400.6.27.1 * libMagickWand-7_Q16HDRI10-64bit-debuginfo-7.1.0.9-150400.6.27.1 * libMagickCore-7_Q16HDRI10-64bit-debuginfo-7.1.0.9-150400.6.27.1 * libMagick++-7_Q16HDRI5-64bit-7.1.0.9-150400.6.27.1 * ImageMagick-devel-64bit-7.1.0.9-150400.6.27.1 * libMagickWand-7_Q16HDRI10-64bit-7.1.0.9-150400.6.27.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.27.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.27.1 * ImageMagick-7.1.0.9-150400.6.27.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.27.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.27.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.27.1 * ImageMagick-extra-7.1.0.9-150400.6.27.1 * ImageMagick-debugsource-7.1.0.9-150400.6.27.1 * ImageMagick-extra-debuginfo-7.1.0.9-150400.6.27.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.27.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.27.1 * libMagick++-devel-7.1.0.9-150400.6.27.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.27.1 * ImageMagick-devel-7.1.0.9-150400.6.27.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.27.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.27.1 * perl-PerlMagick-7.1.0.9-150400.6.27.1 * openSUSE Leap 15.5 (x86_64) * libMagick++-devel-32bit-7.1.0.9-150400.6.27.1 * ImageMagick-devel-32bit-7.1.0.9-150400.6.27.1 * libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-150400.6.27.1 * libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-150400.6.27.1 * libMagickWand-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.27.1 * libMagickCore-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.27.1 * libMagick++-7_Q16HDRI5-32bit-7.1.0.9-150400.6.27.1 * libMagick++-7_Q16HDRI5-32bit-debuginfo-7.1.0.9-150400.6.27.1 * openSUSE Leap 15.5 (noarch) * ImageMagick-doc-7.1.0.9-150400.6.27.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.27.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.27.1 * ImageMagick-7.1.0.9-150400.6.27.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.27.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.27.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.27.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.27.1 * ImageMagick-debugsource-7.1.0.9-150400.6.27.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.27.1 * libMagick++-devel-7.1.0.9-150400.6.27.1 * ImageMagick-devel-7.1.0.9-150400.6.27.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.27.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.27.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.27.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.27.1 * ImageMagick-7.1.0.9-150400.6.27.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.27.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.27.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.27.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.27.1 * ImageMagick-debugsource-7.1.0.9-150400.6.27.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.27.1 * libMagick++-devel-7.1.0.9-150400.6.27.1 * ImageMagick-devel-7.1.0.9-150400.6.27.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.27.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.27.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * ImageMagick-debuginfo-7.1.0.9-150400.6.27.1 * perl-PerlMagick-7.1.0.9-150400.6.27.1 * ImageMagick-debugsource-7.1.0.9-150400.6.27.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.27.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * ImageMagick-debuginfo-7.1.0.9-150400.6.27.1 * perl-PerlMagick-7.1.0.9-150400.6.27.1 * ImageMagick-debugsource-7.1.0.9-150400.6.27.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.27.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5341.html * https://bugzilla.suse.com/show_bug.cgi?id=1215939 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 11 16:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Oct 2023 16:30:08 -0000 Subject: SUSE-SU-2023:4049-1: moderate: Security update for ImageMagick Message-ID: <169704180858.20535.15950285441020458043@smelt2.prg2.suse.org> # Security update for ImageMagick Announcement ID: SUSE-SU-2023:4049-1 Rating: moderate References: * #1215939 Cross-References: * CVE-2023-5341 CVSS scores: * CVE-2023-5341 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2023-5341: Fixed a heap use-after-free in coders/bmp.c. (bsc#1215939) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4049=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4049=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4049=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4049=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-4049=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * ImageMagick-config-6-SUSE-6.8.8.1-71.201.1 * libMagick++-devel-6.8.8.1-71.201.1 * ImageMagick-6.8.8.1-71.201.1 * ImageMagick-devel-6.8.8.1-71.201.1 * libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.201.1 * ImageMagick-debuginfo-6.8.8.1-71.201.1 * ImageMagick-config-6-upstream-6.8.8.1-71.201.1 * ImageMagick-debugsource-6.8.8.1-71.201.1 * perl-PerlMagick-debuginfo-6.8.8.1-71.201.1 * perl-PerlMagick-6.8.8.1-71.201.1 * libMagick++-6_Q16-3-6.8.8.1-71.201.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * ImageMagick-config-6-SUSE-6.8.8.1-71.201.1 * ImageMagick-config-6-upstream-6.8.8.1-71.201.1 * ImageMagick-debuginfo-6.8.8.1-71.201.1 * libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.201.1 * ImageMagick-debugsource-6.8.8.1-71.201.1 * libMagickWand-6_Q16-1-6.8.8.1-71.201.1 * libMagickCore-6_Q16-1-6.8.8.1-71.201.1 * libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.201.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * ImageMagick-config-6-SUSE-6.8.8.1-71.201.1 * ImageMagick-config-6-upstream-6.8.8.1-71.201.1 * ImageMagick-debuginfo-6.8.8.1-71.201.1 * libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.201.1 * ImageMagick-debugsource-6.8.8.1-71.201.1 * libMagickWand-6_Q16-1-6.8.8.1-71.201.1 * libMagickCore-6_Q16-1-6.8.8.1-71.201.1 * libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.201.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * ImageMagick-config-6-SUSE-6.8.8.1-71.201.1 * ImageMagick-config-6-upstream-6.8.8.1-71.201.1 * ImageMagick-debuginfo-6.8.8.1-71.201.1 * libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.201.1 * ImageMagick-debugsource-6.8.8.1-71.201.1 * libMagickWand-6_Q16-1-6.8.8.1-71.201.1 * libMagickCore-6_Q16-1-6.8.8.1-71.201.1 * libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.201.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * ImageMagick-6.8.8.1-71.201.1 * libMagickCore-6_Q16-1-32bit-6.8.8.1-71.201.1 * libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.201.1 * ImageMagick-debuginfo-6.8.8.1-71.201.1 * libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.201.1 * ImageMagick-debugsource-6.8.8.1-71.201.1 * libMagick++-6_Q16-3-6.8.8.1-71.201.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5341.html * https://bugzilla.suse.com/show_bug.cgi?id=1215939 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 12 07:06:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Oct 2023 09:06:29 +0200 (CEST) Subject: SUSE-CU-2023:3367-1: Security update of bci/dotnet-aspnet Message-ID: <20231012070629.3BA8BF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3367-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-15.10 , bci/dotnet-aspnet:6.0.22 , bci/dotnet-aspnet:6.0.22-15.10 Container Release : 15.10 Severity : important Type : security References : 1215888 1215889 CVE-2023-38545 CVE-2023-38546 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) The following package changes have been done: - libcurl4-8.0.1-150400.5.32.1 updated From sle-updates at lists.suse.com Thu Oct 12 07:06:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Oct 2023 09:06:47 +0200 (CEST) Subject: SUSE-CU-2023:3368-1: Security update of bci/dotnet-aspnet Message-ID: <20231012070647.B361BF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3368-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-15.11 , bci/dotnet-aspnet:7.0.11 , bci/dotnet-aspnet:7.0.11-15.11 , bci/dotnet-aspnet:latest Container Release : 15.11 Severity : important Type : security References : 1215888 1215889 CVE-2023-38545 CVE-2023-38546 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) The following package changes have been done: - libcurl4-8.0.1-150400.5.32.1 updated - container:sles15-image-15.0.0-36.5.42 updated From sle-updates at lists.suse.com Thu Oct 12 07:07:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Oct 2023 09:07:09 +0200 (CEST) Subject: SUSE-CU-2023:3369-1: Security update of bci/dotnet-sdk Message-ID: <20231012070709.87735F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3369-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-14.10 , bci/dotnet-sdk:6.0.22 , bci/dotnet-sdk:6.0.22-14.10 Container Release : 14.10 Severity : important Type : security References : 1214806 1215888 1215889 CVE-2023-38545 CVE-2023-38546 CVE-2023-4641 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) The following package changes have been done: - login_defs-4.8.1-150400.10.12.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - shadow-4.8.1-150400.10.12.1 updated - container:sles15-image-15.0.0-36.5.42 updated From sle-updates at lists.suse.com Thu Oct 12 07:07:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Oct 2023 09:07:31 +0200 (CEST) Subject: SUSE-CU-2023:3370-1: Security update of bci/dotnet-sdk Message-ID: <20231012070731.5D771F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3370-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-16.10 , bci/dotnet-sdk:7.0.11 , bci/dotnet-sdk:7.0.11-16.10 , bci/dotnet-sdk:latest Container Release : 16.10 Severity : important Type : security References : 1214806 1215888 1215889 CVE-2023-38545 CVE-2023-38546 CVE-2023-4641 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) The following package changes have been done: - login_defs-4.8.1-150400.10.12.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - shadow-4.8.1-150400.10.12.1 updated - container:sles15-image-15.0.0-36.5.42 updated From sle-updates at lists.suse.com Thu Oct 12 07:07:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Oct 2023 09:07:47 +0200 (CEST) Subject: SUSE-CU-2023:3371-1: Security update of bci/dotnet-runtime Message-ID: <20231012070747.B7BD6F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3371-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-14.10 , bci/dotnet-runtime:6.0.22 , bci/dotnet-runtime:6.0.22-14.10 Container Release : 14.10 Severity : important Type : security References : 1214806 1215888 1215889 CVE-2023-38545 CVE-2023-38546 CVE-2023-4641 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) The following package changes have been done: - login_defs-4.8.1-150400.10.12.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - shadow-4.8.1-150400.10.12.1 updated - container:sles15-image-15.0.0-36.5.41 updated From sle-updates at lists.suse.com Thu Oct 12 07:08:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Oct 2023 09:08:05 +0200 (CEST) Subject: SUSE-CU-2023:3372-1: Security update of bci/dotnet-runtime Message-ID: <20231012070805.6214BF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3372-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-16.9 , bci/dotnet-runtime:7.0.11 , bci/dotnet-runtime:7.0.11-16.9 , bci/dotnet-runtime:latest Container Release : 16.9 Severity : important Type : security References : 1215888 1215889 CVE-2023-38545 CVE-2023-38546 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) The following package changes have been done: - libcurl4-8.0.1-150400.5.32.1 updated From sle-updates at lists.suse.com Thu Oct 12 08:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Oct 2023 08:30:02 -0000 Subject: SUSE-SU-2023:4055-1: important: Security update for xen Message-ID: <169709940265.13396.3115343128818344853@smelt2.prg2.suse.org> # Security update for xen Announcement ID: SUSE-SU-2023:4055-1 Rating: important References: * #1215744 * #1215746 * #1215747 * #1215748 Cross-References: * CVE-2023-34323 * CVE-2023-34325 * CVE-2023-34326 * CVE-2023-34327 * CVE-2023-34328 CVSS scores: * CVE-2023-34323 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34325 ( SUSE ): 5.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2023-34326 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-34327 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34328 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves five vulnerabilities can now be installed. ## Description: This update for xen fixes the following issues: * CVE-2023-34323: A transaction conflict can crash C Xenstored (XSA-440, bsc#1215744) * CVE-2023-34326: Missing IOMMU TLB flushing (XSA-442, bsc#1215746) * CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling (XSA-443, bsc#1215747) * CVE-2023-34327: Debug Mask handling (XSA-444, bsc#1215748) * CVE-2023-34328: Debug Mask handling (XSA-444, bsc#1215748) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4055=1 openSUSE-SLE-15.4-2023-4055=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4055=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4055=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4055=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4055=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4055=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4055=1 ## Package List: * openSUSE Leap 15.4 (aarch64 x86_64 i586) * xen-debugsource-4.16.5_06-150400.4.37.1 * xen-libs-debuginfo-4.16.5_06-150400.4.37.1 * xen-libs-4.16.5_06-150400.4.37.1 * xen-devel-4.16.5_06-150400.4.37.1 * xen-tools-domU-debuginfo-4.16.5_06-150400.4.37.1 * xen-tools-domU-4.16.5_06-150400.4.37.1 * openSUSE Leap 15.4 (x86_64) * xen-libs-32bit-4.16.5_06-150400.4.37.1 * xen-libs-32bit-debuginfo-4.16.5_06-150400.4.37.1 * openSUSE Leap 15.4 (aarch64 x86_64) * xen-4.16.5_06-150400.4.37.1 * xen-doc-html-4.16.5_06-150400.4.37.1 * xen-tools-debuginfo-4.16.5_06-150400.4.37.1 * xen-tools-4.16.5_06-150400.4.37.1 * openSUSE Leap 15.4 (noarch) * xen-tools-xendomains-wait-disk-4.16.5_06-150400.4.37.1 * openSUSE Leap 15.4 (aarch64_ilp32) * xen-libs-64bit-4.16.5_06-150400.4.37.1 * xen-libs-64bit-debuginfo-4.16.5_06-150400.4.37.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * xen-debugsource-4.16.5_06-150400.4.37.1 * xen-libs-4.16.5_06-150400.4.37.1 * xen-libs-debuginfo-4.16.5_06-150400.4.37.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * xen-debugsource-4.16.5_06-150400.4.37.1 * xen-libs-4.16.5_06-150400.4.37.1 * xen-libs-debuginfo-4.16.5_06-150400.4.37.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * xen-debugsource-4.16.5_06-150400.4.37.1 * xen-libs-4.16.5_06-150400.4.37.1 * xen-libs-debuginfo-4.16.5_06-150400.4.37.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * xen-debugsource-4.16.5_06-150400.4.37.1 * xen-libs-4.16.5_06-150400.4.37.1 * xen-libs-debuginfo-4.16.5_06-150400.4.37.1 * Basesystem Module 15-SP4 (x86_64) * xen-debugsource-4.16.5_06-150400.4.37.1 * xen-libs-debuginfo-4.16.5_06-150400.4.37.1 * xen-libs-4.16.5_06-150400.4.37.1 * xen-tools-domU-debuginfo-4.16.5_06-150400.4.37.1 * xen-tools-domU-4.16.5_06-150400.4.37.1 * Server Applications Module 15-SP4 (x86_64) * xen-debugsource-4.16.5_06-150400.4.37.1 * xen-tools-4.16.5_06-150400.4.37.1 * xen-4.16.5_06-150400.4.37.1 * xen-devel-4.16.5_06-150400.4.37.1 * xen-tools-debuginfo-4.16.5_06-150400.4.37.1 * Server Applications Module 15-SP4 (noarch) * xen-tools-xendomains-wait-disk-4.16.5_06-150400.4.37.1 ## References: * https://www.suse.com/security/cve/CVE-2023-34323.html * https://www.suse.com/security/cve/CVE-2023-34325.html * https://www.suse.com/security/cve/CVE-2023-34326.html * https://www.suse.com/security/cve/CVE-2023-34327.html * https://www.suse.com/security/cve/CVE-2023-34328.html * https://bugzilla.suse.com/show_bug.cgi?id=1215744 * https://bugzilla.suse.com/show_bug.cgi?id=1215746 * https://bugzilla.suse.com/show_bug.cgi?id=1215747 * https://bugzilla.suse.com/show_bug.cgi?id=1215748 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 12 08:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Oct 2023 08:30:05 -0000 Subject: SUSE-SU-2023:4054-1: important: Security update for xen Message-ID: <169709940553.13396.7654172769434328005@smelt2.prg2.suse.org> # Security update for xen Announcement ID: SUSE-SU-2023:4054-1 Rating: important References: * #1215744 * #1215746 * #1215747 * #1215748 Cross-References: * CVE-2023-34323 * CVE-2023-34325 * CVE-2023-34326 * CVE-2023-34327 * CVE-2023-34328 CVSS scores: * CVE-2023-34323 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34325 ( SUSE ): 5.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2023-34326 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-34327 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34328 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for xen fixes the following issues: * CVE-2023-34323: A transaction conflict can crash C Xenstored (XSA-440, bsc#1215744) * CVE-2023-34326: Missing IOMMU TLB flushing (XSA-442, bsc#1215746) * CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling (XSA-443, bsc#1215747) * CVE-2023-34327: Debug Mask handling (XSA-444, bsc#1215748) * CVE-2023-34328: Debug Mask handling (XSA-444, bsc#1215748) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4054=1 SUSE-2023-4054=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4054=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4054=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4054=1 ## Package List: * openSUSE Leap 15.5 (aarch64 x86_64 i586) * xen-tools-domU-debuginfo-4.17.2_06-150500.3.12.1 * xen-tools-domU-4.17.2_06-150500.3.12.1 * xen-devel-4.17.2_06-150500.3.12.1 * xen-libs-debuginfo-4.17.2_06-150500.3.12.1 * xen-debugsource-4.17.2_06-150500.3.12.1 * xen-libs-4.17.2_06-150500.3.12.1 * openSUSE Leap 15.5 (x86_64) * xen-libs-32bit-4.17.2_06-150500.3.12.1 * xen-libs-32bit-debuginfo-4.17.2_06-150500.3.12.1 * openSUSE Leap 15.5 (aarch64 x86_64) * xen-4.17.2_06-150500.3.12.1 * xen-tools-4.17.2_06-150500.3.12.1 * xen-doc-html-4.17.2_06-150500.3.12.1 * xen-tools-debuginfo-4.17.2_06-150500.3.12.1 * openSUSE Leap 15.5 (noarch) * xen-tools-xendomains-wait-disk-4.17.2_06-150500.3.12.1 * openSUSE Leap 15.5 (aarch64_ilp32) * xen-libs-64bit-debuginfo-4.17.2_06-150500.3.12.1 * xen-libs-64bit-4.17.2_06-150500.3.12.1 * SUSE Linux Enterprise Micro 5.5 (x86_64) * xen-debugsource-4.17.2_06-150500.3.12.1 * xen-libs-debuginfo-4.17.2_06-150500.3.12.1 * xen-libs-4.17.2_06-150500.3.12.1 * Basesystem Module 15-SP5 (x86_64) * xen-tools-domU-debuginfo-4.17.2_06-150500.3.12.1 * xen-tools-domU-4.17.2_06-150500.3.12.1 * xen-libs-debuginfo-4.17.2_06-150500.3.12.1 * xen-debugsource-4.17.2_06-150500.3.12.1 * xen-libs-4.17.2_06-150500.3.12.1 * Server Applications Module 15-SP5 (x86_64) * xen-4.17.2_06-150500.3.12.1 * xen-tools-debuginfo-4.17.2_06-150500.3.12.1 * xen-devel-4.17.2_06-150500.3.12.1 * xen-tools-4.17.2_06-150500.3.12.1 * xen-debugsource-4.17.2_06-150500.3.12.1 * Server Applications Module 15-SP5 (noarch) * xen-tools-xendomains-wait-disk-4.17.2_06-150500.3.12.1 ## References: * https://www.suse.com/security/cve/CVE-2023-34323.html * https://www.suse.com/security/cve/CVE-2023-34325.html * https://www.suse.com/security/cve/CVE-2023-34326.html * https://www.suse.com/security/cve/CVE-2023-34327.html * https://www.suse.com/security/cve/CVE-2023-34328.html * https://bugzilla.suse.com/show_bug.cgi?id=1215744 * https://bugzilla.suse.com/show_bug.cgi?id=1215746 * https://bugzilla.suse.com/show_bug.cgi?id=1215747 * https://bugzilla.suse.com/show_bug.cgi?id=1215748 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 12 12:46:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Oct 2023 12:46:15 -0000 Subject: SUSE-SU-2023:4065-1: important: Security update for opensc Message-ID: <169711477534.26972.14796251471633250184@smelt2.prg2.suse.org> # Security update for opensc Announcement ID: SUSE-SU-2023:4065-1 Rating: important References: * #1191957 * #1215761 Cross-References: * CVE-2021-42782 * CVE-2023-40661 CVSS scores: * CVE-2021-42782 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2021-42782 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-40661 ( SUSE ): 5.4 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for opensc fixes the following issues: * CVE-2021-42782: Fixed several stack buffer overflows (bsc#1191957). * CVE-2023-40661: Fixed several memory safety issues that could happen during the card enrollment process using pkcs15-init (bsc#1215761). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4065=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4065=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4065=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * opensc-0.13.0-3.25.1 * opensc-debuginfo-0.13.0-3.25.1 * opensc-debugsource-0.13.0-3.25.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * opensc-0.13.0-3.25.1 * opensc-debuginfo-0.13.0-3.25.1 * opensc-debugsource-0.13.0-3.25.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * opensc-0.13.0-3.25.1 * opensc-debuginfo-0.13.0-3.25.1 * opensc-debugsource-0.13.0-3.25.1 ## References: * https://www.suse.com/security/cve/CVE-2021-42782.html * https://www.suse.com/security/cve/CVE-2023-40661.html * https://bugzilla.suse.com/show_bug.cgi?id=1191957 * https://bugzilla.suse.com/show_bug.cgi?id=1215761 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 12 12:46:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Oct 2023 12:46:17 -0000 Subject: SUSE-SU-2023:4064-1: moderate: Security update for python-urllib3 Message-ID: <169711477725.26972.4538917655579415735@smelt2.prg2.suse.org> # Security update for python-urllib3 Announcement ID: SUSE-SU-2023:4064-1 Rating: moderate References: * #1215968 Cross-References: * CVE-2023-43804 CVSS scores: * CVE-2023-43804 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-43804 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for python-urllib3 fixes the following issues: * CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if the user manually set the corresponding header (bsc#1215968). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4064=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4064=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4064=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4064=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-4064=1 * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-4064=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch) * python3-urllib3-1.25.10-3.34.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * python3-urllib3-1.25.10-3.34.1 * python-urllib3-1.25.10-3.34.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * python3-urllib3-1.25.10-3.34.1 * python-urllib3-1.25.10-3.34.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * python3-urllib3-1.25.10-3.34.1 * python-urllib3-1.25.10-3.34.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (noarch) * python3-urllib3-1.25.10-3.34.1 * Public Cloud Module 12 (noarch) * python3-urllib3-1.25.10-3.34.1 * python-urllib3-1.25.10-3.34.1 ## References: * https://www.suse.com/security/cve/CVE-2023-43804.html * https://bugzilla.suse.com/show_bug.cgi?id=1215968 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 12 12:46:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Oct 2023 12:46:19 -0000 Subject: SUSE-RU-2023:4063-1: moderate: Recommended update for glibc Message-ID: <169711477932.26972.393392824934156184@smelt2.prg2.suse.org> # Recommended update for glibc Announcement ID: SUSE-RU-2023:4063-1 Rating: moderate References: * #1215286 * #1215504 * PED-4908 Cross-References: * CVE-2023-4813 CVSS scores: * CVE-2023-4813 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4813 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability, contains one feature and has one fix can now be installed. ## Description: This update of glibc fixes the following issues: Security issue fixed: * CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Other issues fixed: * S390: Fix relocation of _nl_current_LC_CATETORY_used in static build (bsc#1215504, BZ #19860) * added GB18030-2022 charmap (jsc#PED-4908, BZ #30243) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4063=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4063=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4063=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4063=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * glibc-debuginfo-2.22-114.31.1 * glibc-debugsource-2.22-114.31.1 * glibc-devel-static-2.22-114.31.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch) * glibc-info-2.22-114.31.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * glibc-devel-2.22-114.31.1 * glibc-2.22-114.31.1 * glibc-profile-2.22-114.31.1 * glibc-locale-debuginfo-2.22-114.31.1 * glibc-debugsource-2.22-114.31.1 * glibc-devel-debuginfo-2.22-114.31.1 * nscd-2.22-114.31.1 * nscd-debuginfo-2.22-114.31.1 * glibc-debuginfo-2.22-114.31.1 * glibc-locale-2.22-114.31.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * glibc-html-2.22-114.31.1 * glibc-info-2.22-114.31.1 * glibc-i18ndata-2.22-114.31.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * glibc-32bit-2.22-114.31.1 * glibc-devel-32bit-2.22-114.31.1 * glibc-devel-debuginfo-32bit-2.22-114.31.1 * glibc-locale-32bit-2.22-114.31.1 * glibc-profile-32bit-2.22-114.31.1 * glibc-locale-debuginfo-32bit-2.22-114.31.1 * glibc-debuginfo-32bit-2.22-114.31.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * glibc-devel-2.22-114.31.1 * glibc-2.22-114.31.1 * glibc-profile-2.22-114.31.1 * glibc-locale-debuginfo-2.22-114.31.1 * glibc-debugsource-2.22-114.31.1 * glibc-devel-debuginfo-2.22-114.31.1 * nscd-2.22-114.31.1 * nscd-debuginfo-2.22-114.31.1 * glibc-debuginfo-2.22-114.31.1 * glibc-locale-2.22-114.31.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * glibc-html-2.22-114.31.1 * glibc-info-2.22-114.31.1 * glibc-i18ndata-2.22-114.31.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * glibc-32bit-2.22-114.31.1 * glibc-devel-32bit-2.22-114.31.1 * glibc-devel-debuginfo-32bit-2.22-114.31.1 * glibc-locale-32bit-2.22-114.31.1 * glibc-profile-32bit-2.22-114.31.1 * glibc-locale-debuginfo-32bit-2.22-114.31.1 * glibc-debuginfo-32bit-2.22-114.31.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * glibc-devel-2.22-114.31.1 * glibc-2.22-114.31.1 * glibc-profile-2.22-114.31.1 * glibc-locale-debuginfo-2.22-114.31.1 * glibc-debugsource-2.22-114.31.1 * glibc-devel-debuginfo-2.22-114.31.1 * nscd-2.22-114.31.1 * nscd-debuginfo-2.22-114.31.1 * glibc-debuginfo-2.22-114.31.1 * glibc-locale-2.22-114.31.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * glibc-html-2.22-114.31.1 * glibc-info-2.22-114.31.1 * glibc-i18ndata-2.22-114.31.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * glibc-32bit-2.22-114.31.1 * glibc-devel-32bit-2.22-114.31.1 * glibc-devel-debuginfo-32bit-2.22-114.31.1 * glibc-locale-32bit-2.22-114.31.1 * glibc-profile-32bit-2.22-114.31.1 * glibc-locale-debuginfo-32bit-2.22-114.31.1 * glibc-debuginfo-32bit-2.22-114.31.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4813.html * https://bugzilla.suse.com/show_bug.cgi?id=1215286 * https://bugzilla.suse.com/show_bug.cgi?id=1215504 * https://jira.suse.com/browse/PED-4908 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 12 12:46:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Oct 2023 12:46:20 -0000 Subject: SUSE-SU-2023:4060-1: moderate: Security update for rage-encryption Message-ID: <169711478073.26972.14936407782796654575@smelt2.prg2.suse.org> # Security update for rage-encryption Announcement ID: SUSE-SU-2023:4060-1 Rating: moderate References: * #1215657 Cross-References: * CVE-2023-42811 CVSS scores: * CVE-2023-42811 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:N Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for rage-encryption fixes the following issues: -CVE-2023-42811: chosen ciphertext attack possible against aes-gcm (bsc#1215657) * update vendor.tar.zst to contain aes-gcm >= 0.10.3 * Update to version 0.9.2+0: * CI: Ensure `apt` repository is up-to-date before installing build deps * CI: Build Linux releases using `ubuntu-20.04` runner * CI: Remove most uses of `actions-rs` actions * Update to version 0.9.2+0: * Fix changelog bugs and add missing entry * Document `PINENTRY_PROGRAM` environment variable * age: Add `Decryptor::new_async_buffered` * age: `impl AsyncBufRead for ArmoredReader` * Pre-initialize vectors when the capacity is known, or use arrays * Use `PINENTRY_PROGRAM` as environment variable for `pinentry` * Document why `impl AsyncWrite for StreamWriter` doesn't loop indefinitely * cargo update * cargo vet prune * Migrate to `cargo-vet 0.7` * build(deps): bump svenstaro/upload-release-action from 2.5.0 to 2.6.1 * Correct spelling in documentation * build(deps): bump codecov/codecov-action from 3.1.1 to 3.1.4 * StreamWriter AsyncWrite: fix usage with futures::io::copy() * rage: Use `Decryptor::new_buffered` * age: Add `Decryptor::new_buffered` * age: `impl BufRead for ArmoredReader` * Update Homebrew formula to v0.9.1 * feat/pinentry: Use env var to define pinentry binary * Update to version 0.9.1+0: * ssh: Fix parsing of OpenSSH private key format * ssh: Support `aes256-gcm at openssh.com` ciphers for encrypted keys * ssh: Add `aes256-gcm at openssh.com` cipher to test cases * ssh: Extract common key material derivation logic for encrypted keys * ssh: Use associated constants for key and IV sizes * ssh: Add test cases for encrypted keys * Add shell completions for fish and zsh. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4060=1 openSUSE-SLE-15.5-2023-4060=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4060=1 ## Package List: * openSUSE Leap 15.5 (aarch64 x86_64) * rage-encryption-0.9.2+0-150500.3.3.1 * rage-encryption-debuginfo-0.9.2+0-150500.3.3.1 * openSUSE Leap 15.5 (noarch) * rage-encryption-zsh-completion-0.9.2+0-150500.3.3.1 * rage-encryption-bash-completion-0.9.2+0-150500.3.3.1 * rage-encryption-fish-completion-0.9.2+0-150500.3.3.1 * Basesystem Module 15-SP5 (aarch64 x86_64) * rage-encryption-0.9.2+0-150500.3.3.1 * rage-encryption-debuginfo-0.9.2+0-150500.3.3.1 * Basesystem Module 15-SP5 (noarch) * rage-encryption-bash-completion-0.9.2+0-150500.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-42811.html * https://bugzilla.suse.com/show_bug.cgi?id=1215657 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 12 12:46:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Oct 2023 12:46:23 -0000 Subject: SUSE-SU-2023:4059-1: important: Security update for samba Message-ID: <169711478345.26972.1908105423384962036@smelt2.prg2.suse.org> # Security update for samba Announcement ID: SUSE-SU-2023:4059-1 Rating: important References: * #1213940 * #1215904 * #1215905 * #1215908 Cross-References: * CVE-2023-4091 * CVE-2023-4154 * CVE-2023-42669 CVSS scores: * CVE-2023-4091 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2023-4154 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-42669 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves three vulnerabilities and has one security fix can now be installed. ## Description: This update for samba fixes the following issues: * CVE-2023-4091: Fixed a bug where a client can truncate file with read-only permissions. (bsc#1215904) * CVE-2023-42669: Fixed a bug in "rpcecho" development server which allows Denial of Service via sleep() call on AD DC. (bso#1215905) * CVE-2023-4154: Fixed a bug in dirsync which allows SYSTEM access with only "GUID_DRS_GET_CHANGES" right. (bsc#1215908) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4059=1 openSUSE-SLE-15.4-2023-4059=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4059=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4059=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4059=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4059=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4059=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-4059=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * samba-ad-dc-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-ad-dc-libs-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-client-libs-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-python3-4.15.13+git.691.3d3cea0641-150400.3.31.1 * libsamba-policy0-python3-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-ad-dc-libs-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-tool-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-client-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-ldb-ldap-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-gpupdate-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-winbind-libs-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-ad-dc-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-test-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-ldb-ldap-4.15.13+git.691.3d3cea0641-150400.3.31.1 * ctdb-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-dsdb-modules-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * libsamba-policy0-python3-4.15.13+git.691.3d3cea0641-150400.3.31.1 * libsamba-policy-python3-devel-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-libs-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-libs-python3-4.15.13+git.691.3d3cea0641-150400.3.31.1 * ctdb-pcp-pmda-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-devel-4.15.13+git.691.3d3cea0641-150400.3.31.1 * ctdb-pcp-pmda-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-winbind-libs-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-dsdb-modules-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-winbind-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-python3-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-test-4.15.13+git.691.3d3cea0641-150400.3.31.1 * libsamba-policy-devel-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-winbind-4.15.13+git.691.3d3cea0641-150400.3.31.1 * ctdb-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-client-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-libs-python3-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-debugsource-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-client-libs-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-libs-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * openSUSE Leap 15.4 (x86_64) * samba-winbind-libs-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * libsamba-policy0-python3-32bit-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-client-libs-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * libsamba-policy0-python3-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-libs-python3-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-libs-python3-32bit-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-libs-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-client-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-client-32bit-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-devel-32bit-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-ad-dc-libs-32bit-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-libs-32bit-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-client-libs-32bit-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-winbind-libs-32bit-4.15.13+git.691.3d3cea0641-150400.3.31.1 * openSUSE Leap 15.4 (noarch) * samba-doc-4.15.13+git.691.3d3cea0641-150400.3.31.1 * openSUSE Leap 15.4 (aarch64 x86_64) * samba-ceph-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-ceph-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libsamba-policy0-python3-64bit-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * libsamba-policy0-python3-64bit-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-ad-dc-libs-64bit-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-libs-64bit-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-winbind-libs-64bit-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-devel-64bit-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-client-libs-64bit-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-client-64bit-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-libs-python3-64bit-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-winbind-libs-64bit-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-libs-python3-64bit-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-ad-dc-libs-64bit-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-client-libs-64bit-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-client-64bit-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-libs-64bit-4.15.13+git.691.3d3cea0641-150400.3.31.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * samba-client-libs-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-libs-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-debugsource-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-client-libs-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-libs-4.15.13+git.691.3d3cea0641-150400.3.31.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * samba-client-libs-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-libs-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-debugsource-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-client-libs-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-libs-4.15.13+git.691.3d3cea0641-150400.3.31.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * samba-client-libs-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-libs-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-debugsource-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-client-libs-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-libs-4.15.13+git.691.3d3cea0641-150400.3.31.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * samba-client-libs-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-libs-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-debugsource-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-client-libs-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-libs-4.15.13+git.691.3d3cea0641-150400.3.31.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * samba-ad-dc-libs-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-client-libs-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-python3-4.15.13+git.691.3d3cea0641-150400.3.31.1 * libsamba-policy0-python3-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-ad-dc-libs-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-tool-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-client-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-ldb-ldap-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-gpupdate-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-winbind-libs-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-ldb-ldap-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-dsdb-modules-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * libsamba-policy0-python3-4.15.13+git.691.3d3cea0641-150400.3.31.1 * libsamba-policy-python3-devel-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-libs-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-libs-python3-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-devel-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-winbind-libs-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-dsdb-modules-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-winbind-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-python3-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-winbind-4.15.13+git.691.3d3cea0641-150400.3.31.1 * libsamba-policy-devel-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-client-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-libs-python3-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-debugsource-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-client-libs-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-libs-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * Basesystem Module 15-SP4 (aarch64 x86_64) * samba-ceph-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-ceph-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * Basesystem Module 15-SP4 (x86_64) * samba-winbind-libs-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-client-libs-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-libs-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-client-32bit-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-devel-32bit-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-ad-dc-libs-32bit-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-client-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-libs-32bit-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-client-libs-32bit-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-winbind-libs-32bit-4.15.13+git.691.3d3cea0641-150400.3.31.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * ctdb-4.15.13+git.691.3d3cea0641-150400.3.31.1 * ctdb-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-debuginfo-4.15.13+git.691.3d3cea0641-150400.3.31.1 * samba-debugsource-4.15.13+git.691.3d3cea0641-150400.3.31.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4091.html * https://www.suse.com/security/cve/CVE-2023-4154.html * https://www.suse.com/security/cve/CVE-2023-42669.html * https://bugzilla.suse.com/show_bug.cgi?id=1213940 * https://bugzilla.suse.com/show_bug.cgi?id=1215904 * https://bugzilla.suse.com/show_bug.cgi?id=1215905 * https://bugzilla.suse.com/show_bug.cgi?id=1215908 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 12 12:46:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Oct 2023 12:46:37 -0000 Subject: SUSE-SU-2023:4058-1: important: Security update for the Linux Kernel Message-ID: <169711479789.26972.9862371135929130950@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4058-1 Rating: important References: * #1065729 * #1152472 * #1187236 * #1201284 * #1202845 * #1206453 * #1208995 * #1210169 * #1210643 * #1210658 * #1212639 * #1212703 * #1213123 * #1213534 * #1213808 * #1214022 * #1214037 * #1214040 * #1214233 * #1214351 * #1214479 * #1214543 * #1214635 * #1214813 * #1214873 * #1214928 * #1214940 * #1214941 * #1214942 * #1214943 * #1214944 * #1214945 * #1214946 * #1214947 * #1214948 * #1214949 * #1214950 * #1214951 * #1214952 * #1214953 * #1214954 * #1214955 * #1214957 * #1214958 * #1214959 * #1214961 * #1214962 * #1214963 * #1214964 * #1214965 * #1214966 * #1214967 * #1214986 * #1214988 * #1214990 * #1214991 * #1214992 * #1214993 * #1214995 * #1214997 * #1214998 * #1215115 * #1215117 * #1215123 * #1215124 * #1215148 * #1215150 * #1215221 * #1215275 * #1215322 * #1215467 * #1215523 * #1215581 * #1215752 * #1215858 * #1215860 * #1215861 * #1215875 * #1215877 * #1215894 * #1215895 * #1215896 * #1215899 * #1215911 * #1215915 * #1215916 * #1215941 * #1215956 * #1215957 * PED-1549 * PED-2023 * PED-2025 Cross-References: * CVE-2023-1192 * CVE-2023-1206 * CVE-2023-1859 * CVE-2023-2177 * CVE-2023-37453 * CVE-2023-39192 * CVE-2023-39193 * CVE-2023-39194 * CVE-2023-40283 * CVE-2023-4155 * CVE-2023-42753 * CVE-2023-42754 * CVE-2023-4389 * CVE-2023-4622 * CVE-2023-4623 * CVE-2023-4881 * CVE-2023-4921 * CVE-2023-5345 CVSS scores: * CVE-2023-1192 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1206 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1206 ( NVD ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1859 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L * CVE-2023-1859 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2177 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2177 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-37453 ( SUSE ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-37453 ( NVD ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39192 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H * CVE-2023-39192 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L * CVE-2023-39193 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39193 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39194 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2023-39194 ( NVD ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2023-40283 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-40283 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4155 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-4155 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2023-42753 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-42754 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-42754 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4389 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-4389 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4881 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-4881 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2023-4921 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4921 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5345 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5345 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 18 vulnerabilities, contains three features and has 71 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858). * CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). * CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861). * CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467). * CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351). * CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation (bsc#1215899). * CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150). * CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table which could be exploited by network adjacent attackers, increasing CPU usage by 95% (bsc#1212703). * CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275). * CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123). * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117). * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). * CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages (bsc#1214022). * CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169). * CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). * CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system (bsc#1210643). * CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233). * CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995). The following non-security bugs were fixed: * ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs (git- fixes). * ALSA: hda/realtek: Splitting the UX3402 into two separate models (git- fixes). * ARM: pxa: remove use of symbol_get() (git-fixes). * ASoC: SOF: core: Only call sof_ops_free() on remove if the probe was successful (git-fixes). * ASoC: amd: yc: Fix non-functional mic on Lenovo 82QF and 82UG (git-fixes). * ASoC: hdaudio.c: Add missing check for devm_kstrdup (git-fixes). * ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes). * ASoC: meson: spdifin: start hw on dai probe (git-fixes). * ASoC: rt5640: Fix IRQ not being free-ed for HDA jack detect mode (git- fixes). * ASoC: rt5640: Fix sleep in atomic context (git-fixes). * ASoC: rt5640: Revert "Fix sleep in atomic context" (git-fixes). * ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes). * ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes). * Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (git-fixes). * Drivers: hv: vmbus: Bring the post_msg_page back for TDX VMs with the paravisor (bsc#1206453). * Drivers: hv: vmbus: Support >64 VPs for a fully enlightened TDX/SNP VM (bsc#1206453). * Drivers: hv: vmbus: Support fully enlightened TDX guests (bsc#1206453). * Drop amdgpu patch causing spamming (bsc#1215523). * Input: tca6416-keypad - fix interrupt enable disbalance (git-fixes). * KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git- fixes). * KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes). * KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911). * KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915). * KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896). * KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916). * KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894). * KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895). * KVM: x86/mmu: Include mmu.h in spte.h (git-fixes). * KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes). * NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes). * NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git- fixes). * NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes). * NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes). * NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes). * NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes). * NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes). * NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes). * PCI: Free released resource after coalescing (git-fixes). * RDMA/siw: Fabricate a GID on tun and loopback devices (git-fixes) * Revert "PCI: Mark NVIDIA T4 GPUs to avoid bus reset" (git-fixes). * Revert "scsi: qla2xxx: Fix buffer overrun" (bsc#1214928). * SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes). * USB: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes). * USB: serial: option: add Quectel EM05G variant (0x030e) (git-fixes). * arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git- fixes) * arm64/hyperv: Use CPUHP_AP_HYPERV_ONLINE state to fix CPU online sequencing (bsc#1206453). * arm64: csum: Fix OoB access in IP checksum code for negative lengths (git- fixes). * arm64: module-plts: inline linux/moduleloader.h (git-fixes) * arm64: module: Use module_init_layout_section() to spot init sections (git- fixes) * arm64: sdei: abort running SDEI handlers during crash (git-fixes) * arm64: tegra: Update AHUB clock parent and rate (git-fixes) * ata: libata: disallow dev-initiated LPM transitions to unsupported states (git-fixes). * ata: pata_falcon: fix IO base selection for Q40 (git-fixes). * ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes). * ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes). * backlight: gpio_backlight: Drop output GPIO direction check for initial power state (git-fixes). * blacklist.conf: workqueue: compiler warning on 32-bit systems with Clang (bsc#1215877) * blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986). * blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992). * block/mq-deadline: use correct way to throttling write requests (bsc#1214993). * bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322). * bpf: Clear the probe_addr for uprobe (git-fixes). * btrfs: do not hold CPU for too long when defragging a file (bsc#1214988). * clocksource: hyper-v: Mark hyperv tsc page unencrypted in sev-snp enlightened guest (bsc#1206453). * drivers: hv: Mark percpu hvcall input arg page unencrypted in SEV-SNP enlightened guest (bsc#1206453). * drm/amd/display: Add smu write msg id fail retry process (git-fixes). * drm/amd/display: Remove wait while locked (git-fixes). * drm/amd/display: enable cursor degamma for DCN3+ DRM legacy gamma (git- fixes). * drm/amd/display: fix the white screen issue when >= 64GB DRAM (git-fixes). * drm/amd/display: prevent potential division by zero errors (git-fixes). * drm/amd/display: register edp_backlight_control() for DCN301 (git-fixes). * drm/ast: Add BMC virtual connector (bsc#1152472) Backporting changes: * rename ast_device to ast_private * drm/ast: report connection status on Display Port. (bsc#1152472) Backporting changes: * rename ast_device to ast_private * context changes * drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808). * drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (git-fixes). * drm/i915/gvt: Put the page reference obtained by KVM's gfn_to_pfn() (git- fixes). * drm/i915/gvt: Verify pfn is "valid" before dereferencing "struct page" (git- fixes). * drm/i915: mark requests for GuC virtual engines to avoid use-after-free (git-fixes). * drm/meson: fix memory leak on ->hpd_notify callback (git-fixes). * drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes). * drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes). * drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (git-fixes). * ext4: Remove ext4 locking of moved directory (bsc#1214957). * ext4: avoid potential data overflow in next_linear_group (bsc#1214951). * ext4: correct inline offset when handling xattrs in inode body (bsc#1214950). * ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954). * ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943). * ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944). * ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942). * ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941). * ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940). * fs: Establish locking order for unrelated directories (bsc#1214958). * fs: Lock moved directories (bsc#1214959). * fs: do not update freeing inode i_io_list (bsc#1214813). * fs: lockd: avoid possible wrong NULL parameter (git-fixes). * fs: no need to check source (bsc#1215752). * fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE (bsc#1214813). * fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581). * gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479). * gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479). * gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479). * gve: Changes to add new TX queues (bsc#1214479). * gve: Control path for DQO-QPL (bsc#1214479). * gve: Fix gve interrupt names (bsc#1214479). * gve: RX path for DQO-QPL (bsc#1214479). * gve: Tx path for DQO-QPL (bsc#1214479). * gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479). * gve: XDP support GQI-QPL: helper function changes (bsc#1214479). * gve: fix frag_list chaining (bsc#1214479). * gve: trivial spell fix Recive to Receive (bsc#1214479). * gve: use vmalloc_array and vcalloc (bsc#1214479). * hwrng: virtio - Fix race on data_avail and actual data (git-fixes). * hwrng: virtio - add an internal buffer (git-fixes). * hwrng: virtio - always add a pending request (git-fixes). * hwrng: virtio - do not wait on cleanup (git-fixes). * hwrng: virtio - do not waste entropy (git-fixes). * i2c: aspeed: Reset the i2c controller when timeout occurs (git-fixes). * i3c: master: svc: fix probe failure when no i3c device exist (git-fixes). * i915/pmu: Move execlist stats initialization to execlist specific setup (git-fixes). * idr: fix param name in idr_alloc_cyclic() doc (git-fixes). * iommu/virtio: Detach domain on endpoint release (git-fixes). * iommu/virtio: Return size mapped for a detached domain (git-fixes). * jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948). * jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953). * jbd2: correct the end of the journal recovery scan range (bsc#1214955). * jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949). * jbd2: fix checkpoint cleanup performance regression (bsc#1214952). * jbd2: recheck chechpointing non-dirty buffer (bsc#1214945). * jbd2: remove journal_clean_one_cp_list() (bsc#1214947). * jbd2: remove t_checkpoint_io_list (bsc#1214946). * jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946). * kabi/severities: ignore mlx4 internal symbols * s390/ipl: add support for List-Directed dump from ECKD DASD (jsc#PED-2023, jsc#PED-2025). * kconfig: fix possible buffer overflow (git-fixes). * kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template. * kernel-binary: python3 is needed for build At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar scripts may exist. * kselftest/runner.sh: Propagate SIGTERM to runner child (git-fixes). * loop: Fix use-after-free issues (bsc#1214991). * loop: loop_set_status_from_info() check before assignment (bsc#1214990). * mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (bsc#1187236). * mlx4: Connect the ethernet part to the auxiliary bus (bsc#1187236). * mlx4: Connect the infiniband part to the auxiliary bus (bsc#1187236). * mlx4: Delete custom device management logic (bsc#1187236). * mlx4: Get rid of the mlx4_interface.activate callback (bsc#1187236). * mlx4: Get rid of the mlx4_interface.get_dev callback (bsc#1187236). * mlx4: Move the bond work to the core driver (bsc#1187236). * mlx4: Register mlx4 devices to an auxiliary virtual bus (bsc#1187236). * mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236). * mlx4: Replace the mlx4_interface.event callback with a notifier (bsc#1187236). * mlx4: Use 'void *' as the event param of mlx4_dispatch_event() (bsc#1187236). * module: Expose module_init_layout_section() (git-fixes) * net/mlx4: Remove many unnecessary NULL values (bsc#1187236). * net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes). * net: mana: Add page pool for RX buffers (bsc#1214040). * net: mana: Configure hwc timeout from hardware (bsc#1214037). * net: phy: micrel: Correct bit assignments for phy_device flags (git-fixes). * net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes). * nfs/blocklayout: Use the passed in gfp flags (git-fixes). * nfsd: Fix race to FREE_STATEID and cl_revoked (git-fixes). * nfsd: fix change_info in NFSv4 RENAME replies (git-fixes). * ntb: Clean up tx tail index on link down (git-fixes). * ntb: Drop packets when qp link is down (git-fixes). * ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes). * nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543). * nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284). * nvme-tcp: add recovery_delay to sysfs (bsc#1201284). * nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284). * nvme-tcp: make 'err_work' a delayed work (bsc#1201284). * pNFS: Fix assignment of xprtdata.cred (git-fixes). * platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (git-fixes). * platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (git- fixes). * platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes). * platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors (git-fixes). * platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git- fixes). * platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes). * platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes). * platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes). * powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582). * powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729). * powerpc/xics: Remove unnecessary endian conversion (bsc#1065729). * printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875). * pwm: lpc32xx: Remove handling of PWM channels (git-fixes). * quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961). * quota: add new helper dquot_active() (bsc#1214998). * quota: factor out dquot_write_dquot() (bsc#1214995). * quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963). * quota: fix warning in dqgrab() (bsc#1214962). * quota: rename dquot_active() to inode_quota_active() (bsc#1214997). * s390/dasd: fix hanging device after request requeue (git-fixes bsc#1215124). * s390/qeth: Do not call dev_close/dev_open (DOWN/UP) (bsc#1214873 git-fixes). * s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215148). * s390: add z16 elf platform (git-fixes bsc#1215956, bsc#1215957). * scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes). * scsi: 53c700: Check that command slot is not NULL (git-fixes). * scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes). * scsi: core: Fix possible memory leak if device_add() fails (git-fixes). * scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes). * scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE (git-fixes). * scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes). * scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git- fixes). * scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (git-fixes). * scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes). * scsi: lpfc: Remove reftag check in DIF paths (git-fixes). * scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658). * scsi: qedf: Fix NULL dereference in error handling (git-fixes). * scsi: qedf: Fix firmware halt over suspend and resume (git-fixes). * scsi: qedi: Fix firmware halt over suspend and resume (git-fixes). * scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928). * scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928). * scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928). * scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git- fixes). * scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928). * scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928). * scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928). * scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928). * scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928). * scsi: qla2xxx: Remove unused declarations (bsc#1214928). * scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928). * scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928). * scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes). * scsi: scsi_debug: Remove dead code (git-fixes). * scsi: snic: Fix double free in snic_tgt_create() (git-fixes). * scsi: snic: Fix possible memory leak if device_add() fails (git-fixes). * scsi: storvsc: Handle additional SRB status values (git-fixes). * scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941). * selftests: mlxsw: Fix test failure on Spectrum-4 (jsc#PED-1549). * selftests: tracing: Fix to unmount tracefs for recovering environment (git- fixes). * spi: Add TPM HW flow flag (bsc#1213534) * spi: tegra210-quad: Enable TPM wait polling (bsc#1213534) * spi: tegra210-quad: set half duplex flag (bsc#1213534) * tcpm: Avoid soft reset when partner does not support get_status (git-fixes). * tpm_tis_spi: Add hardware wait polling (bsc#1213534) * tracing: Fix race issue between cpu buffer write and swap (git-fixes). * tracing: Remove extra space at the end of hwlat_detector/mode (git-fixes). * tracing: Remove unnecessary copying of tr->current_trace (git-fixes). * uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes). * udf: Fix extension of the last extent in the file (bsc#1214964). * udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965). * udf: Fix off-by-one error when discarding preallocation (bsc#1214966). * udf: Fix uninitialized array access for some pathnames (bsc#1214967). * uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes). * usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes). * usb: ehci: move new member has_ci_pec_bug into hole (git-fixes). * usb: typec: tcpci: clear the fault status bit (git-fixes). * usb: typec: tcpci: move tcpci.h to include/linux/usb/ (git-fixes). * vhost-scsi: unbreak any layout for response (git-fixes). * vhost: allow batching hint without size (git-fixes). * vhost: fix hung thread due to erroneous iotlb entries (git-fixes). * vhost: handle error while adding split ranges to iotlb (git-fixes). * vhost_vdpa: fix the crash in unmap a large memory (git-fixes). * virtio-blk: set req->state to MQ_RQ_COMPLETE after polling I/O is finished (git-fixes). * virtio-mmio: do not break lifecycle of vm_dev (git-fixes). * virtio-net: fix race between set queues and probe (git-fixes). * virtio-net: set queues after driver_ok (git-fixes). * virtio-rng: make device ready before making request (git-fixes). * virtio: acknowledge all features before access (git-fixes). * virtio_net: Fix probe failed when modprobe virtio_net (git-fixes). * virtio_net: add checking sq is full inside xdp xmit (git-fixes). * virtio_net: reorder some funcs (git-fixes). * virtio_net: separate the logic of checking whether sq is full (git-fixes). * virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes). * vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582). * watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (git-fixes). * word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729). * x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git- fixes). * x86/alternative: Fix race in try_get_desc() (git-fixes). * x86/boot/e820: Fix typo in e820.c comment (git-fixes). * x86/bugs: Reset speculation control settings on init (git-fixes). * x86/coco: Allow CPU online/offline for a TDX VM with the paravisor on Hyper-V (bsc#1206453). * x86/coco: Export cc_vendor (bsc#1206453). * x86/cpu: Add Lunar Lake M (git-fixes). * x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes). * x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git- fixes). * x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git- fixes). * x86/hyperv: Add VTL specific structs and hypercalls (bsc#1206453). * x86/hyperv: Add hv_isolation_type_tdx() to detect TDX guests (bsc#1206453). * x86/hyperv: Add hv_write_efer() for a TDX VM with the paravisor (bsc#1206453). * x86/hyperv: Add hyperv-specific handling for VMMCALL under SEV-ES (bsc#1206453). * x86/hyperv: Add missing 'inline' to hv_snp_boot_ap() stub (bsc#1206453). * x86/hyperv: Add sev-snp enlightened guest static key (bsc#1206453) * x86/hyperv: Add smp support for SEV-SNP guest (bsc#1206453). * x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline (bsc#1206453). * x86/hyperv: Fix serial console interrupts for fully enlightened TDX guests (bsc#1206453). * x86/hyperv: Fix undefined reference to isolation_type_en_snp without CONFIG_HYPERV (bsc#1206453). * x86/hyperv: Introduce a global variable hyperv_paravisor_present (bsc#1206453). * x86/hyperv: Mark Hyper-V vp assist page unencrypted in SEV-SNP enlightened guest (bsc#1206453). * x86/hyperv: Mark hv_ghcb_terminate() as noreturn (bsc#1206453). * x86/hyperv: Move the code in ivm.c around to avoid unnecessary ifdef's (bsc#1206453). * x86/hyperv: Remove hv_isolation_type_en_snp (bsc#1206453). * x86/hyperv: Set Virtual Trust Level in VMBus init message (bsc#1206453). * x86/hyperv: Support hypercalls for fully enlightened TDX guests (bsc#1206453). * x86/hyperv: Use TDX GHCI to access some MSRs in a TDX VM with the paravisor (bsc#1206453). * x86/hyperv: Use vmmcall to implement Hyper-V hypercall in sev-snp enlightened guest (bsc#1206453). * x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes). * x86/ioapic: Do not return 0 from arch_dynirq_lower_bound() (git-fixes). * x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git- fixes). * x86/mce: Retrieve poison range from hardware (git-fixes). * x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes). * x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes). * x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes). * x86/purgatory: remove PGO flags (git-fixes). * x86/reboot: Disable virtualization in an emergency if SVM is supported (git- fixes). * x86/resctl: fix scheduler confusion with 'current' (git-fixes). * x86/resctrl: Fix task CLOSID/RMID update race (git-fixes). * x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes). * x86/rtc: Remove __init for runtime functions (git-fixes). * x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635). * x86/sgx: Reduce delay and interference of enclave release (git-fixes). * x86/srso: Do not probe microcode in a guest (git-fixes). * x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes). * x86/srso: Fix srso_show_state() side effect (git-fixes). * x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes). * x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes). * xen: remove a confusing comment on auto-translated guest I/O (git-fixes). * xprtrdma: Remap Receive buffers after a reconnect (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4058=1 SUSE-2023-4058=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-4058=1 ## Package List: * openSUSE Leap 15.5 (aarch64 x86_64) * kselftests-kmp-azure-debuginfo-5.14.21-150500.33.20.1 * kernel-azure-debugsource-5.14.21-150500.33.20.1 * dlm-kmp-azure-5.14.21-150500.33.20.1 * reiserfs-kmp-azure-5.14.21-150500.33.20.1 * kernel-azure-devel-5.14.21-150500.33.20.1 * ocfs2-kmp-azure-debuginfo-5.14.21-150500.33.20.1 * kernel-azure-extra-debuginfo-5.14.21-150500.33.20.1 * ocfs2-kmp-azure-5.14.21-150500.33.20.1 * kernel-azure-devel-debuginfo-5.14.21-150500.33.20.1 * cluster-md-kmp-azure-debuginfo-5.14.21-150500.33.20.1 * kernel-azure-livepatch-devel-5.14.21-150500.33.20.1 * kselftests-kmp-azure-5.14.21-150500.33.20.1 * gfs2-kmp-azure-5.14.21-150500.33.20.1 * reiserfs-kmp-azure-debuginfo-5.14.21-150500.33.20.1 * gfs2-kmp-azure-debuginfo-5.14.21-150500.33.20.1 * cluster-md-kmp-azure-5.14.21-150500.33.20.1 * kernel-azure-optional-debuginfo-5.14.21-150500.33.20.1 * kernel-azure-optional-5.14.21-150500.33.20.1 * kernel-syms-azure-5.14.21-150500.33.20.1 * dlm-kmp-azure-debuginfo-5.14.21-150500.33.20.1 * kernel-azure-extra-5.14.21-150500.33.20.1 * kernel-azure-debuginfo-5.14.21-150500.33.20.1 * openSUSE Leap 15.5 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150500.33.20.1 * openSUSE Leap 15.5 (x86_64) * kernel-azure-vdso-debuginfo-5.14.21-150500.33.20.1 * kernel-azure-vdso-5.14.21-150500.33.20.1 * openSUSE Leap 15.5 (noarch) * kernel-source-azure-5.14.21-150500.33.20.1 * kernel-devel-azure-5.14.21-150500.33.20.1 * Public Cloud Module 15-SP5 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150500.33.20.1 * Public Cloud Module 15-SP5 (aarch64 x86_64) * kernel-azure-debugsource-5.14.21-150500.33.20.1 * kernel-azure-devel-debuginfo-5.14.21-150500.33.20.1 * kernel-azure-devel-5.14.21-150500.33.20.1 * kernel-syms-azure-5.14.21-150500.33.20.1 * kernel-azure-debuginfo-5.14.21-150500.33.20.1 * Public Cloud Module 15-SP5 (noarch) * kernel-source-azure-5.14.21-150500.33.20.1 * kernel-devel-azure-5.14.21-150500.33.20.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1192.html * https://www.suse.com/security/cve/CVE-2023-1206.html * https://www.suse.com/security/cve/CVE-2023-1859.html * https://www.suse.com/security/cve/CVE-2023-2177.html * https://www.suse.com/security/cve/CVE-2023-37453.html * https://www.suse.com/security/cve/CVE-2023-39192.html * https://www.suse.com/security/cve/CVE-2023-39193.html * https://www.suse.com/security/cve/CVE-2023-39194.html * https://www.suse.com/security/cve/CVE-2023-40283.html * https://www.suse.com/security/cve/CVE-2023-4155.html * https://www.suse.com/security/cve/CVE-2023-42753.html * https://www.suse.com/security/cve/CVE-2023-42754.html * https://www.suse.com/security/cve/CVE-2023-4389.html * https://www.suse.com/security/cve/CVE-2023-4622.html * https://www.suse.com/security/cve/CVE-2023-4623.html * https://www.suse.com/security/cve/CVE-2023-4881.html * https://www.suse.com/security/cve/CVE-2023-4921.html * https://www.suse.com/security/cve/CVE-2023-5345.html * https://bugzilla.suse.com/show_bug.cgi?id=1065729 * https://bugzilla.suse.com/show_bug.cgi?id=1152472 * https://bugzilla.suse.com/show_bug.cgi?id=1187236 * https://bugzilla.suse.com/show_bug.cgi?id=1201284 * https://bugzilla.suse.com/show_bug.cgi?id=1202845 * https://bugzilla.suse.com/show_bug.cgi?id=1206453 * https://bugzilla.suse.com/show_bug.cgi?id=1208995 * https://bugzilla.suse.com/show_bug.cgi?id=1210169 * https://bugzilla.suse.com/show_bug.cgi?id=1210643 * https://bugzilla.suse.com/show_bug.cgi?id=1210658 * https://bugzilla.suse.com/show_bug.cgi?id=1212639 * https://bugzilla.suse.com/show_bug.cgi?id=1212703 * https://bugzilla.suse.com/show_bug.cgi?id=1213123 * https://bugzilla.suse.com/show_bug.cgi?id=1213534 * https://bugzilla.suse.com/show_bug.cgi?id=1213808 * https://bugzilla.suse.com/show_bug.cgi?id=1214022 * https://bugzilla.suse.com/show_bug.cgi?id=1214037 * https://bugzilla.suse.com/show_bug.cgi?id=1214040 * https://bugzilla.suse.com/show_bug.cgi?id=1214233 * https://bugzilla.suse.com/show_bug.cgi?id=1214351 * https://bugzilla.suse.com/show_bug.cgi?id=1214479 * https://bugzilla.suse.com/show_bug.cgi?id=1214543 * https://bugzilla.suse.com/show_bug.cgi?id=1214635 * https://bugzilla.suse.com/show_bug.cgi?id=1214813 * https://bugzilla.suse.com/show_bug.cgi?id=1214873 * https://bugzilla.suse.com/show_bug.cgi?id=1214928 * https://bugzilla.suse.com/show_bug.cgi?id=1214940 * https://bugzilla.suse.com/show_bug.cgi?id=1214941 * https://bugzilla.suse.com/show_bug.cgi?id=1214942 * https://bugzilla.suse.com/show_bug.cgi?id=1214943 * https://bugzilla.suse.com/show_bug.cgi?id=1214944 * https://bugzilla.suse.com/show_bug.cgi?id=1214945 * https://bugzilla.suse.com/show_bug.cgi?id=1214946 * https://bugzilla.suse.com/show_bug.cgi?id=1214947 * https://bugzilla.suse.com/show_bug.cgi?id=1214948 * https://bugzilla.suse.com/show_bug.cgi?id=1214949 * https://bugzilla.suse.com/show_bug.cgi?id=1214950 * https://bugzilla.suse.com/show_bug.cgi?id=1214951 * https://bugzilla.suse.com/show_bug.cgi?id=1214952 * https://bugzilla.suse.com/show_bug.cgi?id=1214953 * https://bugzilla.suse.com/show_bug.cgi?id=1214954 * https://bugzilla.suse.com/show_bug.cgi?id=1214955 * https://bugzilla.suse.com/show_bug.cgi?id=1214957 * https://bugzilla.suse.com/show_bug.cgi?id=1214958 * https://bugzilla.suse.com/show_bug.cgi?id=1214959 * https://bugzilla.suse.com/show_bug.cgi?id=1214961 * https://bugzilla.suse.com/show_bug.cgi?id=1214962 * https://bugzilla.suse.com/show_bug.cgi?id=1214963 * https://bugzilla.suse.com/show_bug.cgi?id=1214964 * https://bugzilla.suse.com/show_bug.cgi?id=1214965 * https://bugzilla.suse.com/show_bug.cgi?id=1214966 * https://bugzilla.suse.com/show_bug.cgi?id=1214967 * https://bugzilla.suse.com/show_bug.cgi?id=1214986 * https://bugzilla.suse.com/show_bug.cgi?id=1214988 * https://bugzilla.suse.com/show_bug.cgi?id=1214990 * https://bugzilla.suse.com/show_bug.cgi?id=1214991 * https://bugzilla.suse.com/show_bug.cgi?id=1214992 * https://bugzilla.suse.com/show_bug.cgi?id=1214993 * https://bugzilla.suse.com/show_bug.cgi?id=1214995 * https://bugzilla.suse.com/show_bug.cgi?id=1214997 * https://bugzilla.suse.com/show_bug.cgi?id=1214998 * https://bugzilla.suse.com/show_bug.cgi?id=1215115 * https://bugzilla.suse.com/show_bug.cgi?id=1215117 * https://bugzilla.suse.com/show_bug.cgi?id=1215123 * https://bugzilla.suse.com/show_bug.cgi?id=1215124 * https://bugzilla.suse.com/show_bug.cgi?id=1215148 * https://bugzilla.suse.com/show_bug.cgi?id=1215150 * https://bugzilla.suse.com/show_bug.cgi?id=1215221 * https://bugzilla.suse.com/show_bug.cgi?id=1215275 * https://bugzilla.suse.com/show_bug.cgi?id=1215322 * https://bugzilla.suse.com/show_bug.cgi?id=1215467 * https://bugzilla.suse.com/show_bug.cgi?id=1215523 * https://bugzilla.suse.com/show_bug.cgi?id=1215581 * https://bugzilla.suse.com/show_bug.cgi?id=1215752 * https://bugzilla.suse.com/show_bug.cgi?id=1215858 * https://bugzilla.suse.com/show_bug.cgi?id=1215860 * https://bugzilla.suse.com/show_bug.cgi?id=1215861 * https://bugzilla.suse.com/show_bug.cgi?id=1215875 * https://bugzilla.suse.com/show_bug.cgi?id=1215877 * https://bugzilla.suse.com/show_bug.cgi?id=1215894 * https://bugzilla.suse.com/show_bug.cgi?id=1215895 * https://bugzilla.suse.com/show_bug.cgi?id=1215896 * https://bugzilla.suse.com/show_bug.cgi?id=1215899 * https://bugzilla.suse.com/show_bug.cgi?id=1215911 * https://bugzilla.suse.com/show_bug.cgi?id=1215915 * https://bugzilla.suse.com/show_bug.cgi?id=1215916 * https://bugzilla.suse.com/show_bug.cgi?id=1215941 * https://bugzilla.suse.com/show_bug.cgi?id=1215956 * https://bugzilla.suse.com/show_bug.cgi?id=1215957 * https://jira.suse.com/browse/PED-1549 * https://jira.suse.com/browse/PED-2023 * https://jira.suse.com/browse/PED-2025 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 12 12:46:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Oct 2023 12:46:42 -0000 Subject: SUSE-SU-2023:4057-1: important: Security update for the Linux Kernel Message-ID: <169711480288.26972.770728636170173806@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4057-1 Rating: important References: * #1202845 * #1213772 * #1213808 * #1214928 * #1214943 * #1214944 * #1214950 * #1214951 * #1214954 * #1214957 * #1214986 * #1214988 * #1214992 * #1214993 * #1215322 * #1215523 * #1215877 * #1215894 * #1215895 * #1215896 * #1215911 * #1215915 * #1215916 Cross-References: * CVE-2023-1192 * CVE-2023-1206 * CVE-2023-1859 * CVE-2023-2177 * CVE-2023-37453 * CVE-2023-39192 * CVE-2023-39193 * CVE-2023-39194 * CVE-2023-4155 * CVE-2023-42753 * CVE-2023-42754 * CVE-2023-4389 * CVE-2023-4563 * CVE-2023-4622 * CVE-2023-4623 * CVE-2023-4881 * CVE-2023-4921 * CVE-2023-5345 CVSS scores: * CVE-2023-1192 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1206 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1206 ( NVD ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1859 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L * CVE-2023-1859 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2177 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2177 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-37453 ( SUSE ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-37453 ( NVD ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39192 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H * CVE-2023-39192 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L * CVE-2023-39193 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39193 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39194 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2023-39194 ( NVD ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2023-4155 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-4155 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2023-42753 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-42754 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-42754 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4389 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-4389 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4563 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N * CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4881 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-4881 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2023-4921 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4921 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5345 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5345 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * Public Cloud Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves 18 vulnerabilities and has five security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-4563: Fixed an use-after-free flaw in the nftables sub-component. This vulnerability could allow a local attacker to crash the system or lead to a kernel information leak problem. (bsc#1214727) * CVE-2023-39194: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215861) * CVE-2023-39193: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215860) * CVE-2023-39192: Fixed a flaw in the u32_match_it function which could allow a local attackers to disclose sensitive information. (bsc#1215858) * CVE-2023-42754: Fixed a null pointer dereference in ipv4_link_failure which could lead an authenticated attacker to trigger a DoS. (bsc#1215467) * CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215899) * CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages. (bsc#1214022) * CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351). * CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150). * CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703). * CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275). * CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123). * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117). * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). * CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169). * CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). * CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system (bsc#1210643). * CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995). The following non-security bugs were fixed: * ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs (git- fixes). * ALSA: hda/realtek: Splitting the UX3402 into two separate models (git- fixes). * ARM: pxa: remove use of symbol_get() (git-fixes). * arm64: csum: Fix OoB access in IP checksum code for negative lengths (git- fixes). * arm64: module-plts: inline linux/moduleloader.h (git-fixes) * arm64: module: Use module_init_layout_section() to spot init sections (git- fixes) * arm64: sdei: abort running SDEI handlers during crash (git-fixes) * arm64: tegra: Update AHUB clock parent and rate (git-fixes) * arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git- fixes) * ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes). * ASoC: meson: spdifin: start hw on dai probe (git-fixes). * ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes). * ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes). * ata: libata: disallow dev-initiated LPM transitions to unsupported states (git-fixes). * ata: pata_falcon: fix IO base selection for Q40 (git-fixes). * ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes). * ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes). * backlight: gpio_backlight: Drop output GPIO direction check for initial power state (git-fixes). * blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986). * blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992). * block/mq-deadline: use correct way to throttling write requests (bsc#1214993). * Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (git-fixes). * bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322). * bpf: Clear the probe_addr for uprobe (git-fixes). * btrfs: do not hold CPU for too long when defragging a file (bsc#1214988). * drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (git-fixes). * drm/amd/display: fix the white screen issue when >= 64GB DRAM (git-fixes). * drm/amd/display: prevent potential division by zero errors (git-fixes). * drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808). * drm/i915: mark requests for GuC virtual engines to avoid use-after-free (git-fixes). * drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (git-fixes). * drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes). * drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes). * ext4: avoid potential data overflow in next_linear_group (bsc#1214951). * ext4: correct inline offset when handling xattrs in inode body (bsc#1214950). * ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954). * ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943). * ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944). * ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942). * ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941). * ext4: Remove ext4 locking of moved directory (bsc#1214957). * ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940). * fs: do not update freeing inode i_io_list (bsc#1214813). * fs: Establish locking order for unrelated directories (bsc#1214958). * fs: Lock moved directories (bsc#1214959). * fs: lockd: avoid possible wrong NULL parameter (git-fixes). * fs: no need to check source (bsc#1215752). * fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE (bsc#1214813). * fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581). * gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479). * gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479). * gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479). * gve: Changes to add new TX queues (bsc#1214479). * gve: Control path for DQO-QPL (bsc#1214479). * gve: fix frag_list chaining (bsc#1214479). * gve: Fix gve interrupt names (bsc#1214479). * gve: RX path for DQO-QPL (bsc#1214479). * gve: trivial spell fix Recive to Receive (bsc#1214479). * gve: Tx path for DQO-QPL (bsc#1214479). * gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479). * gve: use vmalloc_array and vcalloc (bsc#1214479). * gve: XDP support GQI-QPL: helper function changes (bsc#1214479). * hwrng: virtio - add an internal buffer (git-fixes). * hwrng: virtio - always add a pending request (git-fixes). * hwrng: virtio - do not wait on cleanup (git-fixes). * hwrng: virtio - do not waste entropy (git-fixes). * hwrng: virtio - Fix race on data_avail and actual data (git-fixes). * i2c: aspeed: Reset the i2c controller when timeout occurs (git-fixes). * i3c: master: svc: fix probe failure when no i3c device exist (git-fixes). * idr: fix param name in idr_alloc_cyclic() doc (git-fixes). * Input: tca6416-keypad - fix interrupt enable disbalance (git-fixes). * iommu/virtio: Detach domain on endpoint release (git-fixes). * jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953). * jbd2: correct the end of the journal recovery scan range (bsc#1214955). * jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949). * jbd2: fix checkpoint cleanup performance regression (bsc#1214952). * jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948). * jbd2: recheck chechpointing non-dirty buffer (bsc#1214945). * jbd2: remove journal_clean_one_cp_list() (bsc#1214947). * jbd2: remove t_checkpoint_io_list (bsc#1214946). * jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946). * kabi/severities: ignore mlx4 internal symbols * kconfig: fix possible buffer overflow (git-fixes). * KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915). * KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896). * KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916). * KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894). * KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895). * KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911). * KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git- fixes). * KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes). * KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772). * KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes). * KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes). * KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (bsc#1213772). * KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (bsc#1213772). * KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772). * KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes). * KVM: x86/mmu: Include mmu.h in spte.h (git-fixes). * loop: Fix use-after-free issues (bsc#1214991). * loop: loop_set_status_from_info() check before assignment (bsc#1214990). * mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (bsc#1187236). * mlx4: Connect the ethernet part to the auxiliary bus (bsc#1187236). * mlx4: Connect the infiniband part to the auxiliary bus (bsc#1187236). * mlx4: Delete custom device management logic (bsc#1187236). * mlx4: Get rid of the mlx4_interface.activate callback (bsc#1187236). * mlx4: Get rid of the mlx4_interface.get_dev callback (bsc#1187236). * mlx4: Move the bond work to the core driver (bsc#1187236). * mlx4: Register mlx4 devices to an auxiliary virtual bus (bsc#1187236). * mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236). * mlx4: Replace the mlx4_interface.event callback with a notifier (bsc#1187236). * mlx4: Use 'void *' as the event param of mlx4_dispatch_event() (bsc#1187236). * module: Expose module_init_layout_section() (git-fixes) * net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes). * net: mana: Add page pool for RX buffers (bsc#1214040). * net: mana: Configure hwc timeout from hardware (bsc#1214037). * net: phy: micrel: Correct bit assignments for phy_device flags (git-fixes). * net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes). * net/mlx4: Remove many unnecessary NULL values (bsc#1187236). * NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git- fixes). * nfs/blocklayout: Use the passed in gfp flags (git-fixes). * NFS/pNFS: Fix assignment of xprtdata.cred (git-fixes). * NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes). * NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes). * NFSD: fix change_info in NFSv4 RENAME replies (git-fixes). * NFSD: Fix race to FREE_STATEID and cl_revoked (git-fixes). * NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes). * NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes). * NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes). * NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes). * NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes). * ntb: Clean up tx tail index on link down (git-fixes). * ntb: Drop packets when qp link is down (git-fixes). * ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes). * nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543). * nvme-tcp: add recovery_delay to sysfs (bsc#1201284). * nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284). * nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284). * nvme-tcp: make 'err_work' a delayed work (bsc#1201284). * PCI: Free released resource after coalescing (git-fixes). * platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (git-fixes). * platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (git- fixes). * platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes). * platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors (git-fixes). * platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git- fixes). * platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes). * platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes). * platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes). * powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582). * powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729). * powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051). * powerpc/xics: Remove unnecessary endian conversion (bsc#1065729). * printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875). * pwm: lpc32xx: Remove handling of PWM channels (git-fixes). * quota: add new helper dquot_active() (bsc#1214998). * quota: factor out dquot_write_dquot() (bsc#1214995). * quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963). * quota: fix warning in dqgrab() (bsc#1214962). * quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961). * quota: rename dquot_active() to inode_quota_active() (bsc#1214997). * s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956 LTC#203788 bsc#1215957). * s390/qeth: Do not call dev_close/dev_open (DOWN/UP) (bsc#1214873 git-fixes). * s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215148). * scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes). * scsi: 53c700: Check that command slot is not NULL (git-fixes). * scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes). * scsi: core: Fix possible memory leak if device_add() fails (git-fixes). * scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes). * scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE (git-fixes). * scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes). * scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git- fixes). * scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (git-fixes). * scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes). * scsi: lpfc: Remove reftag check in DIF paths (git-fixes). * scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658). * scsi: qedf: Fix firmware halt over suspend and resume (git-fixes). * scsi: qedf: Fix NULL dereference in error handling (git-fixes). * scsi: qedi: Fix firmware halt over suspend and resume (git-fixes). * scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928). * scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928). * scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928). * scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928). * scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git- fixes). * scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928). * scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928). * scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928). * scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928). * scsi: qla2xxx: Remove unused declarations (bsc#1214928). * scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928). * scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928). * scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes). * scsi: scsi_debug: Remove dead code (git-fixes). * scsi: snic: Fix double free in snic_tgt_create() (git-fixes). * scsi: snic: Fix possible memory leak if device_add() fails (git-fixes). * scsi: storvsc: Handle additional SRB status values (git-fixes). * scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941). * selftests: tracing: Fix to unmount tracefs for recovering environment (git- fixes). * SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes). * tcpm: Avoid soft reset when partner does not support get_status (git-fixes). * tracing: Fix race issue between cpu buffer write and swap (git-fixes). * tracing: Remove extra space at the end of hwlat_detector/mode (git-fixes). * tracing: Remove unnecessary copying of tr->current_trace (git-fixes). * uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes). * udf: Fix extension of the last extent in the file (bsc#1214964). * udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965). * udf: Fix off-by-one error when discarding preallocation (bsc#1214966). * udf: Fix uninitialized array access for some pathnames (bsc#1214967). * uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes). * usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes). * usb: ehci: move new member has_ci_pec_bug into hole (git-fixes). * usb: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes). * usb: serial: option: add Quectel EM05G variant (0x030e) (git-fixes). * usb: typec: tcpci: clear the fault status bit (git-fixes). * usb: typec: tcpci: move tcpci.h to include/linux/usb/ (git-fixes). * vhost_vdpa: fix the crash in unmap a large memory (git-fixes). * vhost-scsi: unbreak any layout for response (git-fixes). * vhost: allow batching hint without size (git-fixes). * vhost: fix hung thread due to erroneous iotlb entries (git-fixes). * vhost: handle error while adding split ranges to iotlb (git-fixes). * virtio_net: add checking sq is full inside xdp xmit (git-fixes). * virtio_net: Fix probe failed when modprobe virtio_net (git-fixes). * virtio_net: reorder some funcs (git-fixes). * virtio_net: separate the logic of checking whether sq is full (git-fixes). * virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes). * virtio-mmio: do not break lifecycle of vm_dev (git-fixes). * virtio-net: fix race between set queues and probe (git-fixes). * virtio-net: set queues after driver_ok (git-fixes). * virtio-rng: make device ready before making request (git-fixes). * virtio: acknowledge all features before access (git-fixes). * vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582). * watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (git-fixes). * word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729). * x86/alternative: Fix race in try_get_desc() (git-fixes). * x86/boot/e820: Fix typo in e820.c comment (git-fixes). * x86/bugs: Reset speculation control settings on init (git-fixes). * x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772). * x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772). * x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772). * x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (bsc#1213772). * x86/cpu: Add Lunar Lake M (git-fixes). * x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes). * x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772). * x86/cpu: Support AMD Automatic IBRS (bsc#1213772). * x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git- fixes). * x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git- fixes). * x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes). * x86/ioapic: Do not return 0 from arch_dynirq_lower_bound() (git-fixes). * x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git- fixes). * x86/mce: Retrieve poison range from hardware (git-fixes). * x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes). * x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes). * x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes). * x86/purgatory: remove PGO flags (git-fixes). * x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git- fixes). * x86/reboot: Disable virtualization in an emergency if SVM is supported (git- fixes). * x86/resctl: fix scheduler confusion with 'current' (git-fixes). * x86/resctrl: Fix task CLOSID/RMID update race (git-fixes). * x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes). * x86/rtc: Remove __init for runtime functions (git-fixes). * x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635). * x86/sgx: Reduce delay and interference of enclave release (git-fixes). * x86/srso: Do not probe microcode in a guest (git-fixes). * x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes). * x86/srso: Fix srso_show_state() side effect (git-fixes). * x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes). * x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes). * xen: remove a confusing comment on auto-translated guest I/O (git-fixes). * xprtrdma: Remap Receive buffers after a reconnect (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4057=1 openSUSE-SLE-15.4-2023-4057=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-4057=1 ## Package List: * openSUSE Leap 15.4 (aarch64 x86_64) * kernel-azure-optional-debuginfo-5.14.21-150400.14.69.1 * kernel-syms-azure-5.14.21-150400.14.69.1 * kernel-azure-debugsource-5.14.21-150400.14.69.1 * kernel-azure-optional-5.14.21-150400.14.69.1 * ocfs2-kmp-azure-5.14.21-150400.14.69.1 * cluster-md-kmp-azure-debuginfo-5.14.21-150400.14.69.1 * ocfs2-kmp-azure-debuginfo-5.14.21-150400.14.69.1 * dlm-kmp-azure-debuginfo-5.14.21-150400.14.69.1 * kernel-azure-debuginfo-5.14.21-150400.14.69.1 * cluster-md-kmp-azure-5.14.21-150400.14.69.1 * kernel-azure-devel-debuginfo-5.14.21-150400.14.69.1 * kernel-azure-extra-debuginfo-5.14.21-150400.14.69.1 * gfs2-kmp-azure-debuginfo-5.14.21-150400.14.69.1 * kselftests-kmp-azure-5.14.21-150400.14.69.1 * reiserfs-kmp-azure-5.14.21-150400.14.69.1 * kernel-azure-livepatch-devel-5.14.21-150400.14.69.1 * kernel-azure-extra-5.14.21-150400.14.69.1 * dlm-kmp-azure-5.14.21-150400.14.69.1 * kernel-azure-devel-5.14.21-150400.14.69.1 * gfs2-kmp-azure-5.14.21-150400.14.69.1 * kselftests-kmp-azure-debuginfo-5.14.21-150400.14.69.1 * reiserfs-kmp-azure-debuginfo-5.14.21-150400.14.69.1 * openSUSE Leap 15.4 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150400.14.69.1 * openSUSE Leap 15.4 (noarch) * kernel-devel-azure-5.14.21-150400.14.69.1 * kernel-source-azure-5.14.21-150400.14.69.1 * Public Cloud Module 15-SP4 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150400.14.69.1 * Public Cloud Module 15-SP4 (aarch64 x86_64) * kernel-azure-debugsource-5.14.21-150400.14.69.1 * kernel-azure-devel-debuginfo-5.14.21-150400.14.69.1 * kernel-azure-devel-5.14.21-150400.14.69.1 * kernel-syms-azure-5.14.21-150400.14.69.1 * kernel-azure-debuginfo-5.14.21-150400.14.69.1 * Public Cloud Module 15-SP4 (noarch) * kernel-devel-azure-5.14.21-150400.14.69.1 * kernel-source-azure-5.14.21-150400.14.69.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1192.html * https://www.suse.com/security/cve/CVE-2023-1206.html * https://www.suse.com/security/cve/CVE-2023-1859.html * https://www.suse.com/security/cve/CVE-2023-2177.html * https://www.suse.com/security/cve/CVE-2023-37453.html * https://www.suse.com/security/cve/CVE-2023-39192.html * https://www.suse.com/security/cve/CVE-2023-39193.html * https://www.suse.com/security/cve/CVE-2023-39194.html * https://www.suse.com/security/cve/CVE-2023-4155.html * https://www.suse.com/security/cve/CVE-2023-42753.html * https://www.suse.com/security/cve/CVE-2023-42754.html * https://www.suse.com/security/cve/CVE-2023-4389.html * https://www.suse.com/security/cve/CVE-2023-4563.html * https://www.suse.com/security/cve/CVE-2023-4622.html * https://www.suse.com/security/cve/CVE-2023-4623.html * https://www.suse.com/security/cve/CVE-2023-4881.html * https://www.suse.com/security/cve/CVE-2023-4921.html * https://www.suse.com/security/cve/CVE-2023-5345.html * https://bugzilla.suse.com/show_bug.cgi?id=1202845 * https://bugzilla.suse.com/show_bug.cgi?id=1213772 * https://bugzilla.suse.com/show_bug.cgi?id=1213808 * https://bugzilla.suse.com/show_bug.cgi?id=1214928 * https://bugzilla.suse.com/show_bug.cgi?id=1214943 * https://bugzilla.suse.com/show_bug.cgi?id=1214944 * https://bugzilla.suse.com/show_bug.cgi?id=1214950 * https://bugzilla.suse.com/show_bug.cgi?id=1214951 * https://bugzilla.suse.com/show_bug.cgi?id=1214954 * https://bugzilla.suse.com/show_bug.cgi?id=1214957 * https://bugzilla.suse.com/show_bug.cgi?id=1214986 * https://bugzilla.suse.com/show_bug.cgi?id=1214988 * https://bugzilla.suse.com/show_bug.cgi?id=1214992 * https://bugzilla.suse.com/show_bug.cgi?id=1214993 * https://bugzilla.suse.com/show_bug.cgi?id=1215322 * https://bugzilla.suse.com/show_bug.cgi?id=1215523 * https://bugzilla.suse.com/show_bug.cgi?id=1215877 * https://bugzilla.suse.com/show_bug.cgi?id=1215894 * https://bugzilla.suse.com/show_bug.cgi?id=1215895 * https://bugzilla.suse.com/show_bug.cgi?id=1215896 * https://bugzilla.suse.com/show_bug.cgi?id=1215911 * https://bugzilla.suse.com/show_bug.cgi?id=1215915 * https://bugzilla.suse.com/show_bug.cgi?id=1215916 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 12 12:46:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Oct 2023 12:46:46 -0000 Subject: SUSE-SU-2023:4056-1: important: Security update for qemu Message-ID: <169711480695.26972.16924788286375288082@smelt2.prg2.suse.org> # Security update for qemu Announcement ID: SUSE-SU-2023:4056-1 Rating: important References: * #1179993 * #1181740 * #1188609 * #1190011 * #1207205 * #1212850 * #1213663 * #1213925 * #1215311 Cross-References: * CVE-2021-3638 * CVE-2021-3750 * CVE-2023-0330 * CVE-2023-3180 * CVE-2023-3354 CVSS scores: * CVE-2021-3638 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L * CVE-2021-3638 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2021-3750 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2021-3750 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-0330 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2023-0330 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2023-3180 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-3180 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2023-3354 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3354 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves five vulnerabilities and has four security fixes can now be installed. ## Description: This update for qemu fixes the following issues: * CVE-2023-3180: Fixed a buffer overflow in the virtio-crypto device (bsc#1213925). * CVE-2021-3750: Fixed a DMA reentrancy in the USB EHCI device that could lead to use-after-free (bsc#1190011). * CVE-2021-3638: Fixed a buffer overflow in the ati-vga device (bsc#1188609). * CVE-2023-3354: Fixed an issue when performing a TLS handshake that could lead to remote denial of service via VNC connection (bsc#1212850). * CVE-2023-0330: Fixed a DMA reentrancy issue in the lsi53c895a device that could lead to a stack overflow (bsc#1207205). Non-security fixes: * Fixed a potential build issue in the librm subcomponent (bsc#1215311). * Fixed a potential crash during VM migration (bsc#1213663). * Fixed potential issues during installation on a Xen host (bsc#1179993, bsc#1181740). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4056=1 openSUSE-SLE-15.4-2023-4056=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4056=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4056=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4056=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4056=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4056=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4056=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * qemu-block-nfs-debuginfo-6.2.0-150400.37.23.1 * qemu-accel-tcg-x86-6.2.0-150400.37.23.1 * qemu-hw-display-virtio-gpu-6.2.0-150400.37.23.1 * qemu-ksm-6.2.0-150400.37.23.1 * qemu-hw-usb-host-debuginfo-6.2.0-150400.37.23.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.23.1 * qemu-audio-alsa-6.2.0-150400.37.23.1 * qemu-ivshmem-tools-6.2.0-150400.37.23.1 * qemu-ui-gtk-6.2.0-150400.37.23.1 * qemu-ppc-6.2.0-150400.37.23.1 * qemu-audio-oss-debuginfo-6.2.0-150400.37.23.1 * qemu-block-iscsi-debuginfo-6.2.0-150400.37.23.1 * qemu-audio-alsa-debuginfo-6.2.0-150400.37.23.1 * qemu-linux-user-6.2.0-150400.37.23.1 * qemu-s390x-debuginfo-6.2.0-150400.37.23.1 * qemu-hw-s390x-virtio-gpu-ccw-6.2.0-150400.37.23.1 * qemu-block-iscsi-6.2.0-150400.37.23.1 * qemu-block-gluster-6.2.0-150400.37.23.1 * qemu-block-dmg-debuginfo-6.2.0-150400.37.23.1 * qemu-arm-6.2.0-150400.37.23.1 * qemu-debugsource-6.2.0-150400.37.23.1 * qemu-x86-6.2.0-150400.37.23.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.23.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.23.1 * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.23.1 * qemu-audio-pa-6.2.0-150400.37.23.1 * qemu-accel-qtest-6.2.0-150400.37.23.1 * qemu-audio-spice-6.2.0-150400.37.23.1 * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-6.2.0-150400.37.23.1 * qemu-s390x-6.2.0-150400.37.23.1 * qemu-ui-curses-debuginfo-6.2.0-150400.37.23.1 * qemu-guest-agent-6.2.0-150400.37.23.1 * qemu-ui-spice-app-debuginfo-6.2.0-150400.37.23.1 * qemu-vhost-user-gpu-6.2.0-150400.37.23.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.23.1 * qemu-ppc-debuginfo-6.2.0-150400.37.23.1 * qemu-ui-opengl-debuginfo-6.2.0-150400.37.23.1 * qemu-block-ssh-6.2.0-150400.37.23.1 * qemu-linux-user-debuginfo-6.2.0-150400.37.23.1 * qemu-block-curl-6.2.0-150400.37.23.1 * qemu-extra-6.2.0-150400.37.23.1 * qemu-block-gluster-debuginfo-6.2.0-150400.37.23.1 * qemu-chardev-baum-debuginfo-6.2.0-150400.37.23.1 * qemu-chardev-spice-6.2.0-150400.37.23.1 * qemu-tools-6.2.0-150400.37.23.1 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.23.1 * qemu-linux-user-debugsource-6.2.0-150400.37.23.1 * qemu-ui-opengl-6.2.0-150400.37.23.1 * qemu-vhost-user-gpu-debuginfo-6.2.0-150400.37.23.1 * qemu-lang-6.2.0-150400.37.23.1 * qemu-audio-oss-6.2.0-150400.37.23.1 * qemu-debuginfo-6.2.0-150400.37.23.1 * qemu-block-ssh-debuginfo-6.2.0-150400.37.23.1 * qemu-arm-debuginfo-6.2.0-150400.37.23.1 * qemu-chardev-baum-6.2.0-150400.37.23.1 * qemu-accel-qtest-debuginfo-6.2.0-150400.37.23.1 * qemu-extra-debuginfo-6.2.0-150400.37.23.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.23.1 * qemu-audio-jack-6.2.0-150400.37.23.1 * qemu-hw-display-qxl-6.2.0-150400.37.23.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-6.2.0-150400.37.23.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.23.1 * qemu-block-nfs-6.2.0-150400.37.23.1 * qemu-ui-spice-core-6.2.0-150400.37.23.1 * qemu-tools-debuginfo-6.2.0-150400.37.23.1 * qemu-audio-pa-debuginfo-6.2.0-150400.37.23.1 * qemu-block-curl-debuginfo-6.2.0-150400.37.23.1 * qemu-hw-usb-redirect-6.2.0-150400.37.23.1 * qemu-ui-curses-6.2.0-150400.37.23.1 * qemu-ui-gtk-debuginfo-6.2.0-150400.37.23.1 * qemu-hw-usb-host-6.2.0-150400.37.23.1 * qemu-ui-spice-app-6.2.0-150400.37.23.1 * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.23.1 * qemu-hw-usb-smartcard-debuginfo-6.2.0-150400.37.23.1 * qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.23.1 * qemu-hw-usb-smartcard-6.2.0-150400.37.23.1 * qemu-block-dmg-6.2.0-150400.37.23.1 * qemu-ivshmem-tools-debuginfo-6.2.0-150400.37.23.1 * qemu-audio-jack-debuginfo-6.2.0-150400.37.23.1 * qemu-x86-debuginfo-6.2.0-150400.37.23.1 * qemu-6.2.0-150400.37.23.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.23.1 * openSUSE Leap 15.4 (s390x x86_64 i586) * qemu-kvm-6.2.0-150400.37.23.1 * openSUSE Leap 15.4 (noarch) * qemu-microvm-6.2.0-150400.37.23.1 * qemu-ipxe-1.0.0+-150400.37.23.1 * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.23.1 * qemu-skiboot-6.2.0-150400.37.23.1 * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.23.1 * qemu-SLOF-6.2.0-150400.37.23.1 * qemu-sgabios-8-150400.37.23.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * qemu-block-rbd-debuginfo-6.2.0-150400.37.23.1 * qemu-block-rbd-6.2.0-150400.37.23.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * qemu-hw-display-virtio-gpu-6.2.0-150400.37.23.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.23.1 * qemu-debugsource-6.2.0-150400.37.23.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.23.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.23.1 * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.23.1 * qemu-audio-spice-6.2.0-150400.37.23.1 * qemu-guest-agent-6.2.0-150400.37.23.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.23.1 * qemu-ui-opengl-debuginfo-6.2.0-150400.37.23.1 * qemu-chardev-spice-6.2.0-150400.37.23.1 * qemu-tools-6.2.0-150400.37.23.1 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.23.1 * qemu-ui-opengl-6.2.0-150400.37.23.1 * qemu-debuginfo-6.2.0-150400.37.23.1 * qemu-ui-spice-core-6.2.0-150400.37.23.1 * qemu-tools-debuginfo-6.2.0-150400.37.23.1 * qemu-hw-display-qxl-6.2.0-150400.37.23.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.23.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.23.1 * qemu-hw-usb-redirect-6.2.0-150400.37.23.1 * qemu-6.2.0-150400.37.23.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.23.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64) * qemu-arm-6.2.0-150400.37.23.1 * qemu-arm-debuginfo-6.2.0-150400.37.23.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.23.1 * qemu-ipxe-1.0.0+-150400.37.23.1 * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.23.1 * qemu-sgabios-8-150400.37.23.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (s390x) * qemu-s390x-6.2.0-150400.37.23.1 * qemu-s390x-debuginfo-6.2.0-150400.37.23.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.23.1 * qemu-accel-tcg-x86-6.2.0-150400.37.23.1 * qemu-x86-debuginfo-6.2.0-150400.37.23.1 * qemu-x86-6.2.0-150400.37.23.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * qemu-hw-display-virtio-gpu-6.2.0-150400.37.23.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.23.1 * qemu-debugsource-6.2.0-150400.37.23.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.23.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.23.1 * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.23.1 * qemu-audio-spice-6.2.0-150400.37.23.1 * qemu-guest-agent-6.2.0-150400.37.23.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.23.1 * qemu-ui-opengl-debuginfo-6.2.0-150400.37.23.1 * qemu-chardev-spice-6.2.0-150400.37.23.1 * qemu-tools-6.2.0-150400.37.23.1 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.23.1 * qemu-ui-opengl-6.2.0-150400.37.23.1 * qemu-debuginfo-6.2.0-150400.37.23.1 * qemu-ui-spice-core-6.2.0-150400.37.23.1 * qemu-tools-debuginfo-6.2.0-150400.37.23.1 * qemu-hw-display-qxl-6.2.0-150400.37.23.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.23.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.23.1 * qemu-hw-usb-redirect-6.2.0-150400.37.23.1 * qemu-6.2.0-150400.37.23.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.23.1 * SUSE Linux Enterprise Micro 5.3 (aarch64) * qemu-arm-6.2.0-150400.37.23.1 * qemu-arm-debuginfo-6.2.0-150400.37.23.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.23.1 * qemu-ipxe-1.0.0+-150400.37.23.1 * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.23.1 * qemu-sgabios-8-150400.37.23.1 * SUSE Linux Enterprise Micro 5.3 (s390x) * qemu-s390x-6.2.0-150400.37.23.1 * qemu-s390x-debuginfo-6.2.0-150400.37.23.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.23.1 * qemu-accel-tcg-x86-6.2.0-150400.37.23.1 * qemu-x86-debuginfo-6.2.0-150400.37.23.1 * qemu-x86-6.2.0-150400.37.23.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * qemu-hw-display-virtio-gpu-6.2.0-150400.37.23.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.23.1 * qemu-debugsource-6.2.0-150400.37.23.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.23.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.23.1 * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.23.1 * qemu-audio-spice-6.2.0-150400.37.23.1 * qemu-guest-agent-6.2.0-150400.37.23.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.23.1 * qemu-ui-opengl-debuginfo-6.2.0-150400.37.23.1 * qemu-chardev-spice-6.2.0-150400.37.23.1 * qemu-tools-6.2.0-150400.37.23.1 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.23.1 * qemu-ui-opengl-6.2.0-150400.37.23.1 * qemu-debuginfo-6.2.0-150400.37.23.1 * qemu-ui-spice-core-6.2.0-150400.37.23.1 * qemu-tools-debuginfo-6.2.0-150400.37.23.1 * qemu-hw-display-qxl-6.2.0-150400.37.23.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.23.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.23.1 * qemu-hw-usb-redirect-6.2.0-150400.37.23.1 * qemu-6.2.0-150400.37.23.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.23.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64) * qemu-arm-6.2.0-150400.37.23.1 * qemu-arm-debuginfo-6.2.0-150400.37.23.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.23.1 * qemu-ipxe-1.0.0+-150400.37.23.1 * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.23.1 * qemu-sgabios-8-150400.37.23.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (s390x) * qemu-s390x-6.2.0-150400.37.23.1 * qemu-s390x-debuginfo-6.2.0-150400.37.23.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.23.1 * qemu-accel-tcg-x86-6.2.0-150400.37.23.1 * qemu-x86-debuginfo-6.2.0-150400.37.23.1 * qemu-x86-6.2.0-150400.37.23.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * qemu-hw-display-virtio-gpu-6.2.0-150400.37.23.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.23.1 * qemu-debugsource-6.2.0-150400.37.23.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.23.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.23.1 * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.23.1 * qemu-audio-spice-6.2.0-150400.37.23.1 * qemu-guest-agent-6.2.0-150400.37.23.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.23.1 * qemu-ui-opengl-debuginfo-6.2.0-150400.37.23.1 * qemu-chardev-spice-6.2.0-150400.37.23.1 * qemu-tools-6.2.0-150400.37.23.1 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.23.1 * qemu-ui-opengl-6.2.0-150400.37.23.1 * qemu-debuginfo-6.2.0-150400.37.23.1 * qemu-ui-spice-core-6.2.0-150400.37.23.1 * qemu-tools-debuginfo-6.2.0-150400.37.23.1 * qemu-hw-display-qxl-6.2.0-150400.37.23.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.23.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.23.1 * qemu-hw-usb-redirect-6.2.0-150400.37.23.1 * qemu-6.2.0-150400.37.23.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.23.1 * SUSE Linux Enterprise Micro 5.4 (aarch64) * qemu-arm-6.2.0-150400.37.23.1 * qemu-arm-debuginfo-6.2.0-150400.37.23.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.23.1 * qemu-ipxe-1.0.0+-150400.37.23.1 * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.23.1 * qemu-sgabios-8-150400.37.23.1 * SUSE Linux Enterprise Micro 5.4 (s390x) * qemu-s390x-6.2.0-150400.37.23.1 * qemu-s390x-debuginfo-6.2.0-150400.37.23.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.23.1 * qemu-accel-tcg-x86-6.2.0-150400.37.23.1 * qemu-x86-debuginfo-6.2.0-150400.37.23.1 * qemu-x86-6.2.0-150400.37.23.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * qemu-debuginfo-6.2.0-150400.37.23.1 * qemu-debugsource-6.2.0-150400.37.23.1 * qemu-tools-debuginfo-6.2.0-150400.37.23.1 * qemu-tools-6.2.0-150400.37.23.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * qemu-ksm-6.2.0-150400.37.23.1 * qemu-hw-usb-host-debuginfo-6.2.0-150400.37.23.1 * qemu-block-iscsi-debuginfo-6.2.0-150400.37.23.1 * qemu-block-iscsi-6.2.0-150400.37.23.1 * qemu-block-rbd-6.2.0-150400.37.23.1 * qemu-debugsource-6.2.0-150400.37.23.1 * qemu-ui-curses-debuginfo-6.2.0-150400.37.23.1 * qemu-guest-agent-6.2.0-150400.37.23.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.23.1 * qemu-block-ssh-6.2.0-150400.37.23.1 * qemu-block-curl-6.2.0-150400.37.23.1 * qemu-chardev-baum-debuginfo-6.2.0-150400.37.23.1 * qemu-debuginfo-6.2.0-150400.37.23.1 * qemu-lang-6.2.0-150400.37.23.1 * qemu-block-ssh-debuginfo-6.2.0-150400.37.23.1 * qemu-chardev-baum-6.2.0-150400.37.23.1 * qemu-block-curl-debuginfo-6.2.0-150400.37.23.1 * qemu-block-rbd-debuginfo-6.2.0-150400.37.23.1 * qemu-ui-curses-6.2.0-150400.37.23.1 * qemu-hw-usb-host-6.2.0-150400.37.23.1 * qemu-6.2.0-150400.37.23.1 * Server Applications Module 15-SP4 (aarch64) * qemu-arm-6.2.0-150400.37.23.1 * qemu-arm-debuginfo-6.2.0-150400.37.23.1 * Server Applications Module 15-SP4 (aarch64 ppc64le x86_64) * qemu-hw-usb-redirect-6.2.0-150400.37.23.1 * qemu-chardev-spice-6.2.0-150400.37.23.1 * qemu-ui-gtk-debuginfo-6.2.0-150400.37.23.1 * qemu-ui-spice-app-6.2.0-150400.37.23.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.23.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.23.1 * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.23.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.23.1 * qemu-ui-gtk-6.2.0-150400.37.23.1 * qemu-ui-opengl-6.2.0-150400.37.23.1 * qemu-audio-spice-6.2.0-150400.37.23.1 * qemu-ui-spice-app-debuginfo-6.2.0-150400.37.23.1 * qemu-ui-spice-core-6.2.0-150400.37.23.1 * qemu-hw-display-qxl-6.2.0-150400.37.23.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.23.1 * qemu-ui-opengl-debuginfo-6.2.0-150400.37.23.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.23.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.23.1 * Server Applications Module 15-SP4 (noarch) * qemu-ipxe-1.0.0+-150400.37.23.1 * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.23.1 * qemu-skiboot-6.2.0-150400.37.23.1 * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.23.1 * qemu-SLOF-6.2.0-150400.37.23.1 * qemu-sgabios-8-150400.37.23.1 * Server Applications Module 15-SP4 (ppc64le) * qemu-ppc-6.2.0-150400.37.23.1 * qemu-ppc-debuginfo-6.2.0-150400.37.23.1 * Server Applications Module 15-SP4 (s390x x86_64) * qemu-hw-display-virtio-gpu-6.2.0-150400.37.23.1 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.23.1 * qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.23.1 * qemu-kvm-6.2.0-150400.37.23.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-6.2.0-150400.37.23.1 * Server Applications Module 15-SP4 (s390x) * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-6.2.0-150400.37.23.1 * qemu-s390x-debuginfo-6.2.0-150400.37.23.1 * qemu-hw-s390x-virtio-gpu-ccw-6.2.0-150400.37.23.1 * qemu-s390x-6.2.0-150400.37.23.1 * Server Applications Module 15-SP4 (x86_64) * qemu-audio-pa-debuginfo-6.2.0-150400.37.23.1 * qemu-accel-tcg-x86-6.2.0-150400.37.23.1 * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.23.1 * qemu-audio-pa-6.2.0-150400.37.23.1 * qemu-audio-alsa-6.2.0-150400.37.23.1 * qemu-audio-alsa-debuginfo-6.2.0-150400.37.23.1 * qemu-x86-debuginfo-6.2.0-150400.37.23.1 * qemu-x86-6.2.0-150400.37.23.1 ## References: * https://www.suse.com/security/cve/CVE-2021-3638.html * https://www.suse.com/security/cve/CVE-2021-3750.html * https://www.suse.com/security/cve/CVE-2023-0330.html * https://www.suse.com/security/cve/CVE-2023-3180.html * https://www.suse.com/security/cve/CVE-2023-3354.html * https://bugzilla.suse.com/show_bug.cgi?id=1179993 * https://bugzilla.suse.com/show_bug.cgi?id=1181740 * https://bugzilla.suse.com/show_bug.cgi?id=1188609 * https://bugzilla.suse.com/show_bug.cgi?id=1190011 * https://bugzilla.suse.com/show_bug.cgi?id=1207205 * https://bugzilla.suse.com/show_bug.cgi?id=1212850 * https://bugzilla.suse.com/show_bug.cgi?id=1213663 * https://bugzilla.suse.com/show_bug.cgi?id=1213925 * https://bugzilla.suse.com/show_bug.cgi?id=1215311 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 12 14:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Oct 2023 16:30:09 +0200 (CEST) Subject: SUSE-CU-2023:3374-1: Security update of suse/registry Message-ID: <20231012143009.03444FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3374-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-15.3 , suse/registry:latest Container Release : 15.3 Severity : low Type : security References : 1214806 CVE-2023-4641 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). The following package changes have been done: - login_defs-4.8.1-150400.10.12.1 updated - shadow-4.8.1-150400.10.12.1 updated From sle-updates at lists.suse.com Thu Oct 12 16:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Oct 2023 16:30:03 -0000 Subject: SUSE-RU-2023:4066-1: moderate: Recommended update for libssh2_org Message-ID: <169712820345.12046.12378278343489098856@smelt2.prg2.suse.org> # Recommended update for libssh2_org Announcement ID: SUSE-RU-2023:4066-1 Rating: moderate References: * PED-5721 * SLE-16922 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that contains two features can now be installed. ## Description: This update for libssh2_org fixes the following issues: libssh2_org was upgraded to version 1.11.0 in SUSE Linux Enterprise Server 12 SP5 (jsc#PED-5721) Version update to 1.11.0: * Enhancements and bugfixes: * Adds support for encrypt-then-mac (ETM) MACs * Adds support for AES-GCM crypto protocols * Adds support for sk-ecdsa-sha2-nistp256 and sk-ssh-ed25519 keys * Adds support for RSA certificate authentication * Adds FIDO support with *_sk() functions * Adds RSA-SHA2 key upgrading to OpenSSL, WinCNG, mbedTLS, OS400 backends * Adds Agent Forwarding and libssh2_agent_sign() * Adds support for Channel Signal message libssh2_channel_signal_ex() * Adds support to get the user auth banner message libssh2_userauth_banner() * Adds LIBSSH2_NO_{MD5, HMAC_RIPEMD, DSA, RSA, RSA_SHA1, ECDSA, ED25519, AES_CBC, AES_CTR, BLOWFISH, RC4, CAST, 3DES} options * Adds direct stream UNIX sockets with libssh2_channel_direct_streamlocal_ex() * Adds wolfSSL support to CMake file * Adds mbedTLS 3.x support * Adds LibreSSL 3.5 support * Adds support for CMake "unity" builds * Adds CMake support for building shared and static libs in a single pass * Adds symbol hiding support to CMake * Adds support for libssh2.rc for all build tools * Adds .zip, .tar.xz and .tar.bz2 release tarballs * Enables ed25519 key support for LibreSSL 3.7.0 or higher * Improves OpenSSL 1.1 and 3 compatibility * Now requires OpenSSL 1.0.2 or newer * Now requires CMake 3.1 or newer * SFTP: Adds libssh2_sftp_open_ex_r() and libssh2_sftp_open_r() extended APIs * SFTP: No longer has a packet limit when reading a directory * SFTP: now parses attribute extensions if they exist * SFTP: no longer will busy loop if SFTP fails to initialize * SFTP: now clear various errors as expected * SFTP: no longer skips files if the line buffer is too small * SCP: add option to not quote paths * SCP: Enables 64-bit offset support unconditionally * Now skips leading \r and \n characters in banner_receive() * Enables secure memory zeroing with all build tools on all platforms * No longer logs SSH_MSG_REQUEST_FAILURE packets from keepalive * Speed up base64 encoding by 7x * Assert if there is an attempt to write a value that is too large * WinCNG: fix memory leak in _libssh2_dh_secret() * Added protection against possible null pointer dereferences * Agent now handles overly large comment lengths * Now ensure KEX replies don't include extra bytes * Fixed possible buffer overflow when receiving SSH_MSG_USERAUTH_BANNER * Fixed possible buffer overflow in keyboard interactive code path * Fixed overlapping memcpy() * Fixed DLL import name * Renamed local RANDOM_PADDING macro to avoid unexpected define on Windows * Support for building with gcc versions older than 8 * Improvements to CMake, Makefile, NMakefile, GNUmakefile, autoreconf files * Restores ANSI C89 compliance * Enabled new compiler warnings and fixed/silenced them * Improved error messages * Now uses CIFuzz * Numerous minor code improvements * Improvements to CI builds * Improvements to unit tests * Improvements to doc files * Improvements to example files * Removed "old gex" build option * Removed no-encryption/no-mac builds * Removed support for NetWare and Watcom wmake build files Version update to 1.10.0: * Enhancements and bugfixes: * support ECDSA certificate authentication * fix detailed _libssh2_error being overwritten by generic errors * unified error handling * fix _libssh2_random() silently discarding errors * don't error if using keys without RSA * avoid OpenSSL latent error in FIPS mode * fix EVP_Cipher interface change in openssl 3 * fix potential overwrite of buffer when reading stdout of command * use string_buf in ecdh_sha2_nistp() to avoid attempting to parse malformed data * correct a typo which may lead to stack overflow * fix random big number generation to match openssl * added key exchange group16-sha512 and group18-sha512. * add support for an OSS Fuzzer fuzzing target * adds support for ECDSA for both key exchange and host key algorithms * clean up curve25519 code * update the min, preferred and max DH group values based on RFC 8270. * changed type of LIBSSH2_FX_* constants to unsigned long * added diffie-hellman-group14-sha256 kex * fix for use of uninitialized aes_ctr_cipher.key_len when using HAVE_OPAQUE_STRUCTS, regression * fixes memory leaks and use after free AES EVP_CIPHER contexts when using OpenSSL 1.0.x. * fixes crash with delayed compression option using Bitvise server. * adds support for PKIX key reading * use new API to parse data in packet_x11_open() for better bounds checking. * double the static buffer size when reading and writing known hosts * improved bounds checking in packet_queue_listener * improve message parsing (CVE-2019-17498) * improve bounds checking in kex_agree_methods() * adding SSH agent forwarding. * fix agent forwarding message, updated example. * added integration test code and cmake target. Added example to cmake list. * don't call `libssh2_crypto_exit()` until `_libssh2_initialized` count is down to zero. * add an EWOULDBLOCK check for better portability * fix off by one error when loading public keys with no id * fix use-after-free crash on reinitialization of openssl backend * preserve error info from agent_list_identities() * make sure the error code is set in _libssh2_channel_open() * fixed misspellings * fix potential typecast error for `_libssh2_ecdsa_key_get_curve_type` * rename _libssh2_ecdsa_key_get_curve_type to _libssh2_ecdsa_get_curve_type Version update to 1.9.0: [bsc#1178083, jsc#SLE-16922] * Enhancements and bugfixes: * adds ECDSA keys and host key support when using OpenSSL * adds ED25519 key and host key support when using OpenSSL 1.1.1 * adds OpenSSH style key file reading * adds AES CTR mode support when using WinCNG * adds PEM passphrase protected file support for Libgcrypt and WinCNG * adds SHA256 hostkey fingerprint * adds libssh2_agent_get_identity_path() and libssh2_agent_set_identity_path() * adds explicit zeroing of sensitive data in memory * adds additional bounds checks to network buffer reads * adds the ability to use the server default permissions when creating sftp directories * adds support for building with OpenSSL no engine flag * adds support for building with LibreSSL * increased sftp packet size to 256k * fixed oversized packet handling in sftp * fixed building with OpenSSL 1.1 * fixed a possible crash if sftp stat gets an unexpected response * fixed incorrect parsing of the KEX preference string value * fixed conditional RSA and AES-CTR support * fixed a small memory leak during the key exchange process * fixed a possible memory leak of the ssh banner string * fixed various small memory leaks in the backends * fixed possible out of bounds read when parsing public keys from the server * fixed possible out of bounds read when parsing invalid PEM files * no longer null terminates the scp remote exec command * now handle errors when diffie hellman key pair generation fails * improved building instructions * improved unit tests * Version update to 1.8.2: [bsc#1130103] Bug fixes: * Fixed the misapplied userauth patch that broke 1.8.1 * moved the MAX size declarations from the public header Update to 1.7.0 * Changes: * libssh2_session_set_last_error: Add function * mac: Add support for HMAC-SHA-256 and HMAC-SHA-512 * kex: Added diffie-hellman-group-exchange-sha256 support * many bugfixes Update to 1.6.0 * Changes: * Added libssh2_userauth_publickey_frommemory() * Bug fixes: * wait_socket: wrong use of difftime() * userauth: Fixed prompt text no longer being copied to the prompts struct * mingw build: allow to pass custom CFLAGS * Let mansyntax.sh work regardless of where it is called from Init HMAC_CTX before using it * direct_tcpip: Fixed channel write * WinCNG: fixed backend breakage * OpenSSL: caused by introducing libssh2_hmac_ctx_init * userauth.c: fix possible dereferences of a null pointer * wincng: Added explicit clear memory feature to WinCNG backend * openssl.c: fix possible segfault in case EVP_DigestInit fails * wincng: fix return code of libssh2_md5_init() * kex: do not ignore failure of libssh2_sha1_init() * scp: fix that scp_send may transmit not initialised memory * scp.c: improved command length calculation * nonblocking examples: fix warning about unused tvdiff on Mac OS X * configure: make clear-memory default but WARN if backend unsupported * OpenSSL: Enable use of OpenSSL that doesn't have DSA * OpenSSL: Use correct no-blowfish #define * kex: fix libgcrypt memory leaks of bignum * libssh2_channel_open: more detailed error message * wincng: fixed memleak in (block) cipher destructor Update to 1.5.0: * Changes: * Added Windows Cryptography API: Next Generation based backend * Bug fixes: * Security Advisory: Using `SSH_MSG_KEXINIT` data unbounded, CVE-2015-1782 * missing _libssh2_error in _libssh2_channel_write * knownhost: Fix DSS keys being detected as unknown. * knownhost: Restore behaviour of `libssh2_knownhost_writeline` with short buffer. * libssh2.h: on Windows, a socket is of type SOCKET, not int * libssh2_priv.h: a 1 bit bit-field should be unsigned * Fixed two potential use-after-frees of the payload buffer * Fixed a few memory leaks in error paths * userauth: Fixed an attempt to free from stack on error * agent_list_identities: Fixed memory leak on OOM * knownhosts: Abort if the hosts buffer is too small * sftp_close_handle: ensure the handle is always closed * channel_close: Close the channel even in the case of errors * docs: added missing libssh2_session_handshake.3 file * docs: fixed a bunch of typos * userauth_password: pass on the underlying error code * _libssh2_channel_forward_cancel: accessed struct after free * _libssh2_packet_add: avoid using uninitialized memory * _libssh2_channel_forward_cancel: avoid memory leaks on error * _libssh2_channel_write: client spins on write when window full * publickey_packet_receive: avoid junk in returned pointers * channel_receive_window_adjust: store windows size always * userauth_hostbased_fromfile: zero assign to avoid uninitialized use * agent_connect_unix: make sure there's a trailing zero * MinGW build: Fixed redefine warnings. * sftpdir.c: added authentication method detection. * Watcom build: added support for WinCNG build. * configure.ac: replace AM_CONFIG_HEADER with AC_CONFIG_HEADERS * sftp_statvfs: fix for servers not supporting statfvs extension * knownhost.c: use LIBSSH2_FREE macro instead of free * Fixed compilation using mingw-w64 * knownhost.c: fixed that 'key_type_len' may be used uninitialized * configure: Display individual crypto backends on separate lines * agent.c: check return code of MapViewOfFile * kex.c: fix possible NULL pointer de-reference with session->kex * packet.c: fix possible NULL pointer de-reference within listen_state * userauth.c: improve readability and clarity of for-loops * packet.c: i < 256 was always true and i would overflow to 0 * kex.c: make sure mlist is not set to NULL * session.c: check return value of session_nonblock in debug mode * session.c: check return value of session_nonblock during startup * userauth.c: make sure that sp_len is positive and avoid overflows * knownhost.c: fix use of uninitialized argument variable wrote * openssl: initialise the digest context before calling EVP_DigestInit() * libssh2_agent_init: init ->fd to LIBSSH2_INVALID_SOCKET * configure.ac: Add zlib to Requires.private in libssh2.pc if using zlib * configure.ac: Rework crypto library detection * configure.ac: Reorder --with-* options in --help output * configure.ac: Call zlib zlib and not libz in text but keep option names * Fix non-autotools builds: Always define the LIBSSH2_OPENSSL CPP macro * sftp: seek: Don't flush buffers on same offset * sftp: statvfs: Along error path, reset the correct 'state' variable. * sftp: Add support for fsync (OpenSSH extension). * _libssh2_channel_read: fix data drop when out of window * comp_method_zlib_decomp: Improve buffer growing algorithm * _libssh2_channel_read: Honour window_size_initial * window_size: redid window handling for flow control reasons * knownhosts: handle unknown key types ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4066=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4066=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4066=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4066=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libssh2_org-debugsource-1.11.0-29.6.1 * libssh2-devel-1.11.0-29.6.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libssh2-1-debuginfo-1.11.0-29.6.1 * libssh2_org-debugsource-1.11.0-29.6.1 * libssh2-1-1.11.0-29.6.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libssh2-1-32bit-1.11.0-29.6.1 * libssh2-1-debuginfo-32bit-1.11.0-29.6.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libssh2-1-debuginfo-1.11.0-29.6.1 * libssh2_org-debugsource-1.11.0-29.6.1 * libssh2-1-1.11.0-29.6.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libssh2-1-32bit-1.11.0-29.6.1 * libssh2-1-debuginfo-32bit-1.11.0-29.6.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libssh2-1-debuginfo-1.11.0-29.6.1 * libssh2_org-debugsource-1.11.0-29.6.1 * libssh2-1-1.11.0-29.6.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libssh2-1-32bit-1.11.0-29.6.1 * libssh2-1-debuginfo-32bit-1.11.0-29.6.1 ## References: * https://jira.suse.com/browse/PED-5721 * https://jira.suse.com/browse/SLE-16922 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 12 20:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Oct 2023 20:30:02 -0000 Subject: SUSE-RU-2023:4067-1: moderate: Recommended update for rust, rust1.73 Message-ID: <169714260275.3251.7889022244765616073@smelt2.prg2.suse.org> # Recommended update for rust, rust1.73 Announcement ID: SUSE-RU-2023:4067-1 Rating: moderate References: Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: This update for rust, rust1.73 fixes the following issues: Changes in rust1.73: # Version 1.73.0 (2023-10-05) ## Language * Uplift clippy::fn_null_check lint as useless_ptr_null_checks. * Make noop_method_call warn by default. * Support interpolated block for try and async in macros. * Make unconditional_recursion lint detect recursive drops. * Future compatibility warning for some impls being incorrectly considered not overlapping. * The invalid_reference_casting lint is now **deny-by-default** (instead of allow-by-default) ## Compiler * Write version information in a .comment section like GCC/Clang. * Add documentation on v0 symbol mangling. * Stabilize extern "thiscall" and "thiscall-unwind" ABIs. * Only check outlives goals on impl compared to trait. * Infer type in irrefutable slice patterns with fixed length as array. * Discard default auto trait impls if explicit ones exist. * Add several new tier 3 targets: * aarch64-unknown-teeos * csky-unknown-linux-gnuabiv2 * riscv64-linux-android * riscv64gc-unknown-hermit * x86_64-unikraft-linux-musl * x86_64-unknown-linux-ohos * Add wasm32-wasi-preview1-threads as a tier 2 target. Refer to Rust's platform support page for more information on Rust's tiered platform support. ## Libraries * Add Read, Write and Seek impls for Arc. * Merge functionality of io::Sink into io::Empty. * Implement RefUnwindSafe for Backtrace * Make ExitStatus implement Default * impl SliceIndex for (Bound, Bound) * Change default panic handler message format. * Cleaner assert_eq! & assert_ne! panic messages. * Correct the (deprecated) Android stat struct definitions. ## Stabilized APIs * Unsigned {integer}::div_ceil https://doc.rust- lang.org/stable/std/primitive.u32.html#method.div_ceil * Unsigned {integer}::next_multiple_of https://doc.rust- lang.org/stable/std/primitive.u32.html#method.next_multiple_of * Unsigned {integer}::checked_next_multiple_of https://doc.rust- lang.org/stable/std/primitive.u32.html#method.checked_next_multiple_of * std::ffi::FromBytesUntilNulError https://doc.rust- lang.org/stable/std/ffi/struct.FromBytesUntilNulError.html * std::os::unix::fs::chown https://doc.rust- lang.org/stable/std/os/unix/fs/fn.chown.html * std::os::unix::fs::fchown https://doc.rust- lang.org/stable/std/os/unix/fs/fn.fchown.html * std::os::unix::fs::lchown https://doc.rust- lang.org/stable/std/os/unix/fs/fn.lchown.html * LocalKey::>::get https://doc.rust- lang.org/stable/std/thread/struct.LocalKey.html#method.get * LocalKey::>::set https://doc.rust- lang.org/stable/std/thread/struct.LocalKey.html#method.set * LocalKey::>::take https://doc.rust- lang.org/stable/std/thread/struct.LocalKey.html#method.take * LocalKey::>::replace https://doc.rust- lang.org/stable/std/thread/struct.LocalKey.html#method.replace * LocalKey::>::with_borrow https://doc.rust- lang.org/stable/std/thread/struct.LocalKey.html#method.with_borrow * LocalKey::>::with_borrow_mut https://doc.rust- lang.org/stable/std/thread/struct.LocalKey.html#method.with_borrow_mut * LocalKey::>::set https://doc.rust- lang.org/stable/std/thread/struct.LocalKey.html#method.set-1 * LocalKey::>::take https://doc.rust- lang.org/stable/std/thread/struct.LocalKey.html#method.take-1 * LocalKey::>::replace https://doc.rust- lang.org/stable/std/thread/struct.LocalKey.html#method.replace-1 These APIs are now stable in const contexts: * rc::Weak::new https://doc.rust- lang.org/stable/alloc/rc/struct.Weak.html#method.new * sync::Weak::new https://doc.rust- lang.org/stable/alloc/sync/struct.Weak.html#method.new * NonNull::as_ref https://doc.rust- lang.org/stable/core/ptr/struct.NonNull.html#method.as_ref ## Cargo * Encode URL params correctly for SourceId in Cargo.lock. * Bail out an error when using cargo:: in custom build script. ## Compatibility Notes * Update the minimum external LLVM to 15. * Check for non-defining uses of return position impl Trait. Changes in rust: * Update to version 1.73.0 - for details see the rust1.73 package ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4067=1 openSUSE-SLE-15.4-2023-4067=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4067=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4067=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4067=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * rust1.73-debuginfo-1.73.0-150400.9.3.1 * cargo1.73-1.73.0-150400.9.3.1 * cargo-1.73.0-150400.24.27.1 * cargo1.73-debuginfo-1.73.0-150400.9.3.1 * rust-1.73.0-150400.24.27.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586 nosrc) * rust1.73-1.73.0-150400.9.3.1 * openSUSE Leap 15.4 (nosrc) * rust1.73-test-1.73.0-150400.9.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * rust1.73-debuginfo-1.73.0-150400.9.3.1 * cargo1.73-1.73.0-150400.9.3.1 * cargo-1.73.0-150400.24.27.1 * cargo1.73-debuginfo-1.73.0-150400.9.3.1 * rust-1.73.0-150400.24.27.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc) * rust1.73-1.73.0-150400.9.3.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * rust1.73-debuginfo-1.73.0-150400.9.3.1 * cargo1.73-1.73.0-150400.9.3.1 * cargo-1.73.0-150400.24.27.1 * cargo1.73-debuginfo-1.73.0-150400.9.3.1 * rust-1.73.0-150400.24.27.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64 nosrc) * rust1.73-1.73.0-150400.9.3.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * rust1.73-debuginfo-1.73.0-150400.9.3.1 * cargo1.73-1.73.0-150400.9.3.1 * cargo-1.73.0-150400.24.27.1 * cargo1.73-debuginfo-1.73.0-150400.9.3.1 * rust-1.73.0-150400.24.27.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64 nosrc) * rust1.73-1.73.0-150400.9.3.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 13 07:03:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Oct 2023 09:03:17 +0200 (CEST) Subject: SUSE-CU-2023:3377-1: Security update of suse/389-ds Message-ID: <20231013070317.EE7F9F417@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3377-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-16.10 , suse/389-ds:latest Container Release : 16.10 Severity : important Type : security References : 1214806 1215888 1215889 CVE-2023-38545 CVE-2023-38546 CVE-2023-4641 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) The following package changes have been done: - login_defs-4.8.1-150400.10.12.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - shadow-4.8.1-150400.10.12.1 updated - container:sles15-image-15.0.0-36.5.41 updated From sle-updates at lists.suse.com Fri Oct 13 07:03:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Oct 2023 09:03:25 +0200 (CEST) Subject: SUSE-CU-2023:3378-1: Security update of bci/golang Message-ID: <20231013070325.9FCBBF417@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3378-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-2.4.12 , bci/golang:oldstable , bci/golang:oldstable-2.4.12 Container Release : 4.12 Severity : important Type : security References : 1214806 1215888 1215889 CVE-2023-38545 CVE-2023-38546 CVE-2023-4641 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) The following package changes have been done: - login_defs-4.8.1-150400.10.12.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - shadow-4.8.1-150400.10.12.1 updated - container:sles15-image-15.0.0-36.5.42 updated From sle-updates at lists.suse.com Fri Oct 13 07:03:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Oct 2023 09:03:28 +0200 (CEST) Subject: SUSE-CU-2023:3379-1: Security update of bci/golang Message-ID: <20231013070328.5A41AF417@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3379-1 Container Tags : bci/golang:1.19-openssl , bci/golang:1.19-openssl-7.10 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-7.10 Container Release : 7.10 Severity : important Type : security References : 1214806 1215888 1215889 CVE-2023-38545 CVE-2023-38546 CVE-2023-4641 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) The following package changes have been done: - login_defs-4.8.1-150400.10.12.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - shadow-4.8.1-150400.10.12.1 updated - container:sles15-image-15.0.0-36.5.42 updated From sle-updates at lists.suse.com Fri Oct 13 07:03:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Oct 2023 09:03:30 +0200 (CEST) Subject: SUSE-CU-2023:3380-1: Security update of bci/golang Message-ID: <20231013070330.C9FACF417@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3380-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-7.9 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-7.9 Container Release : 7.9 Severity : important Type : security References : 1214806 1215888 1215889 CVE-2023-38545 CVE-2023-38546 CVE-2023-4641 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) The following package changes have been done: - login_defs-4.8.1-150400.10.12.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - shadow-4.8.1-150400.10.12.1 updated - container:sles15-image-15.0.0-36.5.41 updated From sle-updates at lists.suse.com Fri Oct 13 07:03:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Oct 2023 09:03:39 +0200 (CEST) Subject: SUSE-CU-2023:3381-1: Security update of bci/bci-init Message-ID: <20231013070339.A08D5F417@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3381-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.10.10 , bci/bci-init:latest Container Release : 10.10 Severity : important Type : security References : 1214806 1215888 1215889 CVE-2023-38545 CVE-2023-38546 CVE-2023-4641 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) The following package changes have been done: - login_defs-4.8.1-150400.10.12.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - shadow-4.8.1-150400.10.12.1 updated - container:sles15-image-15.0.0-36.5.41 updated From sle-updates at lists.suse.com Fri Oct 13 07:03:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Oct 2023 09:03:47 +0200 (CEST) Subject: SUSE-CU-2023:3382-1: Security update of bci/nodejs Message-ID: <20231013070347.5F1D9F417@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3382-1 Container Tags : bci/node:18 , bci/node:18-11.10 , bci/node:latest , bci/nodejs:18 , bci/nodejs:18-11.10 , bci/nodejs:latest Container Release : 11.10 Severity : important Type : security References : 1214806 1215888 1215889 CVE-2023-38545 CVE-2023-38546 CVE-2023-4641 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) The following package changes have been done: - login_defs-4.8.1-150400.10.12.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - shadow-4.8.1-150400.10.12.1 updated - container:sles15-image-15.0.0-36.5.41 updated From sle-updates at lists.suse.com Fri Oct 13 07:03:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Oct 2023 09:03:54 +0200 (CEST) Subject: SUSE-CU-2023:3383-1: Security update of bci/openjdk Message-ID: <20231013070354.E89A1F417@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3383-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-11.10 Container Release : 11.10 Severity : important Type : security References : 1214806 1215888 1215889 CVE-2023-38545 CVE-2023-38546 CVE-2023-4641 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) The following package changes have been done: - login_defs-4.8.1-150400.10.12.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - shadow-4.8.1-150400.10.12.1 updated - container:sles15-image-15.0.0-36.5.41 updated From sle-updates at lists.suse.com Fri Oct 13 07:04:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Oct 2023 09:04:05 +0200 (CEST) Subject: SUSE-CU-2023:3384-1: Security update of bci/openjdk-devel Message-ID: <20231013070405.5FA31F417@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3384-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-12.19 , bci/openjdk-devel:latest Container Release : 12.19 Severity : important Type : security References : 1214806 1215888 1215889 CVE-2023-38545 CVE-2023-38546 CVE-2023-4641 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) The following package changes have been done: - login_defs-4.8.1-150400.10.12.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - shadow-4.8.1-150400.10.12.1 updated - container:bci-openjdk-17-15.5.17-12.10 updated From sle-updates at lists.suse.com Fri Oct 13 07:04:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Oct 2023 09:04:14 +0200 (CEST) Subject: SUSE-CU-2023:3385-1: Security update of bci/openjdk Message-ID: <20231013070414.2C7D0F417@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3385-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-12.10 , bci/openjdk:latest Container Release : 12.10 Severity : important Type : security References : 1214806 1215888 1215889 CVE-2023-38545 CVE-2023-38546 CVE-2023-4641 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) The following package changes have been done: - login_defs-4.8.1-150400.10.12.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - shadow-4.8.1-150400.10.12.1 updated - container:sles15-image-15.0.0-36.5.41 updated From sle-updates at lists.suse.com Fri Oct 13 07:04:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Oct 2023 09:04:23 +0200 (CEST) Subject: SUSE-CU-2023:3386-1: Security update of suse/pcp Message-ID: <20231013070423.B6FFEF417@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3386-1 Container Tags : suse/pcp:5 , suse/pcp:5-15.20 , suse/pcp:5.2 , suse/pcp:5.2-15.20 , suse/pcp:5.2.5 , suse/pcp:5.2.5-15.20 , suse/pcp:latest Container Release : 15.20 Severity : important Type : security References : 1214806 1215888 1215889 CVE-2023-38545 CVE-2023-38546 CVE-2023-4641 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) The following package changes have been done: - login_defs-4.8.1-150400.10.12.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - shadow-4.8.1-150400.10.12.1 updated - container:bci-bci-init-15.5-15.5-10.10 updated From sle-updates at lists.suse.com Fri Oct 13 07:04:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Oct 2023 09:04:31 +0200 (CEST) Subject: SUSE-CU-2023:3387-1: Security update of bci/php-apache Message-ID: <20231013070431.3F20EF417@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3387-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-8.9 Container Release : 8.9 Severity : important Type : security References : 1214806 1215859 1215888 1215889 CVE-2023-38545 CVE-2023-38546 CVE-2023-43655 CVE-2023-4641 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4041-1 Released: Tue Oct 10 18:28:16 2023 Summary: Security update for php-composer2 Type: security Severity: moderate References: 1215859,CVE-2023-43655 This update for php-composer2 fixes the following issues: - CVE-2023-43655: Fixed a remote code execution issue that could be triggered if users published a web-accessible composer.phar file (bsc#1215859). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) The following package changes have been done: - login_defs-4.8.1-150400.10.12.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - shadow-4.8.1-150400.10.12.1 updated - php-composer2-2.2.3-150400.3.6.1 updated - container:sles15-image-15.0.0-36.5.41 updated From sle-updates at lists.suse.com Fri Oct 13 07:04:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Oct 2023 09:04:38 +0200 (CEST) Subject: SUSE-CU-2023:3388-1: Security update of bci/php-fpm Message-ID: <20231013070438.EFAB4F417@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3388-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-8.10 Container Release : 8.10 Severity : important Type : security References : 1214806 1215859 1215888 1215889 CVE-2023-38545 CVE-2023-38546 CVE-2023-43655 CVE-2023-4641 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4041-1 Released: Tue Oct 10 18:28:16 2023 Summary: Security update for php-composer2 Type: security Severity: moderate References: 1215859,CVE-2023-43655 This update for php-composer2 fixes the following issues: - CVE-2023-43655: Fixed a remote code execution issue that could be triggered if users published a web-accessible composer.phar file (bsc#1215859). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) The following package changes have been done: - login_defs-4.8.1-150400.10.12.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - shadow-4.8.1-150400.10.12.1 updated - php-composer2-2.2.3-150400.3.6.1 updated - container:sles15-image-15.0.0-36.5.41 updated From sle-updates at lists.suse.com Fri Oct 13 07:04:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Oct 2023 09:04:46 +0200 (CEST) Subject: SUSE-CU-2023:3389-1: Security update of bci/php Message-ID: <20231013070446.38B0EF417@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3389-1 Container Tags : bci/php:8 , bci/php:8-8.8 Container Release : 8.8 Severity : important Type : security References : 1214806 1215713 1215859 1215888 1215889 CVE-2023-35945 CVE-2023-38545 CVE-2023-38546 CVE-2023-43655 CVE-2023-4641 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4041-1 Released: Tue Oct 10 18:28:16 2023 Summary: Security update for php-composer2 Type: security Severity: moderate References: 1215859,CVE-2023-43655 This update for php-composer2 fixes the following issues: - CVE-2023-43655: Fixed a remote code execution issue that could be triggered if users published a web-accessible composer.phar file (bsc#1215859). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) The following package changes have been done: - libnghttp2-14-1.40.0-150200.9.1 updated - login_defs-4.8.1-150400.10.12.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - shadow-4.8.1-150400.10.12.1 updated - php-composer2-2.2.3-150400.3.6.1 updated - container:sles15-image-15.0.0-36.5.41 updated From sle-updates at lists.suse.com Fri Oct 13 07:04:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Oct 2023 09:04:53 +0200 (CEST) Subject: SUSE-CU-2023:3390-1: Security update of suse/postgres Message-ID: <20231013070453.A98F6F417@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3390-1 Container Tags : suse/postgres:15 , suse/postgres:15-11.9 , suse/postgres:15.4 , suse/postgres:15.4-11.9 , suse/postgres:latest Container Release : 11.9 Severity : important Type : security References : 1214806 1215888 1215889 CVE-2023-38545 CVE-2023-38546 CVE-2023-4641 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) The following package changes have been done: - login_defs-4.8.1-150400.10.12.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - shadow-4.8.1-150400.10.12.1 updated - container:sles15-image-15.0.0-36.5.41 updated From sle-updates at lists.suse.com Fri Oct 13 07:04:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Oct 2023 09:04:56 +0200 (CEST) Subject: SUSE-CU-2023:3391-1: Security update of suse/rmt-server Message-ID: <20231013070456.0E95CF417@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3391-1 Container Tags : suse/rmt-server:2.14 , suse/rmt-server:2.14-11.8 , suse/rmt-server:latest Container Release : 11.8 Severity : important Type : security References : 1214806 1215888 1215889 CVE-2023-38545 CVE-2023-38546 CVE-2023-4641 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) The following package changes have been done: - login_defs-4.8.1-150400.10.12.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - shadow-4.8.1-150400.10.12.1 updated - container:sles15-image-15.0.0-36.5.41 updated From sle-updates at lists.suse.com Fri Oct 13 07:05:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Oct 2023 09:05:05 +0200 (CEST) Subject: SUSE-CU-2023:3392-1: Security update of bci/rust Message-ID: <20231013070505.3FDD5F417@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3392-1 Container Tags : bci/rust:1.71 , bci/rust:1.71-2.4.8 , bci/rust:oldstable , bci/rust:oldstable-2.4.8 Container Release : 4.8 Severity : important Type : security References : 1214806 1215888 1215889 CVE-2023-38545 CVE-2023-38546 CVE-2023-4641 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) The following package changes have been done: - login_defs-4.8.1-150400.10.12.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - shadow-4.8.1-150400.10.12.1 updated - container:sles15-image-15.0.0-36.5.41 updated From sle-updates at lists.suse.com Fri Oct 13 12:23:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Oct 2023 14:23:20 +0200 (CEST) Subject: SUSE-CU-2023:3393-1: Security update of suse/sle15 Message-ID: <20231013122320.29D33F417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3393-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.194 , suse/sle15:15.3 , suse/sle15:15.3.17.20.194 Container Release : 17.20.194 Severity : moderate Type : security References : 1214806 1215889 CVE-2023-38546 CVE-2023-4641 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4027-1 Released: Tue Oct 10 13:59:02 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4045-1 Released: Wed Oct 11 09:10:43 2023 Summary: Security update for curl Type: security Severity: moderate References: 1215889,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38546: Fixed a cookie injection with none file (bsc#1215889). The following package changes have been done: - curl-7.66.0-150200.4.60.1 updated - libcurl4-7.66.0-150200.4.60.1 updated - login_defs-4.8.1-150300.4.12.1 updated - shadow-4.8.1-150300.4.12.1 updated From sle-updates at lists.suse.com Fri Oct 13 12:24:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Oct 2023 14:24:10 +0200 (CEST) Subject: SUSE-CU-2023:3395-1: Security update of suse/sle15 Message-ID: <20231013122410.5E1E1F417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3395-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.106 , suse/sle15:15.4 , suse/sle15:15.4.27.14.106 Container Release : 27.14.106 Severity : important Type : security References : 1214806 1215888 1215889 CVE-2023-38545 CVE-2023-38546 CVE-2023-4641 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) The following package changes have been done: - curl-8.0.1-150400.5.32.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - login_defs-4.8.1-150400.10.12.1 updated - shadow-4.8.1-150400.10.12.1 updated From sle-updates at lists.suse.com Fri Oct 13 12:24:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Oct 2023 14:24:14 +0200 (CEST) Subject: SUSE-CU-2023:3396-1: Security update of suse/git Message-ID: <20231013122414.9E205F417@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3396-1 Container Tags : suse/git:2.35 , suse/git:2.35-4.3 , suse/git:latest Container Release : 4.3 Severity : important Type : security References : 1215888 1215889 CVE-2023-38545 CVE-2023-38546 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) The following package changes have been done: - libcurl4-8.0.1-150400.5.32.1 updated From sle-updates at lists.suse.com Fri Oct 13 12:24:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Oct 2023 14:24:27 +0200 (CEST) Subject: SUSE-CU-2023:3397-1: Security update of bci/golang Message-ID: <20231013122427.4B31EF417@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3397-1 Container Tags : bci/golang:1.21 , bci/golang:1.21-1.4.11 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.4.11 Container Release : 4.11 Severity : important Type : security References : 1214806 1215888 1215889 CVE-2023-38545 CVE-2023-38546 CVE-2023-4641 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) The following package changes have been done: - login_defs-4.8.1-150400.10.12.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - shadow-4.8.1-150400.10.12.1 updated - container:sles15-image-15.0.0-36.5.42 updated From sle-updates at lists.suse.com Fri Oct 13 12:24:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Oct 2023 14:24:43 +0200 (CEST) Subject: SUSE-CU-2023:3398-1: Security update of bci/openjdk-devel Message-ID: <20231013122443.2FAF8F417@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3398-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-10.21 Container Release : 10.21 Severity : important Type : security References : 1214806 1215888 1215889 CVE-2023-38545 CVE-2023-38546 CVE-2023-4641 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) The following package changes have been done: - login_defs-4.8.1-150400.10.12.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - shadow-4.8.1-150400.10.12.1 updated - container:bci-openjdk-11-15.5.11-11.10 updated From sle-updates at lists.suse.com Fri Oct 13 12:24:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Oct 2023 14:24:54 +0200 (CEST) Subject: SUSE-CU-2023:3399-1: Security update of bci/python Message-ID: <20231013122454.97FFDF417@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3399-1 Container Tags : bci/python:3 , bci/python:3-12.4 , bci/python:3.11 , bci/python:3.11-12.4 , bci/python:latest Container Release : 12.4 Severity : important Type : security References : 1214806 1215888 1215889 CVE-2023-38545 CVE-2023-38546 CVE-2023-4641 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) The following package changes have been done: - login_defs-4.8.1-150400.10.12.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - shadow-4.8.1-150400.10.12.1 updated - curl-8.0.1-150400.5.32.1 updated - container:sles15-image-15.0.0-36.5.41 updated From sle-updates at lists.suse.com Fri Oct 13 12:25:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Oct 2023 14:25:08 +0200 (CEST) Subject: SUSE-CU-2023:3400-1: Security update of bci/python Message-ID: <20231013122508.20296F417@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3400-1 Container Tags : bci/python:3 , bci/python:3-14.4 , bci/python:3.6 , bci/python:3.6-14.4 Container Release : 14.4 Severity : important Type : security References : 1214806 1215888 1215889 CVE-2023-38545 CVE-2023-38546 CVE-2023-4641 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) The following package changes have been done: - login_defs-4.8.1-150400.10.12.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - shadow-4.8.1-150400.10.12.1 updated - curl-8.0.1-150400.5.32.1 updated - container:sles15-image-15.0.0-36.5.41 updated From sle-updates at lists.suse.com Fri Oct 13 12:25:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Oct 2023 14:25:18 +0200 (CEST) Subject: SUSE-CU-2023:3401-1: Security update of bci/ruby Message-ID: <20231013122518.A0609F417@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3401-1 Container Tags : bci/ruby:2 , bci/ruby:2-12.8 , bci/ruby:2.5 , bci/ruby:2.5-12.8 , bci/ruby:latest Container Release : 12.8 Severity : important Type : security References : 1214806 1215888 1215889 CVE-2023-38545 CVE-2023-38546 CVE-2023-4641 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) The following package changes have been done: - login_defs-4.8.1-150400.10.12.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - shadow-4.8.1-150400.10.12.1 updated - curl-8.0.1-150400.5.32.1 updated - container:sles15-image-15.0.0-36.5.41 updated From sle-updates at lists.suse.com Fri Oct 13 12:25:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Oct 2023 14:25:31 +0200 (CEST) Subject: SUSE-CU-2023:3402-1: Security update of bci/rust Message-ID: <20231013122531.0AF21F417@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3402-1 Container Tags : bci/rust:1.72 , bci/rust:1.72-1.4.9 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.4.9 Container Release : 4.9 Severity : important Type : security References : 1214806 1215888 1215889 CVE-2023-38545 CVE-2023-38546 CVE-2023-4641 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) The following package changes have been done: - login_defs-4.8.1-150400.10.12.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - shadow-4.8.1-150400.10.12.1 updated - container:sles15-image-15.0.0-36.5.41 updated From sle-updates at lists.suse.com Fri Oct 13 12:25:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Oct 2023 14:25:41 +0200 (CEST) Subject: SUSE-CU-2023:3403-1: Security update of suse/sle15 Message-ID: <20231013122541.18C0DF417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3403-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.42 , suse/sle15:15.5 , suse/sle15:15.5.36.5.42 Container Release : 36.5.42 Severity : important Type : security References : 1214806 1215888 1215889 CVE-2023-38545 CVE-2023-38546 CVE-2023-4641 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) The following package changes have been done: - curl-8.0.1-150400.5.32.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - login_defs-4.8.1-150400.10.12.1 updated - shadow-4.8.1-150400.10.12.1 updated From sle-updates at lists.suse.com Fri Oct 13 12:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Oct 2023 12:30:04 -0000 Subject: SUSE-RU-2023:4074-1: important: Recommended update for tboot Message-ID: <169720020433.14502.2207141906496098580@smelt2.prg2.suse.org> # Recommended update for tboot Announcement ID: SUSE-RU-2023:4074-1 Rating: important References: * #1207833 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one fix can now be installed. ## Description: This update for tboot fixes the following issues: * Changes in the SLE-12-SP5 compiler toolchain seem to have broken the build. This upstream patch fixes a linker error in this context. * Correctly move MBI from a lower address above tboot (bsc#1207833). This fixes a broken boot situation in some configurations stopping with log line "TBOOT: loader context was moved from 0x
to 0x
". ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4074=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4074=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4074=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * tboot-20190704_1.9.10-3.12.5 * tboot-debuginfo-20190704_1.9.10-3.12.5 * tboot-debugsource-20190704_1.9.10-3.12.5 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * tboot-20190704_1.9.10-3.12.5 * tboot-debuginfo-20190704_1.9.10-3.12.5 * tboot-debugsource-20190704_1.9.10-3.12.5 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * tboot-20190704_1.9.10-3.12.5 * tboot-debuginfo-20190704_1.9.10-3.12.5 * tboot-debugsource-20190704_1.9.10-3.12.5 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207833 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 13 12:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Oct 2023 12:30:05 -0000 Subject: SUSE-RU-2023:4073-1: low: Recommended update for rpm Message-ID: <169720020588.14502.4496840936743819576@smelt2.prg2.suse.org> # Recommended update for rpm Announcement ID: SUSE-RU-2023:4073-1 Rating: low References: * PED-1988 * PED-68 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 Module 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 Module 4.3 An update that contains two features can now be installed. ## Description: This update for rpm fixes the following issue: * Enables build for all python modules (jsc#PED-68, jsc#PED-1988) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4073=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4073=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-4073=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-4073=1 * SUSE Manager Proxy 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2023-4073=1 * SUSE Manager Server 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-4073=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4073=1 openSUSE-SLE-15.4-2023-4073=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4073=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4073=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4073=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4073=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4073=1 ## Package List: * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * rpm-debuginfo-4.14.3-150400.59.3.1 * rpm-debugsource-4.14.3-150400.59.3.1 * rpm-build-debuginfo-4.14.3-150400.59.3.1 * rpm-build-4.14.3-150400.59.3.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * rpm-debuginfo-4.14.3-150400.59.3.1 * rpm-debugsource-4.14.3-150400.59.3.1 * rpm-build-debuginfo-4.14.3-150400.59.3.1 * rpm-build-4.14.3-150400.59.3.1 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * rpm-ndb-debuginfo-4.14.3-150400.59.3.1 * rpm-ndb-4.14.3-150400.59.3.1 * rpm-ndb-debugsource-4.14.3-150400.59.3.1 * Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64) * rpm-ndb-debuginfo-4.14.3-150400.59.3.1 * rpm-ndb-4.14.3-150400.59.3.1 * rpm-ndb-debugsource-4.14.3-150400.59.3.1 * SUSE Manager Proxy 4.3 Module 4.3 (aarch64 ppc64le s390x x86_64) * rpm-debuginfo-4.14.3-150400.59.3.1 * rpm-debugsource-4.14.3-150400.59.3.1 * rpm-build-debuginfo-4.14.3-150400.59.3.1 * rpm-build-4.14.3-150400.59.3.1 * SUSE Manager Server 4.3 Module 4.3 (aarch64 ppc64le s390x x86_64) * rpm-debuginfo-4.14.3-150400.59.3.1 * rpm-debugsource-4.14.3-150400.59.3.1 * rpm-build-debuginfo-4.14.3-150400.59.3.1 * rpm-build-4.14.3-150400.59.3.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * rpm-debugsource-4.14.3-150400.59.3.1 * rpm-devel-4.14.3-150400.59.3.1 * rpm-ndb-debugsource-4.14.3-150400.59.3.1 * rpm-debuginfo-4.14.3-150400.59.3.1 * python311-rpm-4.14.3-150400.59.3.1 * python311-rpm-debuginfo-4.14.3-150400.59.3.1 * rpm-build-debuginfo-4.14.3-150400.59.3.1 * rpm-4.14.3-150400.59.3.1 * rpm-ndb-debuginfo-4.14.3-150400.59.3.1 * python3-rpm-4.14.3-150400.59.3.1 * python-rpm-debugsource-4.14.3-150400.59.3.1 * rpm-ndb-4.14.3-150400.59.3.1 * python3-rpm-debuginfo-4.14.3-150400.59.3.1 * rpm-build-4.14.3-150400.59.3.1 * openSUSE Leap 15.4 (x86_64) * rpm-ndb-32bit-debuginfo-4.14.3-150400.59.3.1 * rpm-32bit-4.14.3-150400.59.3.1 * rpm-ndb-32bit-4.14.3-150400.59.3.1 * rpm-32bit-debuginfo-4.14.3-150400.59.3.1 * openSUSE Leap 15.4 (aarch64_ilp32) * rpm-ndb-64bit-4.14.3-150400.59.3.1 * rpm-ndb-64bit-debuginfo-4.14.3-150400.59.3.1 * rpm-64bit-debuginfo-4.14.3-150400.59.3.1 * rpm-64bit-4.14.3-150400.59.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * rpm-debugsource-4.14.3-150400.59.3.1 * rpm-devel-4.14.3-150400.59.3.1 * rpm-ndb-debugsource-4.14.3-150400.59.3.1 * rpm-debuginfo-4.14.3-150400.59.3.1 * rpm-build-debuginfo-4.14.3-150400.59.3.1 * rpm-4.14.3-150400.59.3.1 * rpm-ndb-debuginfo-4.14.3-150400.59.3.1 * python3-rpm-4.14.3-150400.59.3.1 * python-rpm-debugsource-4.14.3-150400.59.3.1 * rpm-ndb-4.14.3-150400.59.3.1 * python3-rpm-debuginfo-4.14.3-150400.59.3.1 * rpm-build-4.14.3-150400.59.3.1 * openSUSE Leap 15.5 (x86_64) * rpm-ndb-32bit-debuginfo-4.14.3-150400.59.3.1 * rpm-32bit-4.14.3-150400.59.3.1 * rpm-ndb-32bit-4.14.3-150400.59.3.1 * rpm-32bit-debuginfo-4.14.3-150400.59.3.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * rpm-debugsource-4.14.3-150400.59.3.1 * rpm-ndb-debugsource-4.14.3-150400.59.3.1 * rpm-debuginfo-4.14.3-150400.59.3.1 * rpm-4.14.3-150400.59.3.1 * rpm-ndb-debuginfo-4.14.3-150400.59.3.1 * python3-rpm-4.14.3-150400.59.3.1 * python-rpm-debugsource-4.14.3-150400.59.3.1 * rpm-ndb-4.14.3-150400.59.3.1 * python3-rpm-debuginfo-4.14.3-150400.59.3.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * rpm-debugsource-4.14.3-150400.59.3.1 * rpm-ndb-debugsource-4.14.3-150400.59.3.1 * rpm-debuginfo-4.14.3-150400.59.3.1 * rpm-4.14.3-150400.59.3.1 * rpm-ndb-debuginfo-4.14.3-150400.59.3.1 * python3-rpm-4.14.3-150400.59.3.1 * python-rpm-debugsource-4.14.3-150400.59.3.1 * rpm-ndb-4.14.3-150400.59.3.1 * python3-rpm-debuginfo-4.14.3-150400.59.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * rpm-debugsource-4.14.3-150400.59.3.1 * rpm-devel-4.14.3-150400.59.3.1 * rpm-debuginfo-4.14.3-150400.59.3.1 * rpm-4.14.3-150400.59.3.1 * python3-rpm-4.14.3-150400.59.3.1 * python-rpm-debugsource-4.14.3-150400.59.3.1 * python3-rpm-debuginfo-4.14.3-150400.59.3.1 * Basesystem Module 15-SP4 (x86_64) * rpm-32bit-4.14.3-150400.59.3.1 * rpm-32bit-debuginfo-4.14.3-150400.59.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * rpm-debugsource-4.14.3-150400.59.3.1 * rpm-devel-4.14.3-150400.59.3.1 * rpm-debuginfo-4.14.3-150400.59.3.1 * rpm-4.14.3-150400.59.3.1 * python3-rpm-4.14.3-150400.59.3.1 * python-rpm-debugsource-4.14.3-150400.59.3.1 * python3-rpm-debuginfo-4.14.3-150400.59.3.1 * Basesystem Module 15-SP5 (x86_64) * rpm-32bit-4.14.3-150400.59.3.1 * rpm-32bit-debuginfo-4.14.3-150400.59.3.1 ## References: * https://jira.suse.com/browse/PED-1988 * https://jira.suse.com/browse/PED-68 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 13 12:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Oct 2023 12:30:09 -0000 Subject: SUSE-SU-2023:4072-1: important: Security update for the Linux Kernel Message-ID: <169720020964.14502.10771747802209182505@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4072-1 Rating: important References: * #1202845 * #1213808 * #1214928 * #1214940 * #1214941 * #1214942 * #1214943 * #1214944 * #1214950 * #1214951 * #1214954 * #1214957 * #1214986 * #1214988 * #1214992 * #1214993 * #1215322 * #1215877 * #1215894 * #1215895 * #1215896 * #1215911 * #1215915 * #1215916 Cross-References: * CVE-2023-1192 * CVE-2023-1206 * CVE-2023-1859 * CVE-2023-2177 * CVE-2023-39192 * CVE-2023-39193 * CVE-2023-39194 * CVE-2023-4155 * CVE-2023-42753 * CVE-2023-42754 * CVE-2023-4389 * CVE-2023-4563 * CVE-2023-4622 * CVE-2023-4623 * CVE-2023-4881 * CVE-2023-4921 * CVE-2023-5345 CVSS scores: * CVE-2023-1192 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1206 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1206 ( NVD ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1859 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L * CVE-2023-1859 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2177 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2177 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39192 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H * CVE-2023-39192 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L * CVE-2023-39193 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39193 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39194 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2023-39194 ( NVD ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2023-4155 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-4155 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2023-42753 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-42754 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-42754 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4389 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-4389 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4563 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N * CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4881 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-4881 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2023-4921 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4921 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5345 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5345 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Development Tools Module 15-SP4 * Legacy Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves 17 vulnerabilities and has seven security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-4563: Fixed an use-after-free flaw in the nftables sub-component. This vulnerability could allow a local attacker to crash the system or lead to a kernel information leak problem. (bsc#1214727) * CVE-2023-39194: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215861) * CVE-2023-39193: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215860) * CVE-2023-39192: Fixed a flaw in the u32_match_it function which could allow a local attackers to disclose sensitive information. (bsc#1215858) * CVE-2023-42754: Fixed a null pointer dereference in ipv4_link_failure which could lead an authenticated attacker to trigger a DoS. (bsc#1215467) * CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215899) * CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages. (bsc#1214022) * CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351). * CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150). * CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703). * CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275). * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117). * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). * CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169). * CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). * CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system (bsc#1210643). * CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995). The following non-security bugs were fixed: * ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs (git- fixes). * ALSA: hda/realtek: Splitting the UX3402 into two separate models (git- fixes). * ARM: pxa: remove use of symbol_get() (git-fixes). * arm64: csum: Fix OoB access in IP checksum code for negative lengths (git- fixes). * arm64: module-plts: inline linux/moduleloader.h (git-fixes) * arm64: module: Use module_init_layout_section() to spot init sections (git- fixes) * arm64: sdei: abort running SDEI handlers during crash (git-fixes) * arm64: tegra: Update AHUB clock parent and rate (git-fixes) * arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git- fixes) * ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes). * ASoC: meson: spdifin: start hw on dai probe (git-fixes). * ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes). * ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes). * ata: libata: disallow dev-initiated LPM transitions to unsupported states (git-fixes). * ata: pata_falcon: fix IO base selection for Q40 (git-fixes). * ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes). * ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes). * backlight: gpio_backlight: Drop output GPIO direction check for initial power state (git-fixes). * blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986). * blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992). * block/mq-deadline: use correct way to throttling write requests (bsc#1214993). * Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (git-fixes). * bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322). * bpf: Clear the probe_addr for uprobe (git-fixes). * btrfs: do not hold CPU for too long when defragging a file (bsc#1214988). * drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (git-fixes). * drm/amd/display: fix the white screen issue when >= 64GB DRAM (git-fixes). * drm/amd/display: prevent potential division by zero errors (git-fixes). * drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808). * drm/i915: mark requests for GuC virtual engines to avoid use-after-free (git-fixes). * drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (git-fixes). * drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes). * drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes). * ext4: avoid potential data overflow in next_linear_group (bsc#1214951). * ext4: correct inline offset when handling xattrs in inode body (bsc#1214950). * ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954). * ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943). * ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944). * ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942). * ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941). * ext4: Remove ext4 locking of moved directory (bsc#1214957). * ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940). * fs: do not update freeing inode i_io_list (bsc#1214813). * fs: Establish locking order for unrelated directories (bsc#1214958). * fs: Lock moved directories (bsc#1214959). * fs: lockd: avoid possible wrong NULL parameter (git-fixes). * fs: no need to check source (bsc#1215752). * fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE (bsc#1214813). * fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581). * gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479). * gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479). * gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479). * gve: Changes to add new TX queues (bsc#1214479). * gve: Control path for DQO-QPL (bsc#1214479). * gve: fix frag_list chaining (bsc#1214479). * gve: Fix gve interrupt names (bsc#1214479). * gve: RX path for DQO-QPL (bsc#1214479). * gve: trivial spell fix Recive to Receive (bsc#1214479). * gve: Tx path for DQO-QPL (bsc#1214479). * gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479). * gve: use vmalloc_array and vcalloc (bsc#1214479). * gve: XDP support GQI-QPL: helper function changes (bsc#1214479). * hwrng: virtio - add an internal buffer (git-fixes). * hwrng: virtio - always add a pending request (git-fixes). * hwrng: virtio - do not wait on cleanup (git-fixes). * hwrng: virtio - do not waste entropy (git-fixes). * hwrng: virtio - Fix race on data_avail and actual data (git-fixes). * i2c: aspeed: Reset the i2c controller when timeout occurs (git-fixes). * i3c: master: svc: fix probe failure when no i3c device exist (git-fixes). * idr: fix param name in idr_alloc_cyclic() doc (git-fixes). * Input: tca6416-keypad - fix interrupt enable disbalance (git-fixes). * iommu/virtio: Detach domain on endpoint release (git-fixes). * jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953). * jbd2: correct the end of the journal recovery scan range (bsc#1214955). * jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949). * jbd2: fix checkpoint cleanup performance regression (bsc#1214952). * jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948). * jbd2: recheck chechpointing non-dirty buffer (bsc#1214945). * jbd2: remove journal_clean_one_cp_list() (bsc#1214947). * jbd2: remove t_checkpoint_io_list (bsc#1214946). * jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946). * kabi/severities: ignore mlx4 internal symbols * kconfig: fix possible buffer overflow (git-fixes). * kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template. * kernel-binary: python3 is needed for build At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar scripts may exist. * kselftest/runner.sh: Propagate SIGTERM to runner child (git-fixes). * KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915). * KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896). * KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916). * KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894). * KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895). * KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911). * KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git- fixes). * KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes). * KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes). * KVM: x86/mmu: Include mmu.h in spte.h (git-fixes). * loop: Fix use-after-free issues (bsc#1214991). * loop: loop_set_status_from_info() check before assignment (bsc#1214990). * mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (bsc#1187236). * mlx4: Connect the ethernet part to the auxiliary bus (bsc#1187236). * mlx4: Connect the infiniband part to the auxiliary bus (bsc#1187236). * mlx4: Delete custom device management logic (bsc#1187236). * mlx4: Get rid of the mlx4_interface.activate callback (bsc#1187236). * mlx4: Get rid of the mlx4_interface.get_dev callback (bsc#1187236). * mlx4: Move the bond work to the core driver (bsc#1187236). * mlx4: Register mlx4 devices to an auxiliary virtual bus (bsc#1187236). * mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236). * mlx4: Replace the mlx4_interface.event callback with a notifier (bsc#1187236). * mlx4: Use 'void *' as the event param of mlx4_dispatch_event() (bsc#1187236). * module: Expose module_init_layout_section() (git-fixes) * net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes). * net: mana: Add page pool for RX buffers (bsc#1214040). * net: mana: Configure hwc timeout from hardware (bsc#1214037). * net: phy: micrel: Correct bit assignments for phy_device flags (git-fixes). * net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes). * net/mlx4: Remove many unnecessary NULL values (bsc#1187236). * NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git- fixes). * NFS/blocklayout: Use the passed in gfp flags (git-fixes). * NFS/pNFS: Fix assignment of xprtdata.cred (git-fixes). * NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes). * NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes). * NFSD: fix change_info in NFSv4 RENAME replies (git-fixes). * NFSD: Fix race to FREE_STATEID and cl_revoked (git-fixes). * NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes). * NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes). * NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes). * NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes). * NFSv4/pNFS: minor fix for cleanup path in nfs4_get_device_info (git-fixes). * ntb: Clean up tx tail index on link down (git-fixes). * ntb: Drop packets when qp link is down (git-fixes). * ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes). * nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543). * nvme-tcp: add recovery_delay to sysfs (bsc#1201284). * nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284). * nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284). * nvme-tcp: make 'err_work' a delayed work (bsc#1201284). * PCI: Free released resource after coalescing (git-fixes). * platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (git-fixes). * platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (git- fixes). * platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes). * platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors (git-fixes). * platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git- fixes). * platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes). * platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes). * platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes). * powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582). * powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729). * powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051). * powerpc/xics: Remove unnecessary endian conversion (bsc#1065729). * printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875). * pwm: lpc32xx: Remove handling of PWM channels (git-fixes). * quota: add new helper dquot_active() (bsc#1214998). * quota: factor out dquot_write_dquot() (bsc#1214995). * quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963). * quota: fix warning in dqgrab() (bsc#1214962). * quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961). * quota: rename dquot_active() to inode_quota_active() (bsc#1214997). * s390/qeth: Do not call dev_close/dev_open (DOWN/UP) (bsc#1214873 git-fixes). * s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215148). * scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes). * scsi: 53c700: Check that command slot is not NULL (git-fixes). * scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes). * scsi: core: Fix possible memory leak if device_add() fails (git-fixes). * scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes). * scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE (git-fixes). * scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes). * scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git- fixes). * scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (git-fixes). * scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes). * scsi: lpfc: Remove reftag check in DIF paths (git-fixes). * scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658). * scsi: qedf: Fix firmware halt over suspend and resume (git-fixes). * scsi: qedf: Fix NULL dereference in error handling (git-fixes). * scsi: qedi: Fix firmware halt over suspend and resume (git-fixes). * scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928). * scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928). * scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928). * scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928). * scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git- fixes). * scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928). * scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928). * scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928). * scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928). * scsi: qla2xxx: Remove unused declarations (bsc#1214928). * scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928). * scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928). * scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes). * scsi: scsi_debug: Remove dead code (git-fixes). * scsi: snic: Fix double free in snic_tgt_create() (git-fixes). * scsi: snic: Fix possible memory leak if device_add() fails (git-fixes). * scsi: storvsc: Handle additional SRB status values (git-fixes). * scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941). * selftests: tracing: Fix to unmount tracefs for recovering environment (git- fixes). * SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes). * tcpm: Avoid soft reset when partner does not support get_status (git-fixes). * tracing: Fix race issue between cpu buffer write and swap (git-fixes). * tracing: Remove extra space at the end of hwlat_detector/mode (git-fixes). * tracing: Remove unnecessary copying of tr->current_trace (git-fixes). * uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes). * udf: Fix extension of the last extent in the file (bsc#1214964). * udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965). * udf: Fix off-by-one error when discarding preallocation (bsc#1214966). * udf: Fix uninitialized array access for some pathnames (bsc#1214967). * uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes). * usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes). * usb: ehci: move new member has_ci_pec_bug into hole (git-fixes). * usb: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes). * usb: serial: option: add Quectel EM05G variant (0x030e) (git-fixes). * usb: typec: tcpci: clear the fault status bit (git-fixes). * usb: typec: tcpci: move tcpci.h to include/linux/usb/ (git-fixes). * vhost_vdpa: fix the crash in unmap a large memory (git-fixes). * vhost-scsi: unbreak any layout for response (git-fixes). * vhost: allow batching hint without size (git-fixes). * vhost: fix hung thread due to erroneous iotlb entries (git-fixes). * vhost: handle error while adding split ranges to iotlb (git-fixes). * virtio_net: add checking sq is full inside xdp xmit (git-fixes). * virtio_net: Fix probe failed when modprobe virtio_net (git-fixes). * virtio_net: reorder some funcs (git-fixes). * virtio_net: separate the logic of checking whether sq is full (git-fixes). * virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes). * virtio-mmio: do not break lifecycle of vm_dev (git-fixes). * virtio-net: fix race between set queues and probe (git-fixes). * virtio-net: set queues after driver_ok (git-fixes). * virtio-rng: make device ready before making request (git-fixes). * virtio: acknowledge all features before access (git-fixes). * vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582). * watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (git-fixes). * word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729). * x86/alternative: Fix race in try_get_desc() (git-fixes). * x86/boot/e820: Fix typo in e820.c comment (git-fixes). * x86/bugs: Reset speculation control settings on init (git-fixes). * x86/cpu: Add Lunar Lake M (git-fixes). * x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes). * x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git- fixes). * x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git- fixes). * x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes). * x86/ioapic: Do not return 0 from arch_dynirq_lower_bound() (git-fixes). * x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git- fixes). * x86/mce: Retrieve poison range from hardware (git-fixes). * x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes). * x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes). * x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes). * x86/purgatory: remove PGO flags (git-fixes). * x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git- fixes). * x86/reboot: Disable virtualization in an emergency if SVM is supported (git- fixes). * x86/resctl: fix scheduler confusion with 'current' (git-fixes). * x86/resctrl: Fix task CLOSID/RMID update race (git-fixes). * x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes). * x86/rtc: Remove __init for runtime functions (git-fixes). * x86/sgx: Reduce delay and interference of enclave release (git-fixes). * x86/srso: Do not probe microcode in a guest (git-fixes). * x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes). * x86/srso: Fix srso_show_state() side effect (git-fixes). * x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes). * x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes). * xen: remove a confusing comment on auto-translated guest I/O (git-fixes). * xprtrdma: Remap Receive buffers after a reconnect (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4072=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4072=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4072=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4072=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4072=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4072=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4072=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-4072=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4072=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-4072=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-4072=1 ## Package List: * openSUSE Leap 15.4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.92.1 * openSUSE Leap 15.4 (noarch) * kernel-source-vanilla-5.14.21-150400.24.92.1 * kernel-macros-5.14.21-150400.24.92.1 * kernel-docs-html-5.14.21-150400.24.92.1 * kernel-devel-5.14.21-150400.24.92.1 * kernel-source-5.14.21-150400.24.92.1 * openSUSE Leap 15.4 (nosrc ppc64le x86_64) * kernel-debug-5.14.21-150400.24.92.1 * openSUSE Leap 15.4 (ppc64le x86_64) * kernel-debug-debugsource-5.14.21-150400.24.92.1 * kernel-debug-debuginfo-5.14.21-150400.24.92.1 * kernel-debug-devel-debuginfo-5.14.21-150400.24.92.1 * kernel-debug-livepatch-devel-5.14.21-150400.24.92.1 * kernel-debug-devel-5.14.21-150400.24.92.1 * openSUSE Leap 15.4 (aarch64 ppc64le x86_64) * kernel-kvmsmall-devel-5.14.21-150400.24.92.1 * kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.92.1 * kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.92.1 * kernel-default-base-rebuild-5.14.21-150400.24.92.1.150400.24.42.1 * kernel-kvmsmall-debuginfo-5.14.21-150400.24.92.1 * kernel-kvmsmall-debugsource-5.14.21-150400.24.92.1 * kernel-default-base-5.14.21-150400.24.92.1.150400.24.42.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kernel-default-devel-5.14.21-150400.24.92.1 * kernel-default-livepatch-devel-5.14.21-150400.24.92.1 * kernel-default-debuginfo-5.14.21-150400.24.92.1 * kselftests-kmp-default-5.14.21-150400.24.92.1 * gfs2-kmp-default-debuginfo-5.14.21-150400.24.92.1 * cluster-md-kmp-default-5.14.21-150400.24.92.1 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.92.1 * kernel-default-livepatch-5.14.21-150400.24.92.1 * dlm-kmp-default-5.14.21-150400.24.92.1 * kernel-syms-5.14.21-150400.24.92.1 * reiserfs-kmp-default-5.14.21-150400.24.92.1 * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.92.1 * kselftests-kmp-default-debuginfo-5.14.21-150400.24.92.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.92.1 * kernel-default-extra-5.14.21-150400.24.92.1 * kernel-obs-build-5.14.21-150400.24.92.1 * kernel-default-extra-debuginfo-5.14.21-150400.24.92.1 * ocfs2-kmp-default-5.14.21-150400.24.92.1 * kernel-obs-qa-5.14.21-150400.24.92.1 * dlm-kmp-default-debuginfo-5.14.21-150400.24.92.1 * gfs2-kmp-default-5.14.21-150400.24.92.1 * kernel-default-optional-debuginfo-5.14.21-150400.24.92.1 * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.92.1 * kernel-default-debugsource-5.14.21-150400.24.92.1 * kernel-obs-build-debugsource-5.14.21-150400.24.92.1 * kernel-default-optional-5.14.21-150400.24.92.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150400.24.92.1 * openSUSE Leap 15.4 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-5.14.21-150400.24.92.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_92-default-debuginfo-1-150400.9.3.1 * kernel-livepatch-5_14_21-150400_24_92-default-1-150400.9.3.1 * kernel-livepatch-SLE15-SP4_Update_19-debugsource-1-150400.9.3.1 * openSUSE Leap 15.4 (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.92.1 * openSUSE Leap 15.4 (s390x) * kernel-zfcpdump-debuginfo-5.14.21-150400.24.92.1 * kernel-zfcpdump-debugsource-5.14.21-150400.24.92.1 * openSUSE Leap 15.4 (nosrc) * dtb-aarch64-5.14.21-150400.24.92.1 * openSUSE Leap 15.4 (aarch64) * dtb-allwinner-5.14.21-150400.24.92.1 * kernel-64kb-optional-debuginfo-5.14.21-150400.24.92.1 * dtb-cavium-5.14.21-150400.24.92.1 * dtb-amd-5.14.21-150400.24.92.1 * dtb-exynos-5.14.21-150400.24.92.1 * dtb-lg-5.14.21-150400.24.92.1 * dtb-hisilicon-5.14.21-150400.24.92.1 * dtb-nvidia-5.14.21-150400.24.92.1 * cluster-md-kmp-64kb-5.14.21-150400.24.92.1 * kernel-64kb-extra-5.14.21-150400.24.92.1 * kernel-64kb-optional-5.14.21-150400.24.92.1 * dtb-amazon-5.14.21-150400.24.92.1 * ocfs2-kmp-64kb-5.14.21-150400.24.92.1 * dtb-freescale-5.14.21-150400.24.92.1 * dtb-rockchip-5.14.21-150400.24.92.1 * dtb-marvell-5.14.21-150400.24.92.1 * cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.92.1 * dtb-apm-5.14.21-150400.24.92.1 * gfs2-kmp-64kb-5.14.21-150400.24.92.1 * reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.92.1 * reiserfs-kmp-64kb-5.14.21-150400.24.92.1 * kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.92.1 * dtb-renesas-5.14.21-150400.24.92.1 * dtb-broadcom-5.14.21-150400.24.92.1 * dtb-mediatek-5.14.21-150400.24.92.1 * kernel-64kb-debuginfo-5.14.21-150400.24.92.1 * kernel-64kb-livepatch-devel-5.14.21-150400.24.92.1 * ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.92.1 * dtb-qcom-5.14.21-150400.24.92.1 * dtb-amlogic-5.14.21-150400.24.92.1 * dtb-xilinx-5.14.21-150400.24.92.1 * dlm-kmp-64kb-5.14.21-150400.24.92.1 * gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.92.1 * kernel-64kb-debugsource-5.14.21-150400.24.92.1 * dtb-altera-5.14.21-150400.24.92.1 * dtb-sprd-5.14.21-150400.24.92.1 * dtb-apple-5.14.21-150400.24.92.1 * dtb-arm-5.14.21-150400.24.92.1 * kselftests-kmp-64kb-5.14.21-150400.24.92.1 * dtb-socionext-5.14.21-150400.24.92.1 * dlm-kmp-64kb-debuginfo-5.14.21-150400.24.92.1 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.92.1 * kernel-64kb-extra-debuginfo-5.14.21-150400.24.92.1 * kernel-64kb-devel-5.14.21-150400.24.92.1 * openSUSE Leap 15.4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.92.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.92.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.92.1.150400.24.42.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.92.1 * kernel-default-debugsource-5.14.21-150400.24.92.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.92.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.92.1.150400.24.42.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.92.1 * kernel-default-debugsource-5.14.21-150400.24.92.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.92.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.92.1.150400.24.42.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.92.1 * kernel-default-debugsource-5.14.21-150400.24.92.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.92.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.92.1.150400.24.42.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.92.1 * kernel-default-debugsource-5.14.21-150400.24.92.1 * Basesystem Module 15-SP4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.92.1 * Basesystem Module 15-SP4 (aarch64) * kernel-64kb-devel-debuginfo-5.14.21-150400.24.92.1 * kernel-64kb-devel-5.14.21-150400.24.92.1 * kernel-64kb-debugsource-5.14.21-150400.24.92.1 * kernel-64kb-debuginfo-5.14.21-150400.24.92.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150400.24.92.1 * Basesystem Module 15-SP4 (aarch64 ppc64le x86_64) * kernel-default-base-5.14.21-150400.24.92.1.150400.24.42.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kernel-default-devel-5.14.21-150400.24.92.1 * kernel-default-debuginfo-5.14.21-150400.24.92.1 * kernel-default-debugsource-5.14.21-150400.24.92.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.92.1 * Basesystem Module 15-SP4 (noarch) * kernel-devel-5.14.21-150400.24.92.1 * kernel-macros-5.14.21-150400.24.92.1 * Basesystem Module 15-SP4 (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.92.1 * Basesystem Module 15-SP4 (s390x) * kernel-zfcpdump-debuginfo-5.14.21-150400.24.92.1 * kernel-zfcpdump-debugsource-5.14.21-150400.24.92.1 * Development Tools Module 15-SP4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.92.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kernel-syms-5.14.21-150400.24.92.1 * kernel-obs-build-5.14.21-150400.24.92.1 * kernel-obs-build-debugsource-5.14.21-150400.24.92.1 * Development Tools Module 15-SP4 (noarch) * kernel-source-5.14.21-150400.24.92.1 * Legacy Module 15-SP4 (nosrc) * kernel-default-5.14.21-150400.24.92.1 * Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.92.1 * kernel-default-debugsource-5.14.21-150400.24.92.1 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.92.1 * reiserfs-kmp-default-5.14.21-150400.24.92.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-default-livepatch-devel-5.14.21-150400.24.92.1 * kernel-livepatch-SLE15-SP4_Update_19-debugsource-1-150400.9.3.1 * kernel-livepatch-5_14_21-150400_24_92-default-debuginfo-1-150400.9.3.1 * kernel-livepatch-5_14_21-150400_24_92-default-1-150400.9.3.1 * kernel-default-debuginfo-5.14.21-150400.24.92.1 * kernel-default-livepatch-5.14.21-150400.24.92.1 * kernel-default-debugsource-5.14.21-150400.24.92.1 * SUSE Linux Enterprise Live Patching 15-SP4 (nosrc) * kernel-default-5.14.21-150400.24.92.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.92.1 * ocfs2-kmp-default-5.14.21-150400.24.92.1 * dlm-kmp-default-debuginfo-5.14.21-150400.24.92.1 * gfs2-kmp-default-debuginfo-5.14.21-150400.24.92.1 * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.92.1 * kernel-default-debuginfo-5.14.21-150400.24.92.1 * cluster-md-kmp-default-5.14.21-150400.24.92.1 * dlm-kmp-default-5.14.21-150400.24.92.1 * kernel-default-debugsource-5.14.21-150400.24.92.1 * gfs2-kmp-default-5.14.21-150400.24.92.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (nosrc) * kernel-default-5.14.21-150400.24.92.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (nosrc) * kernel-default-5.14.21-150400.24.92.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * kernel-default-debuginfo-5.14.21-150400.24.92.1 * kernel-default-debugsource-5.14.21-150400.24.92.1 * kernel-default-extra-5.14.21-150400.24.92.1 * kernel-default-extra-debuginfo-5.14.21-150400.24.92.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1192.html * https://www.suse.com/security/cve/CVE-2023-1206.html * https://www.suse.com/security/cve/CVE-2023-1859.html * https://www.suse.com/security/cve/CVE-2023-2177.html * https://www.suse.com/security/cve/CVE-2023-39192.html * https://www.suse.com/security/cve/CVE-2023-39193.html * https://www.suse.com/security/cve/CVE-2023-39194.html * https://www.suse.com/security/cve/CVE-2023-4155.html * https://www.suse.com/security/cve/CVE-2023-42753.html * https://www.suse.com/security/cve/CVE-2023-42754.html * https://www.suse.com/security/cve/CVE-2023-4389.html * https://www.suse.com/security/cve/CVE-2023-4563.html * https://www.suse.com/security/cve/CVE-2023-4622.html * https://www.suse.com/security/cve/CVE-2023-4623.html * https://www.suse.com/security/cve/CVE-2023-4881.html * https://www.suse.com/security/cve/CVE-2023-4921.html * https://www.suse.com/security/cve/CVE-2023-5345.html * https://bugzilla.suse.com/show_bug.cgi?id=1202845 * https://bugzilla.suse.com/show_bug.cgi?id=1213808 * https://bugzilla.suse.com/show_bug.cgi?id=1214928 * https://bugzilla.suse.com/show_bug.cgi?id=1214940 * https://bugzilla.suse.com/show_bug.cgi?id=1214941 * https://bugzilla.suse.com/show_bug.cgi?id=1214942 * https://bugzilla.suse.com/show_bug.cgi?id=1214943 * https://bugzilla.suse.com/show_bug.cgi?id=1214944 * https://bugzilla.suse.com/show_bug.cgi?id=1214950 * https://bugzilla.suse.com/show_bug.cgi?id=1214951 * https://bugzilla.suse.com/show_bug.cgi?id=1214954 * https://bugzilla.suse.com/show_bug.cgi?id=1214957 * https://bugzilla.suse.com/show_bug.cgi?id=1214986 * https://bugzilla.suse.com/show_bug.cgi?id=1214988 * https://bugzilla.suse.com/show_bug.cgi?id=1214992 * https://bugzilla.suse.com/show_bug.cgi?id=1214993 * https://bugzilla.suse.com/show_bug.cgi?id=1215322 * https://bugzilla.suse.com/show_bug.cgi?id=1215877 * https://bugzilla.suse.com/show_bug.cgi?id=1215894 * https://bugzilla.suse.com/show_bug.cgi?id=1215895 * https://bugzilla.suse.com/show_bug.cgi?id=1215896 * https://bugzilla.suse.com/show_bug.cgi?id=1215911 * https://bugzilla.suse.com/show_bug.cgi?id=1215915 * https://bugzilla.suse.com/show_bug.cgi?id=1215916 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 13 12:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Oct 2023 12:30:16 -0000 Subject: SUSE-SU-2023:4071-1: important: Security update for the Linux Kernel Message-ID: <169720021623.14502.15645164940225747602@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4071-1 Rating: important References: * #1152472 * #1202845 * #1206453 * #1213808 * #1214928 * #1214942 * #1214943 * #1214944 * #1214950 * #1214951 * #1214954 * #1214957 * #1214986 * #1214988 * #1214992 * #1214993 * #1215322 * #1215877 * #1215894 * #1215895 * #1215896 * #1215911 * #1215915 * #1215916 * PED-2023 * PED-2025 Cross-References: * CVE-2023-1192 * CVE-2023-1206 * CVE-2023-1859 * CVE-2023-2177 * CVE-2023-39192 * CVE-2023-39193 * CVE-2023-39194 * CVE-2023-4155 * CVE-2023-42753 * CVE-2023-42754 * CVE-2023-4389 * CVE-2023-4622 * CVE-2023-4623 * CVE-2023-4881 * CVE-2023-4921 * CVE-2023-5345 CVSS scores: * CVE-2023-1192 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1206 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1206 ( NVD ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1859 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L * CVE-2023-1859 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2177 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2177 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39192 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H * CVE-2023-39192 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L * CVE-2023-39193 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39193 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39194 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2023-39194 ( NVD ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2023-4155 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-4155 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2023-42753 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-42754 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-42754 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4389 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-4389 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4881 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-4881 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2023-4921 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4921 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5345 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5345 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP5 * Development Tools Module 15-SP5 * Legacy Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP5 An update that solves 16 vulnerabilities, contains two features and has eight security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-39194: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215861) * CVE-2023-39193: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215860) * CVE-2023-39192: Fixed a flaw in the u32_match_it function which could allow a local attackers to disclose sensitive information. (bsc#1215858) * CVE-2023-42754: Fixed a null pointer dereference in ipv4_link_failure which could lead an authenticated attacker to trigger a DoS. (bsc#1215467) * CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215899) * CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages. (bsc#1214022) * CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351). * CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150). * CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703). * CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275). * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117). * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). * CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169). * CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). * CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system (bsc#1210643). * CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995). The following non-security bugs were fixed: * ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs (git- fixes). * ALSA: hda/realtek: Splitting the UX3402 into two separate models (git- fixes). * ARM: pxa: remove use of symbol_get() (git-fixes). * arm64: csum: Fix OoB access in IP checksum code for negative lengths (git- fixes). * arm64: module-plts: inline linux/moduleloader.h (git-fixes) * arm64: module: Use module_init_layout_section() to spot init sections (git- fixes) * arm64: sdei: abort running SDEI handlers during crash (git-fixes) * arm64: tegra: Update AHUB clock parent and rate (git-fixes) * arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git- fixes) * arm64/hyperv: Use CPUHP_AP_HYPERV_ONLINE state to fix CPU online sequencing (bsc#1206453). * ASoC: amd: yc: Fix non-functional mic on Lenovo 82QF and 82UG (git-fixes). * ASoC: hdaudio.c: Add missing check for devm_kstrdup (git-fixes). * ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes). * ASoC: meson: spdifin: start hw on dai probe (git-fixes). * ASoC: rt5640: Fix IRQ not being free-ed for HDA jack detect mode (git- fixes). * ASoC: rt5640: Fix sleep in atomic context (git-fixes). * ASoC: rt5640: Revert "Fix sleep in atomic context" (git-fixes). * ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes). * ASoC: SOF: core: Only call sof_ops_free() on remove if the probe was successful (git-fixes). * ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes). * ata: libata: disallow dev-initiated LPM transitions to unsupported states (git-fixes). * ata: pata_falcon: fix IO base selection for Q40 (git-fixes). * ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes). * ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes). * backlight: gpio_backlight: Drop output GPIO direction check for initial power state (git-fixes). * blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986). * blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992). * block/mq-deadline: use correct way to throttling write requests (bsc#1214993). * Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (git-fixes). * bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322). * bpf: Clear the probe_addr for uprobe (git-fixes). * btrfs: do not hold CPU for too long when defragging a file (bsc#1214988). * clocksource: hyper-v: Mark hyperv tsc page unencrypted in sev-snp enlightened guest (bsc#1206453). * drivers: hv: Mark percpu hvcall input arg page unencrypted in SEV-SNP enlightened guest (bsc#1206453). * Drivers: hv: vmbus: Bring the post_msg_page back for TDX VMs with the paravisor (bsc#1206453). * Drivers: hv: vmbus: Support >64 VPs for a fully enlightened TDX/SNP VM (bsc#1206453). * Drivers: hv: vmbus: Support fully enlightened TDX guests (bsc#1206453). * drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (git-fixes). * drm/amd/display: Add smu write msg id fail retry process (git-fixes). * drm/amd/display: enable cursor degamma for DCN3+ DRM legacy gamma (git- fixes). * drm/amd/display: fix the white screen issue when >= 64GB DRAM (git-fixes). * drm/amd/display: prevent potential division by zero errors (git-fixes). * drm/amd/display: register edp_backlight_control() for DCN301 (git-fixes). * drm/amd/display: Remove wait while locked (git-fixes). * drm/ast: Add BMC virtual connector (bsc#1152472) Backporting changes: * rename ast_device to ast_private * drm/ast: report connection status on Display Port. (bsc#1152472) Backporting changes: * rename ast_device to ast_private * context changes * drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808). * drm/i915: mark requests for GuC virtual engines to avoid use-after-free (git-fixes). * drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (git-fixes). * drm/i915/gvt: Put the page reference obtained by KVM's gfn_to_pfn() (git- fixes). * drm/i915/gvt: Verify pfn is "valid" before dereferencing "struct page" (git- fixes). * drm/meson: fix memory leak on ->hpd_notify callback (git-fixes). * drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes). * drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes). * ext4: avoid potential data overflow in next_linear_group (bsc#1214951). * ext4: correct inline offset when handling xattrs in inode body (bsc#1214950). * ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954). * ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943). * ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944). * ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942). * ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941). * ext4: Remove ext4 locking of moved directory (bsc#1214957). * ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940). * fs: do not update freeing inode i_io_list (bsc#1214813). * fs: Establish locking order for unrelated directories (bsc#1214958). * fs: Lock moved directories (bsc#1214959). * fs: lockd: avoid possible wrong NULL parameter (git-fixes). * fs: no need to check source (bsc#1215752). * fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE (bsc#1214813). * fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581). * gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479). * gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479). * gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479). * gve: Changes to add new TX queues (bsc#1214479). * gve: Control path for DQO-QPL (bsc#1214479). * gve: fix frag_list chaining (bsc#1214479). * gve: Fix gve interrupt names (bsc#1214479). * gve: RX path for DQO-QPL (bsc#1214479). * gve: trivial spell fix Recive to Receive (bsc#1214479). * gve: Tx path for DQO-QPL (bsc#1214479). * gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479). * gve: use vmalloc_array and vcalloc (bsc#1214479). * gve: XDP support GQI-QPL: helper function changes (bsc#1214479). * hwrng: virtio - add an internal buffer (git-fixes). * hwrng: virtio - always add a pending request (git-fixes). * hwrng: virtio - do not wait on cleanup (git-fixes). * hwrng: virtio - do not waste entropy (git-fixes). * hwrng: virtio - Fix race on data_avail and actual data (git-fixes). * i2c: aspeed: Reset the i2c controller when timeout occurs (git-fixes). * i3c: master: svc: fix probe failure when no i3c device exist (git-fixes). * i915/pmu: Move execlist stats initialization to execlist specific setup (git-fixes). * idr: fix param name in idr_alloc_cyclic() doc (git-fixes). * Input: tca6416-keypad - fix interrupt enable disbalance (git-fixes). * iommu/virtio: Detach domain on endpoint release (git-fixes). * iommu/virtio: Return size mapped for a detached domain (git-fixes). * jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953). * jbd2: correct the end of the journal recovery scan range (bsc#1214955). * jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949). * jbd2: fix checkpoint cleanup performance regression (bsc#1214952). * jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948). * jbd2: recheck chechpointing non-dirty buffer (bsc#1214945). * jbd2: remove journal_clean_one_cp_list() (bsc#1214947). * jbd2: remove t_checkpoint_io_list (bsc#1214946). * jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946). * kabi: hide changes in enum ipl_type and struct sclp_info (jsc#PED-2023 jsc#PED-2025). * kabi/severities: ignore mlx4 internal symbols * kconfig: fix possible buffer overflow (git-fixes). * kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template. * kernel-binary: python3 is needed for build At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar scripts may exist. * kselftest/runner.sh: Propagate SIGTERM to runner child (git-fixes). * KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915). * KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896). * KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916). * KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894). * KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895). * KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911). * KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git- fixes). * KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes). * KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes). * KVM: x86/mmu: Include mmu.h in spte.h (git-fixes). * loop: Fix use-after-free issues (bsc#1214991). * loop: loop_set_status_from_info() check before assignment (bsc#1214990). * mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (bsc#1187236). * mlx4: Connect the ethernet part to the auxiliary bus (bsc#1187236). * mlx4: Connect the infiniband part to the auxiliary bus (bsc#1187236). * mlx4: Delete custom device management logic (bsc#1187236). * mlx4: Get rid of the mlx4_interface.activate callback (bsc#1187236). * mlx4: Get rid of the mlx4_interface.get_dev callback (bsc#1187236). * mlx4: Move the bond work to the core driver (bsc#1187236). * mlx4: Register mlx4 devices to an auxiliary virtual bus (bsc#1187236). * mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236). * mlx4: Replace the mlx4_interface.event callback with a notifier (bsc#1187236). * mlx4: Use 'void *' as the event param of mlx4_dispatch_event() (bsc#1187236). * module: Expose module_init_layout_section() (git-fixes) * net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes). * net: mana: Add page pool for RX buffers (bsc#1214040). * net: mana: Configure hwc timeout from hardware (bsc#1214037). * net: phy: micrel: Correct bit assignments for phy_device flags (git-fixes). * net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes). * net/mlx4: Remove many unnecessary NULL values (bsc#1187236). * NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git- fixes). * NFS/blocklayout: Use the passed in gfp flags (git-fixes). * NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes). * NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes). * NFSD: fix change_info in NFSv4 RENAME replies (git-fixes). * NFSD: Fix race to FREE_STATEID and cl_revoked (git-fixes). * NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes). * NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes). * NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes). * NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes). * NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes). * ntb: Clean up tx tail index on link down (git-fixes). * ntb: Drop packets when qp link is down (git-fixes). * ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes). * nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543). * nvme-tcp: add recovery_delay to sysfs (bsc#1201284). * nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284). * nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284). * nvme-tcp: make 'err_work' a delayed work (bsc#1201284). * PCI: Free released resource after coalescing (git-fixes). * platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (git-fixes). * platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (git- fixes). * platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes). * platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors (git-fixes). * platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git- fixes). * platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes). * platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes). * platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes). * pNFS: Fix assignment of xprtdata.cred (git-fixes). * powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582). * powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729). * powerpc/xics: Remove unnecessary endian conversion (bsc#1065729). * printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875). * pwm: lpc32xx: Remove handling of PWM channels (git-fixes). * quota: add new helper dquot_active() (bsc#1214998). * quota: factor out dquot_write_dquot() (bsc#1214995). * quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963). * quota: fix warning in dqgrab() (bsc#1214962). * quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961). * quota: rename dquot_active() to inode_quota_active() (bsc#1214997). * RDMA/siw: Fabricate a GID on tun and loopback devices (git-fixes) * s390/dasd: fix command reject error on ESE devices (LTC#203630 bsc#1215123 git-fixes). * s390/dasd: fix hanging device after request requeue (git-fixes LTC#203629 bsc#1215124). * s390/ipl: add DEFINE_GENERIC_LOADPARM() (jsc#PED-2023). * s390/ipl: add eckd dump support (jsc#PED-2025). * s390/ipl: add eckd support (jsc#PED-2023). * s390/ipl: add loadparm parameter to eckd ipl/reipl data (jsc#PED-2023). * s390/ipl: use octal values instead of S_* macros (jsc#PED-2023). * s390/qeth: Do not call dev_close/dev_open (DOWN/UP) (bsc#1214873 git-fixes). * s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215148). * scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes). * scsi: 53c700: Check that command slot is not NULL (git-fixes). * scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes). * scsi: core: Fix possible memory leak if device_add() fails (git-fixes). * scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes). * scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE (git-fixes). * scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes). * scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git- fixes). * scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (git-fixes). * scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes). * scsi: lpfc: Remove reftag check in DIF paths (git-fixes). * scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658). * scsi: qedf: Fix firmware halt over suspend and resume (git-fixes). * scsi: qedf: Fix NULL dereference in error handling (git-fixes). * scsi: qedi: Fix firmware halt over suspend and resume (git-fixes). * scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928). * scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928). * scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928). * scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928). * scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git- fixes). * scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928). * scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928). * scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928). * scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928). * scsi: qla2xxx: Remove unused declarations (bsc#1214928). * scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928). * scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928). * scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes). * scsi: scsi_debug: Remove dead code (git-fixes). * scsi: snic: Fix double free in snic_tgt_create() (git-fixes). * scsi: snic: Fix possible memory leak if device_add() fails (git-fixes). * scsi: storvsc: Handle additional SRB status values (git-fixes). * scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941). * selftests: mlxsw: Fix test failure on Spectrum-4 (jsc#PED-1549). * selftests: tracing: Fix to unmount tracefs for recovering environment (git- fixes). * spi: Add TPM HW flow flag (bsc#1213534) * spi: tegra210-quad: Enable TPM wait polling (bsc#1213534) * spi: tegra210-quad: set half duplex flag (bsc#1213534) * SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes). * tcpm: Avoid soft reset when partner does not support get_status (git-fixes). * tpm_tis_spi: Add hardware wait polling (bsc#1213534) * tracing: Fix race issue between cpu buffer write and swap (git-fixes). * tracing: Remove extra space at the end of hwlat_detector/mode (git-fixes). * tracing: Remove unnecessary copying of tr->current_trace (git-fixes). * uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes). * udf: Fix extension of the last extent in the file (bsc#1214964). * udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965). * udf: Fix off-by-one error when discarding preallocation (bsc#1214966). * udf: Fix uninitialized array access for some pathnames (bsc#1214967). * Update metadata * uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes). * usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes). * usb: ehci: move new member has_ci_pec_bug into hole (git-fixes). * usb: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes). * usb: serial: option: add Quectel EM05G variant (0x030e) (git-fixes). * usb: typec: tcpci: clear the fault status bit (git-fixes). * usb: typec: tcpci: move tcpci.h to include/linux/usb/ (git-fixes). * vhost_vdpa: fix the crash in unmap a large memory (git-fixes). * vhost-scsi: unbreak any layout for response (git-fixes). * vhost: allow batching hint without size (git-fixes). * vhost: allow batching hint without size (git-fixes). * vhost: fix hung thread due to erroneous iotlb entries (git-fixes). * vhost: handle error while adding split ranges to iotlb (git-fixes). * virtio_net: add checking sq is full inside xdp xmit (git-fixes). * virtio_net: Fix probe failed when modprobe virtio_net (git-fixes). * virtio_net: reorder some funcs (git-fixes). * virtio_net: separate the logic of checking whether sq is full (git-fixes). * virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes). * virtio-blk: set req->state to MQ_RQ_COMPLETE after polling I/O is finished (git-fixes). * virtio-mmio: do not break lifecycle of vm_dev (git-fixes). * virtio-net: fix race between set queues and probe (git-fixes). * virtio-net: set queues after driver_ok (git-fixes). * virtio-rng: make device ready before making request (git-fixes). * virtio: acknowledge all features before access (git-fixes). * vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582). * watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (git-fixes). * word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729). * x86/alternative: Fix race in try_get_desc() (git-fixes). * x86/boot/e820: Fix typo in e820.c comment (git-fixes). * x86/bugs: Reset speculation control settings on init (git-fixes). * x86/coco: Allow CPU online/offline for a TDX VM with the paravisor on Hyper-V (bsc#1206453). * x86/coco: Export cc_vendor (bsc#1206453). * x86/cpu: Add Lunar Lake M (git-fixes). * x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes). * x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git- fixes). * x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git- fixes). * x86/hyperv: Add hv_isolation_type_tdx() to detect TDX guests (bsc#1206453). * x86/hyperv: Add hv_write_efer() for a TDX VM with the paravisor (bsc#1206453). * x86/hyperv: Add hyperv-specific handling for VMMCALL under SEV-ES (bsc#1206453). * x86/hyperv: Add missing 'inline' to hv_snp_boot_ap() stub (bsc#1206453). * x86/hyperv: Add sev-snp enlightened guest static key (bsc#1206453) * x86/hyperv: Add smp support for SEV-SNP guest (bsc#1206453). * x86/hyperv: Add VTL specific structs and hypercalls (bsc#1206453). * x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline (bsc#1206453). * x86/hyperv: Fix serial console interrupts for fully enlightened TDX guests (bsc#1206453). * x86/hyperv: Fix undefined reference to isolation_type_en_snp without CONFIG_HYPERV (bsc#1206453). * x86/hyperv: Introduce a global variable hyperv_paravisor_present (bsc#1206453). * x86/hyperv: Mark hv_ghcb_terminate() as noreturn (bsc#1206453). * x86/hyperv: Mark Hyper-V vp assist page unencrypted in SEV-SNP enlightened guest (bsc#1206453). * x86/hyperv: Move the code in ivm.c around to avoid unnecessary ifdef's (bsc#1206453). * x86/hyperv: Remove hv_isolation_type_en_snp (bsc#1206453). * x86/hyperv: Set Virtual Trust Level in VMBus init message (bsc#1206453). * x86/hyperv: Support hypercalls for fully enlightened TDX guests (bsc#1206453). * x86/hyperv: Use TDX GHCI to access some MSRs in a TDX VM with the paravisor (bsc#1206453). * x86/hyperv: Use vmmcall to implement Hyper-V hypercall in sev-snp enlightened guest (bsc#1206453). * x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes). * x86/ioapic: Do not return 0 from arch_dynirq_lower_bound() (git-fixes). * x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git- fixes). * x86/mce: Retrieve poison range from hardware (git-fixes). * x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes). * x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes). * x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes). * x86/purgatory: remove PGO flags (git-fixes). * x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git- fixes). * x86/reboot: Disable virtualization in an emergency if SVM is supported (git- fixes). * x86/resctl: fix scheduler confusion with 'current' (git-fixes). * x86/resctrl: Fix task CLOSID/RMID update race (git-fixes). * x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes). * x86/rtc: Remove __init for runtime functions (git-fixes). * x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635). * x86/sgx: Reduce delay and interference of enclave release (git-fixes). * x86/srso: Do not probe microcode in a guest (git-fixes). * x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes). * x86/srso: Fix srso_show_state() side effect (git-fixes). * x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes). * x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes). * xen: remove a confusing comment on auto-translated guest I/O (git-fixes). * xprtrdma: Remap Receive buffers after a reconnect (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4071=1 openSUSE-SLE-15.5-2023-4071=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4071=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4071=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4071=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-4071=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4071=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2023-4071=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4071=1 ## Package List: * openSUSE Leap 15.5 (noarch nosrc) * kernel-docs-5.14.21-150500.55.31.1 * openSUSE Leap 15.5 (noarch) * kernel-macros-5.14.21-150500.55.31.1 * kernel-source-vanilla-5.14.21-150500.55.31.1 * kernel-source-5.14.21-150500.55.31.1 * kernel-devel-5.14.21-150500.55.31.1 * kernel-docs-html-5.14.21-150500.55.31.1 * openSUSE Leap 15.5 (nosrc ppc64le x86_64) * kernel-debug-5.14.21-150500.55.31.1 * openSUSE Leap 15.5 (ppc64le x86_64) * kernel-debug-debuginfo-5.14.21-150500.55.31.1 * kernel-debug-devel-debuginfo-5.14.21-150500.55.31.1 * kernel-debug-livepatch-devel-5.14.21-150500.55.31.1 * kernel-debug-devel-5.14.21-150500.55.31.1 * kernel-debug-debugsource-5.14.21-150500.55.31.1 * openSUSE Leap 15.5 (x86_64) * kernel-default-vdso-debuginfo-5.14.21-150500.55.31.1 * kernel-kvmsmall-vdso-debuginfo-5.14.21-150500.55.31.1 * kernel-debug-vdso-5.14.21-150500.55.31.1 * kernel-default-vdso-5.14.21-150500.55.31.1 * kernel-kvmsmall-vdso-5.14.21-150500.55.31.1 * kernel-debug-vdso-debuginfo-5.14.21-150500.55.31.1 * openSUSE Leap 15.5 (aarch64 ppc64le x86_64) * kernel-kvmsmall-debuginfo-5.14.21-150500.55.31.1 * kernel-default-base-5.14.21-150500.55.31.1.150500.6.13.1 * kernel-kvmsmall-livepatch-devel-5.14.21-150500.55.31.1 * kernel-kvmsmall-devel-debuginfo-5.14.21-150500.55.31.1 * kernel-kvmsmall-debugsource-5.14.21-150500.55.31.1 * kernel-kvmsmall-devel-5.14.21-150500.55.31.1 * kernel-default-base-rebuild-5.14.21-150500.55.31.1.150500.6.13.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * reiserfs-kmp-default-debuginfo-5.14.21-150500.55.31.1 * ocfs2-kmp-default-debuginfo-5.14.21-150500.55.31.1 * kernel-default-livepatch-devel-5.14.21-150500.55.31.1 * kernel-default-debugsource-5.14.21-150500.55.31.1 * kernel-syms-5.14.21-150500.55.31.1 * dlm-kmp-default-5.14.21-150500.55.31.1 * gfs2-kmp-default-5.14.21-150500.55.31.1 * kernel-default-extra-debuginfo-5.14.21-150500.55.31.1 * dlm-kmp-default-debuginfo-5.14.21-150500.55.31.1 * kselftests-kmp-default-debuginfo-5.14.21-150500.55.31.1 * kselftests-kmp-default-5.14.21-150500.55.31.1 * kernel-default-debuginfo-5.14.21-150500.55.31.1 * kernel-default-extra-5.14.21-150500.55.31.1 * reiserfs-kmp-default-5.14.21-150500.55.31.1 * kernel-default-optional-5.14.21-150500.55.31.1 * kernel-default-devel-debuginfo-5.14.21-150500.55.31.1 * kernel-obs-build-debugsource-5.14.21-150500.55.31.1 * cluster-md-kmp-default-5.14.21-150500.55.31.1 * kernel-obs-build-5.14.21-150500.55.31.1 * kernel-obs-qa-5.14.21-150500.55.31.1 * kernel-default-optional-debuginfo-5.14.21-150500.55.31.1 * cluster-md-kmp-default-debuginfo-5.14.21-150500.55.31.1 * kernel-default-livepatch-5.14.21-150500.55.31.1 * ocfs2-kmp-default-5.14.21-150500.55.31.1 * gfs2-kmp-default-debuginfo-5.14.21-150500.55.31.1 * kernel-default-devel-5.14.21-150500.55.31.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150500.55.31.1 * openSUSE Leap 15.5 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-5.14.21-150500.55.31.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_6-debugsource-1-150500.11.3.1 * kernel-livepatch-5_14_21-150500_55_31-default-debuginfo-1-150500.11.3.1 * kernel-livepatch-5_14_21-150500_55_31-default-1-150500.11.3.1 * openSUSE Leap 15.5 (nosrc s390x) * kernel-zfcpdump-5.14.21-150500.55.31.1 * openSUSE Leap 15.5 (s390x) * kernel-zfcpdump-debuginfo-5.14.21-150500.55.31.1 * kernel-zfcpdump-debugsource-5.14.21-150500.55.31.1 * openSUSE Leap 15.5 (nosrc) * dtb-aarch64-5.14.21-150500.55.31.1 * openSUSE Leap 15.5 (aarch64) * dtb-marvell-5.14.21-150500.55.31.1 * dlm-kmp-64kb-debuginfo-5.14.21-150500.55.31.1 * kselftests-kmp-64kb-debuginfo-5.14.21-150500.55.31.1 * dtb-amazon-5.14.21-150500.55.31.1 * dtb-lg-5.14.21-150500.55.31.1 * kernel-64kb-devel-debuginfo-5.14.21-150500.55.31.1 * kernel-64kb-devel-5.14.21-150500.55.31.1 * kernel-64kb-optional-5.14.21-150500.55.31.1 * dlm-kmp-64kb-5.14.21-150500.55.31.1 * kernel-64kb-debugsource-5.14.21-150500.55.31.1 * kselftests-kmp-64kb-5.14.21-150500.55.31.1 * dtb-apple-5.14.21-150500.55.31.1 * ocfs2-kmp-64kb-5.14.21-150500.55.31.1 * kernel-64kb-optional-debuginfo-5.14.21-150500.55.31.1 * reiserfs-kmp-64kb-debuginfo-5.14.21-150500.55.31.1 * reiserfs-kmp-64kb-5.14.21-150500.55.31.1 * dtb-qcom-5.14.21-150500.55.31.1 * cluster-md-kmp-64kb-5.14.21-150500.55.31.1 * gfs2-kmp-64kb-5.14.21-150500.55.31.1 * dtb-exynos-5.14.21-150500.55.31.1 * kernel-64kb-debuginfo-5.14.21-150500.55.31.1 * dtb-arm-5.14.21-150500.55.31.1 * kernel-64kb-extra-debuginfo-5.14.21-150500.55.31.1 * kernel-64kb-livepatch-devel-5.14.21-150500.55.31.1 * dtb-freescale-5.14.21-150500.55.31.1 * dtb-allwinner-5.14.21-150500.55.31.1 * dtb-xilinx-5.14.21-150500.55.31.1 * dtb-socionext-5.14.21-150500.55.31.1 * dtb-nvidia-5.14.21-150500.55.31.1 * dtb-amlogic-5.14.21-150500.55.31.1 * gfs2-kmp-64kb-debuginfo-5.14.21-150500.55.31.1 * ocfs2-kmp-64kb-debuginfo-5.14.21-150500.55.31.1 * dtb-apm-5.14.21-150500.55.31.1 * dtb-renesas-5.14.21-150500.55.31.1 * dtb-amd-5.14.21-150500.55.31.1 * dtb-cavium-5.14.21-150500.55.31.1 * dtb-mediatek-5.14.21-150500.55.31.1 * dtb-hisilicon-5.14.21-150500.55.31.1 * cluster-md-kmp-64kb-debuginfo-5.14.21-150500.55.31.1 * dtb-altera-5.14.21-150500.55.31.1 * kernel-64kb-extra-5.14.21-150500.55.31.1 * dtb-broadcom-5.14.21-150500.55.31.1 * dtb-sprd-5.14.21-150500.55.31.1 * dtb-rockchip-5.14.21-150500.55.31.1 * openSUSE Leap 15.5 (aarch64 nosrc) * kernel-64kb-5.14.21-150500.55.31.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150500.55.31.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 x86_64) * kernel-default-base-5.14.21-150500.55.31.1.150500.6.13.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150500.55.31.1 * kernel-default-debugsource-5.14.21-150500.55.31.1 * Basesystem Module 15-SP5 (aarch64 nosrc) * kernel-64kb-5.14.21-150500.55.31.1 * Basesystem Module 15-SP5 (aarch64) * kernel-64kb-debugsource-5.14.21-150500.55.31.1 * kernel-64kb-devel-5.14.21-150500.55.31.1 * kernel-64kb-debuginfo-5.14.21-150500.55.31.1 * kernel-64kb-devel-debuginfo-5.14.21-150500.55.31.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150500.55.31.1 * Basesystem Module 15-SP5 (aarch64 ppc64le x86_64) * kernel-default-base-5.14.21-150500.55.31.1.150500.6.13.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * kernel-default-debuginfo-5.14.21-150500.55.31.1 * kernel-default-devel-5.14.21-150500.55.31.1 * kernel-default-debugsource-5.14.21-150500.55.31.1 * kernel-default-devel-debuginfo-5.14.21-150500.55.31.1 * Basesystem Module 15-SP5 (noarch) * kernel-macros-5.14.21-150500.55.31.1 * kernel-devel-5.14.21-150500.55.31.1 * Basesystem Module 15-SP5 (nosrc s390x) * kernel-zfcpdump-5.14.21-150500.55.31.1 * Basesystem Module 15-SP5 (s390x) * kernel-zfcpdump-debuginfo-5.14.21-150500.55.31.1 * kernel-zfcpdump-debugsource-5.14.21-150500.55.31.1 * Development Tools Module 15-SP5 (noarch nosrc) * kernel-docs-5.14.21-150500.55.31.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-debugsource-5.14.21-150500.55.31.1 * kernel-syms-5.14.21-150500.55.31.1 * kernel-obs-build-5.14.21-150500.55.31.1 * Development Tools Module 15-SP5 (noarch) * kernel-source-5.14.21-150500.55.31.1 * Legacy Module 15-SP5 (nosrc) * kernel-default-5.14.21-150500.55.31.1 * Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) * kernel-default-debuginfo-5.14.21-150500.55.31.1 * kernel-default-debugsource-5.14.21-150500.55.31.1 * reiserfs-kmp-default-5.14.21-150500.55.31.1 * reiserfs-kmp-default-debuginfo-5.14.21-150500.55.31.1 * SUSE Linux Enterprise Live Patching 15-SP5 (nosrc) * kernel-default-5.14.21-150500.55.31.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_31-default-1-150500.11.3.1 * kernel-livepatch-SLE15-SP5_Update_6-debugsource-1-150500.11.3.1 * kernel-default-livepatch-devel-5.14.21-150500.55.31.1 * kernel-livepatch-5_14_21-150500_55_31-default-debuginfo-1-150500.11.3.1 * kernel-default-debuginfo-5.14.21-150500.55.31.1 * kernel-default-debugsource-5.14.21-150500.55.31.1 * kernel-default-livepatch-5.14.21-150500.55.31.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * cluster-md-kmp-default-5.14.21-150500.55.31.1 * ocfs2-kmp-default-debuginfo-5.14.21-150500.55.31.1 * dlm-kmp-default-debuginfo-5.14.21-150500.55.31.1 * ocfs2-kmp-default-5.14.21-150500.55.31.1 * kernel-default-debuginfo-5.14.21-150500.55.31.1 * gfs2-kmp-default-debuginfo-5.14.21-150500.55.31.1 * kernel-default-debugsource-5.14.21-150500.55.31.1 * cluster-md-kmp-default-debuginfo-5.14.21-150500.55.31.1 * dlm-kmp-default-5.14.21-150500.55.31.1 * gfs2-kmp-default-5.14.21-150500.55.31.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (nosrc) * kernel-default-5.14.21-150500.55.31.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (nosrc) * kernel-default-5.14.21-150500.55.31.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * kernel-default-debuginfo-5.14.21-150500.55.31.1 * kernel-default-extra-debuginfo-5.14.21-150500.55.31.1 * kernel-default-extra-5.14.21-150500.55.31.1 * kernel-default-debugsource-5.14.21-150500.55.31.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1192.html * https://www.suse.com/security/cve/CVE-2023-1206.html * https://www.suse.com/security/cve/CVE-2023-1859.html * https://www.suse.com/security/cve/CVE-2023-2177.html * https://www.suse.com/security/cve/CVE-2023-39192.html * https://www.suse.com/security/cve/CVE-2023-39193.html * https://www.suse.com/security/cve/CVE-2023-39194.html * https://www.suse.com/security/cve/CVE-2023-4155.html * https://www.suse.com/security/cve/CVE-2023-42753.html * https://www.suse.com/security/cve/CVE-2023-42754.html * https://www.suse.com/security/cve/CVE-2023-4389.html * https://www.suse.com/security/cve/CVE-2023-4622.html * https://www.suse.com/security/cve/CVE-2023-4623.html * https://www.suse.com/security/cve/CVE-2023-4881.html * https://www.suse.com/security/cve/CVE-2023-4921.html * https://www.suse.com/security/cve/CVE-2023-5345.html * https://bugzilla.suse.com/show_bug.cgi?id=1152472 * https://bugzilla.suse.com/show_bug.cgi?id=1202845 * https://bugzilla.suse.com/show_bug.cgi?id=1206453 * https://bugzilla.suse.com/show_bug.cgi?id=1213808 * https://bugzilla.suse.com/show_bug.cgi?id=1214928 * https://bugzilla.suse.com/show_bug.cgi?id=1214942 * https://bugzilla.suse.com/show_bug.cgi?id=1214943 * https://bugzilla.suse.com/show_bug.cgi?id=1214944 * https://bugzilla.suse.com/show_bug.cgi?id=1214950 * https://bugzilla.suse.com/show_bug.cgi?id=1214951 * https://bugzilla.suse.com/show_bug.cgi?id=1214954 * https://bugzilla.suse.com/show_bug.cgi?id=1214957 * https://bugzilla.suse.com/show_bug.cgi?id=1214986 * https://bugzilla.suse.com/show_bug.cgi?id=1214988 * https://bugzilla.suse.com/show_bug.cgi?id=1214992 * https://bugzilla.suse.com/show_bug.cgi?id=1214993 * https://bugzilla.suse.com/show_bug.cgi?id=1215322 * https://bugzilla.suse.com/show_bug.cgi?id=1215877 * https://bugzilla.suse.com/show_bug.cgi?id=1215894 * https://bugzilla.suse.com/show_bug.cgi?id=1215895 * https://bugzilla.suse.com/show_bug.cgi?id=1215896 * https://bugzilla.suse.com/show_bug.cgi?id=1215911 * https://bugzilla.suse.com/show_bug.cgi?id=1215915 * https://bugzilla.suse.com/show_bug.cgi?id=1215916 * https://jira.suse.com/browse/PED-2023 * https://jira.suse.com/browse/PED-2025 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 13 12:30:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Oct 2023 12:30:18 -0000 Subject: SUSE-SU-2023:4070-1: moderate: Security update for exiv2 Message-ID: <169720021877.14502.12856596275090691331@smelt2.prg2.suse.org> # Security update for exiv2 Announcement ID: SUSE-SU-2023:4070-1 Rating: moderate References: * #1117291 Cross-References: * CVE-2018-19535 CVSS scores: * CVE-2018-19535 ( SUSE ): 4.5 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2018-19535 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2018-19535 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for exiv2 fixes the following issues: * CVE-2018-19535: Fixed a heap-based buffer over-read which may cause a DoS via a crafted PNG file. (bsc#1117291) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4070=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4070=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4070=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4070=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * exiv2-debugsource-0.23-12.21.1 * libexiv2-devel-0.23-12.21.1 * exiv2-debuginfo-0.23-12.21.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * exiv2-debugsource-0.23-12.21.1 * libexiv2-12-debuginfo-0.23-12.21.1 * exiv2-debuginfo-0.23-12.21.1 * libexiv2-12-0.23-12.21.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * exiv2-debugsource-0.23-12.21.1 * libexiv2-12-debuginfo-0.23-12.21.1 * exiv2-debuginfo-0.23-12.21.1 * libexiv2-12-0.23-12.21.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * exiv2-debugsource-0.23-12.21.1 * libexiv2-12-debuginfo-0.23-12.21.1 * exiv2-debuginfo-0.23-12.21.1 * libexiv2-12-0.23-12.21.1 ## References: * https://www.suse.com/security/cve/CVE-2018-19535.html * https://bugzilla.suse.com/show_bug.cgi?id=1117291 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 13 12:30:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Oct 2023 12:30:20 -0000 Subject: SUSE-SU-2023:4069-1: important: Security update for go1.21 Message-ID: <169720022045.14502.6975113498260763102@smelt2.prg2.suse.org> # Security update for go1.21 Announcement ID: SUSE-SU-2023:4069-1 Rating: important References: * #1212475 * #1216109 Cross-References: * CVE-2023-39325 * CVE-2023-44487 CVSS scores: * CVE-2023-39325 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for go1.21 fixes the following issues: * Update to go1.21.3 (bsc#1212475) * CVE-2023-39325: Fixed a flaw that can lead to a DoS due to a rapid stream resets causing excessive work. This is also known as CVE-2023-44487. (bsc#1216109) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4069=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4069=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4069=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4069=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * go1.21-doc-1.21.3-150000.1.12.1 * go1.21-race-1.21.3-150000.1.12.1 * go1.21-1.21.3-150000.1.12.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * go1.21-doc-1.21.3-150000.1.12.1 * go1.21-1.21.3-150000.1.12.1 * Development Tools Module 15-SP4 (aarch64 x86_64) * go1.21-race-1.21.3-150000.1.12.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * go1.21-doc-1.21.3-150000.1.12.1 * go1.21-race-1.21.3-150000.1.12.1 * go1.21-1.21.3-150000.1.12.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * go1.21-doc-1.21.3-150000.1.12.1 * go1.21-race-1.21.3-150000.1.12.1 * go1.21-1.21.3-150000.1.12.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39325.html * https://www.suse.com/security/cve/CVE-2023-44487.html * https://bugzilla.suse.com/show_bug.cgi?id=1212475 * https://bugzilla.suse.com/show_bug.cgi?id=1216109 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 13 12:30:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Oct 2023 12:30:22 -0000 Subject: SUSE-SU-2023:4068-1: important: Security update for go1.20 Message-ID: <169720022264.14502.15888648841134115664@smelt2.prg2.suse.org> # Security update for go1.20 Announcement ID: SUSE-SU-2023:4068-1 Rating: important References: * #1206346 * #1216109 Cross-References: * CVE-2023-39325 * CVE-2023-44487 CVSS scores: * CVE-2023-39325 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for go1.20 fixes the following issues: * Update to go1.20.10 (bsc#1206346) * CVE-2023-39325: Fixed a flaw that can lead to a DoS due to a rapid stream resets causing excessive work. This is also known as CVE-2023-44487. (bsc#1216109) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4068=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4068=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4068=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4068=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * go1.20-doc-1.20.10-150000.1.29.1 * go1.20-race-1.20.10-150000.1.29.1 * go1.20-1.20.10-150000.1.29.1 * go1.20-debuginfo-1.20.10-150000.1.29.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * go1.20-doc-1.20.10-150000.1.29.1 * go1.20-race-1.20.10-150000.1.29.1 * go1.20-1.20.10-150000.1.29.1 * go1.20-debuginfo-1.20.10-150000.1.29.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * go1.20-doc-1.20.10-150000.1.29.1 * go1.20-1.20.10-150000.1.29.1 * Development Tools Module 15-SP4 (aarch64 x86_64) * go1.20-race-1.20.10-150000.1.29.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * go1.20-doc-1.20.10-150000.1.29.1 * go1.20-race-1.20.10-150000.1.29.1 * go1.20-1.20.10-150000.1.29.1 * go1.20-debuginfo-1.20.10-150000.1.29.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39325.html * https://www.suse.com/security/cve/CVE-2023-44487.html * https://bugzilla.suse.com/show_bug.cgi?id=1206346 * https://bugzilla.suse.com/show_bug.cgi?id=1216109 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 13 16:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Oct 2023 16:30:01 -0000 Subject: SUSE-RU-2023:3655-2: moderate: Recommended update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestf Message-ID: <169721460195.19281.14418423976394747304@smelt2.prg2.suse.org> # Recommended update for kubevirt, virt-api-container, virt-controller- container, virt-exportproxy-container, virt-exportserver-container, virt- handler-container, virt-launcher-container, virt-libguestf Announcement ID: SUSE-RU-2023:3655-2 Rating: moderate References: Affected Products: * SUSE Linux Enterprise Micro 5.5 An update that can now be installed. ## Description: This update for kubevirt, virt-api-container, virt-controller-container, virt- exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator- container, virt-pr-helper-container fixes the following issues: kubevirt was updated to fix: * Fix leaking file descriptor * Fix volume detach on hotplug attachment pod delete * Fix leaking tickers * Run helper pod as qemu user * SCSI reservation: fix leftover mount and resource permissions * Bump client-go (fix possible panic in discovery) * Wait for new hotplug attachment pod to be ready * Adapt the storage tests to the new populators flow * Create export VM datavolumes compatible with populators * Delete VMI prior to NFS server pod in tests * Use compat cmdline options for virtiofsd * Update to version 1.0.0 Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.0.0 * Switch to qemu user (107) * Initial container for qemu-pr-helper ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-3655=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (x86_64) * kubevirt-manifests-1.0.0-150500.8.3.1 * kubevirt-virtctl-1.0.0-150500.8.3.1 * kubevirt-virtctl-debuginfo-1.0.0-150500.8.3.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 13 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Oct 2023 16:30:02 -0000 Subject: SUSE-RU-2023:3654-2: moderate: Recommended update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, c Message-ID: <169721460293.19281.1430531425899765609@smelt2.prg2.suse.org> # Recommended update for cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, c Announcement ID: SUSE-RU-2023:3654-2 Rating: moderate References: Affected Products: * SUSE Linux Enterprise Micro 5.5 An update that can now be installed. ## Description: This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller- container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy- container, cdi-uploadserver-container, containerized-data-importer fixes the following issues: Update to version 1.57.0 * Release notes https://github.com/kubevirt/containerized-data- importer/releases/tag/v1.57.0 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-3654=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (x86_64) * containerized-data-importer-manifests-1.57.0-150500.6.3.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 13 16:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Oct 2023 16:30:04 -0000 Subject: SUSE-SU-2023:4076-1: important: Security update for cni Message-ID: <169721460439.19281.3434485855498524197@smelt2.prg2.suse.org> # Security update for cni Announcement ID: SUSE-SU-2023:4076-1 Rating: important References: * #1212475 * #1216006 Affected Products: * Containers Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has two security fixes can now be installed. ## Description: This update of cni fixes the following issues: * rebuild the package with the go 1.21 security release (bsc#1212475). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4076=1 openSUSE-SLE-15.5-2023-4076=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4076=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-4076=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * cni-debuginfo-1.1.2-150500.3.2.1 * cni-1.1.2-150500.3.2.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * cni-debuginfo-1.1.2-150500.3.2.1 * cni-1.1.2-150500.3.2.1 * Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64) * cni-debuginfo-1.1.2-150500.3.2.1 * cni-1.1.2-150500.3.2.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212475 * https://bugzilla.suse.com/show_bug.cgi?id=1216006 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 13 16:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Oct 2023 16:30:06 -0000 Subject: SUSE-SU-2023:4075-1: important: Security update for cni-plugins Message-ID: <169721460652.19281.12597409074916185175@smelt2.prg2.suse.org> # Security update for cni-plugins Announcement ID: SUSE-SU-2023:4075-1 Rating: important References: * #1212475 * #1216006 Affected Products: * Containers Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has two security fixes can now be installed. ## Description: This update of cni-plugins fixes the following issues: * rebuild the package with the go 1.21 security release (bsc#1212475). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4075=1 SUSE-2023-4075=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4075=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-4075=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * cni-plugins-1.1.1-150500.3.2.1 * cni-plugins-debuginfo-1.1.1-150500.3.2.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * cni-plugins-1.1.1-150500.3.2.1 * cni-plugins-debuginfo-1.1.1-150500.3.2.1 * Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64) * cni-plugins-1.1.1-150500.3.2.1 * cni-plugins-debuginfo-1.1.1-150500.3.2.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212475 * https://bugzilla.suse.com/show_bug.cgi?id=1216006 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 13 20:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Oct 2023 20:30:02 -0000 Subject: SUSE-RU-2023:4077-1: moderate: Recommended update for scap-security-guide Message-ID: <169722900262.29370.1857474817317635481@smelt2.prg2.suse.org> # Recommended update for scap-security-guide Announcement ID: SUSE-RU-2023:4077-1 Rating: moderate References: * ECO-3319 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that contains one feature can now be installed. ## Description: This update for scap-security-guide fixes the following issues: * scap-security-guide was updated to 0.1.69 (jsc#ECO-3319) * Introduce a JSON build manifest * Introduce a script to compare ComplianceAsCode versions * Introduce CCN profiles for RHEL9 * Map rules to components * products/anolis23: supports Anolis OS 23 * Render components to HTML * Store rendered control files * Test and use rules to components mapping * Use distributed product properties ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4077=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4077=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4077=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * scap-security-guide-debian-0.1.69-9.15.11 * scap-security-guide-redhat-0.1.69-9.15.11 * scap-security-guide-0.1.69-9.15.11 * scap-security-guide-ubuntu-0.1.69-9.15.11 * SUSE Linux Enterprise Server 12 SP5 (noarch) * scap-security-guide-debian-0.1.69-9.15.11 * scap-security-guide-redhat-0.1.69-9.15.11 * scap-security-guide-0.1.69-9.15.11 * scap-security-guide-ubuntu-0.1.69-9.15.11 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * scap-security-guide-debian-0.1.69-9.15.11 * scap-security-guide-redhat-0.1.69-9.15.11 * scap-security-guide-0.1.69-9.15.11 * scap-security-guide-ubuntu-0.1.69-9.15.11 ## References: * https://jira.suse.com/browse/ECO-3319 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Sat Oct 14 07:02:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 14 Oct 2023 09:02:41 +0200 (CEST) Subject: SUSE-CU-2023:3406-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20231014070241.F2256F417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3406-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.232 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.232 Severity : important Type : security References : 1209275 1214806 1215888 1215889 CVE-2023-38545 CVE-2023-38546 CVE-2023-4641 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4052-1 Released: Wed Oct 11 14:11:55 2023 Summary: Recommended update for babeltrace Type: recommended Severity: moderate References: 1209275 This update ships missing babeltrace-devel to the Basesystem module to allow building gdb source rpms. (bsc#1209275) The following package changes have been done: - babeltrace-1.5.8-150300.3.2.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - login_defs-4.8.1-150400.10.12.1 updated - shadow-4.8.1-150400.10.12.1 updated - container:sles15-image-15.0.0-27.14.106 updated From sle-updates at lists.suse.com Sat Oct 14 07:03:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 14 Oct 2023 09:03:30 +0200 (CEST) Subject: SUSE-CU-2023:3408-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20231014070330.679F4F417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3408-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.129 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.129 Severity : important Type : security References : 1209275 1215888 1215889 CVE-2023-38545 CVE-2023-38546 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4052-1 Released: Wed Oct 11 14:11:55 2023 Summary: Recommended update for babeltrace Type: recommended Severity: moderate References: 1209275 This update ships missing babeltrace-devel to the Basesystem module to allow building gdb source rpms. (bsc#1209275) The following package changes have been done: - babeltrace-1.5.8-150300.3.2.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - login_defs-4.8.1-150400.10.12.1 updated - shadow-4.8.1-150400.10.12.1 updated - container:sles15-image-15.0.0-27.14.106 updated From sle-updates at lists.suse.com Sat Oct 14 07:03:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 14 Oct 2023 09:03:37 +0200 (CEST) Subject: SUSE-CU-2023:3409-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20231014070337.D5065F417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3409-1 Container Tags : suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.73 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.73 Severity : important Type : security References : 1209275 1215888 1215889 CVE-2023-38545 CVE-2023-38546 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4052-1 Released: Wed Oct 11 14:11:55 2023 Summary: Recommended update for babeltrace Type: recommended Severity: moderate References: 1209275 This update ships missing babeltrace-devel to the Basesystem module to allow building gdb source rpms. (bsc#1209275) The following package changes have been done: - babeltrace-1.5.8-150300.3.2.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - login_defs-4.8.1-150400.10.12.1 updated - shadow-4.8.1-150400.10.12.1 updated - container:sles15-image-15.0.0-36.5.42 updated From sle-updates at lists.suse.com Sat Oct 14 07:04:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 14 Oct 2023 09:04:10 +0200 (CEST) Subject: SUSE-CU-2023:3410-1: Recommended update of bci/dotnet-aspnet Message-ID: <20231014070410.DD3E2F417@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3410-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-15.11 , bci/dotnet-aspnet:6.0.22 , bci/dotnet-aspnet:6.0.22-15.11 Container Release : 15.11 Severity : low Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) The following package changes have been done: - rpm-ndb-4.14.3-150400.59.3.1 updated - container:sles15-image-15.0.0-36.5.42 updated From sle-updates at lists.suse.com Sat Oct 14 07:04:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 14 Oct 2023 09:04:19 +0200 (CEST) Subject: SUSE-CU-2023:3411-1: Recommended update of bci/dotnet-aspnet Message-ID: <20231014070419.C820EF417@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3411-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-15.12 , bci/dotnet-aspnet:7.0.11 , bci/dotnet-aspnet:7.0.11-15.12 , bci/dotnet-aspnet:latest Container Release : 15.12 Severity : low Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) The following package changes have been done: - rpm-ndb-4.14.3-150400.59.3.1 updated From sle-updates at lists.suse.com Sat Oct 14 07:04:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 14 Oct 2023 09:04:29 +0200 (CEST) Subject: SUSE-CU-2023:3412-1: Recommended update of bci/dotnet-sdk Message-ID: <20231014070429.AA680F417@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3412-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-14.11 , bci/dotnet-sdk:6.0.22 , bci/dotnet-sdk:6.0.22-14.11 Container Release : 14.11 Severity : low Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) The following package changes have been done: - rpm-ndb-4.14.3-150400.59.3.1 updated From sle-updates at lists.suse.com Sat Oct 14 07:04:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 14 Oct 2023 09:04:41 +0200 (CEST) Subject: SUSE-CU-2023:3413-1: Recommended update of bci/dotnet-sdk Message-ID: <20231014070441.6C010F417@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3413-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-16.11 , bci/dotnet-sdk:7.0.11 , bci/dotnet-sdk:7.0.11-16.11 , bci/dotnet-sdk:latest Container Release : 16.11 Severity : low Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) The following package changes have been done: - rpm-ndb-4.14.3-150400.59.3.1 updated From sle-updates at lists.suse.com Sat Oct 14 07:04:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 14 Oct 2023 09:04:49 +0200 (CEST) Subject: SUSE-CU-2023:3414-1: Recommended update of bci/dotnet-runtime Message-ID: <20231014070449.7B9B0F417@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3414-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-14.11 , bci/dotnet-runtime:6.0.22 , bci/dotnet-runtime:6.0.22-14.11 Container Release : 14.11 Severity : low Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) The following package changes have been done: - rpm-ndb-4.14.3-150400.59.3.1 updated - container:sles15-image-15.0.0-36.5.42 updated From sle-updates at lists.suse.com Sat Oct 14 07:04:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 14 Oct 2023 09:04:59 +0200 (CEST) Subject: SUSE-CU-2023:3415-1: Recommended update of bci/dotnet-runtime Message-ID: <20231014070459.AC59BF417@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3415-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-16.10 , bci/dotnet-runtime:7.0.11 , bci/dotnet-runtime:7.0.11-16.10 , bci/dotnet-runtime:latest Container Release : 16.10 Severity : low Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) The following package changes have been done: - rpm-ndb-4.14.3-150400.59.3.1 updated - container:sles15-image-15.0.0-36.5.42 updated From sle-updates at lists.suse.com Sat Oct 14 07:05:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 14 Oct 2023 09:05:24 +0200 (CEST) Subject: SUSE-CU-2023:3416-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20231014070524.2B56AF417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3416-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.473 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.473 Severity : moderate Type : security References : 1209275 1214806 1215889 CVE-2023-38546 CVE-2023-4641 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4027-1 Released: Tue Oct 10 13:59:02 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4045-1 Released: Wed Oct 11 09:10:43 2023 Summary: Security update for curl Type: security Severity: moderate References: 1215889,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38546: Fixed a cookie injection with none file (bsc#1215889). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4052-1 Released: Wed Oct 11 14:11:55 2023 Summary: Recommended update for babeltrace Type: recommended Severity: moderate References: 1209275 This update ships missing babeltrace-devel to the Basesystem module to allow building gdb source rpms. (bsc#1209275) The following package changes have been done: - babeltrace-1.5.8-150300.3.2.1 updated - libcurl4-7.66.0-150200.4.60.1 updated - login_defs-4.8.1-150300.4.12.1 updated - shadow-4.8.1-150300.4.12.1 updated - container:sles15-image-15.0.0-17.20.194 updated From sle-updates at lists.suse.com Sat Oct 14 07:05:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 14 Oct 2023 09:05:45 +0200 (CEST) Subject: SUSE-CU-2023:3417-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20231014070545.3EAF4F417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3417-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.295 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.295 Severity : moderate Type : security References : 1209275 1214806 1215889 CVE-2023-38546 CVE-2023-4641 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4027-1 Released: Tue Oct 10 13:59:02 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4045-1 Released: Wed Oct 11 09:10:43 2023 Summary: Security update for curl Type: security Severity: moderate References: 1215889,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38546: Fixed a cookie injection with none file (bsc#1215889). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4052-1 Released: Wed Oct 11 14:11:55 2023 Summary: Recommended update for babeltrace Type: recommended Severity: moderate References: 1209275 This update ships missing babeltrace-devel to the Basesystem module to allow building gdb source rpms. (bsc#1209275) The following package changes have been done: - babeltrace-1.5.8-150300.3.2.1 updated - libcurl4-7.66.0-150200.4.60.1 updated - login_defs-4.8.1-150300.4.12.1 updated - shadow-4.8.1-150300.4.12.1 updated - container:sles15-image-15.0.0-17.20.194 updated From sle-updates at lists.suse.com Mon Oct 16 09:12:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Oct 2023 11:12:25 +0200 (CEST) Subject: SUSE-IU-2023:731-1: Security update of suse-sles-15-sp5-chost-byos-v20231013-x86_64-gen2 Message-ID: <20231016091225.C4520F78C@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20231013-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:731-1 Image Tags : suse-sles-15-sp5-chost-byos-v20231013-x86_64-gen2:20231013 Image Release : Severity : important Type : security References : 1023051 1120059 1152472 1157881 1177719 1181477 1188885 1193629 1194869 1196933 1200710 1201066 1202845 1203329 1203330 1204942 1205462 1205533 1206402 1206453 1206453 1206608 1207543 1207598 1208902 1208928 1208949 1209233 1209284 1209799 1209859 1209979 1210015 1210048 1210448 1210950 1211078 1211220 1211598 1211599 1211829 1212091 1212142 1212423 1212475 1212475 1212526 1212594 1212819 1212857 1212873 1212910 1212957 1213026 1213123 1213127 1213428 1213546 1213580 1213601 1213666 1213733 1213757 1213759 1213808 1213822 1213854 1213916 1213921 1213927 1213946 1213949 1213968 1213970 1213971 1214000 1214019 1214052 1214073 1214120 1214149 1214180 1214233 1214238 1214285 1214292 1214297 1214299 1214305 1214350 1214368 1214370 1214371 1214372 1214380 1214386 1214392 1214393 1214395 1214397 1214404 1214428 1214451 1214458 1214535 1214635 1214659 1214661 1214692 1214727 1214729 1214742 1214743 1214756 1214768 1214806 1214928 1214942 1214943 1214944 1214950 1214951 1214954 1214957 1214976 1214986 1214988 1214992 1214993 1215007 1215026 1215064 1215145 1215322 1215472 1215474 1215522 1215523 1215552 1215553 1215578 1215596 1215713 1215744 1215746 1215747 1215748 1215877 1215888 1215889 1215894 1215895 1215896 1215904 1215905 1215906 1215907 1215908 1215911 1215915 1215916 CVE-2022-38457 CVE-2022-40133 CVE-2022-45154 CVE-2023-1192 CVE-2023-1206 CVE-2023-1859 CVE-2023-2007 CVE-2023-20588 CVE-2023-20588 CVE-2023-2177 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 CVE-2023-3341 CVE-2023-34319 CVE-2023-34322 CVE-2023-34323 CVE-2023-34325 CVE-2023-34326 CVE-2023-34327 CVE-2023-34328 CVE-2023-35945 CVE-2023-3610 CVE-2023-37453 CVE-2023-3772 CVE-2023-38039 CVE-2023-38545 CVE-2023-38546 CVE-2023-3863 CVE-2023-39192 CVE-2023-39193 CVE-2023-39194 CVE-2023-3961 CVE-2023-39615 CVE-2023-40217 CVE-2023-40283 CVE-2023-4039 CVE-2023-4091 CVE-2023-4128 CVE-2023-4133 CVE-2023-4134 CVE-2023-4147 CVE-2023-4154 CVE-2023-4155 CVE-2023-4194 CVE-2023-42669 CVE-2023-42670 CVE-2023-4273 CVE-2023-42753 CVE-2023-42754 CVE-2023-4387 CVE-2023-4389 CVE-2023-4459 CVE-2023-4563 CVE-2023-4569 CVE-2023-4622 CVE-2023-4623 CVE-2023-4641 CVE-2023-4881 CVE-2023-4921 CVE-2023-5345 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20231013-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3663-1 Released: Mon Sep 18 21:49:09 2023 Summary: Recommended update for perl-Bootloader Type: recommended Severity: important References: 1215064 This update for perl-Bootloader fixes the following issues: - bootloader_entry script can have an optional 'force-default' argument (bsc#1215064) - skip warning about unsupported options when in compat mode ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3666-1 Released: Mon Sep 18 21:52:18 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3717-1 Released: Thu Sep 21 06:51:51 2023 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1214458 This update for apparmor fixes the following issues: - Update zgrep profile to allow egrep helper use (bsc#1214458) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3780-1 Released: Tue Sep 26 10:58:21 2023 Summary: Recommended update hidapi Type: recommended Severity: moderate References: 1214535 This update for hidapi ships the missing libhidapi-raw0 library to SLE and Leap Micro 5.3 and 5.4. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3814-1 Released: Wed Sep 27 18:08:17 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1211829,1212819,1212910 This update for glibc fixes the following issues: - nscd: Fix netlink cache invalidation if epoll is used (bsc#1212910, BZ #29415) - Restore lookup of IPv4 mapped addresses in files database (bsc#1212819, BZ #25457) - elf: Remove excessive p_align check on PT_LOAD segments (bsc#1211829, BZ #28688) - elf: Properly align PT_LOAD segments (bsc#1211829, BZ #28676) - ld.so: Always use MAP_COPY to map the first segment (BZ #30452) - add GB18030-2022 charmap (jsc#PED-4908, BZ #30243) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3817-1 Released: Wed Sep 27 18:31:14 2023 Summary: Security update for containerd Type: security Severity: important References: 1212475 This update of containerd fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3821-1 Released: Wed Sep 27 18:38:33 2023 Summary: Security update for bind Type: security Severity: important References: 1215472,CVE-2023-3341 This update for bind fixes the following issues: Update to release 9.16.44: - CVE-2023-3341: Fixed stack exhaustion flaw in control channel code may cause named to terminate unexpectedly (bsc#1215472). Update to release 9.16.43 * Processing already-queued queries received over TCP could cause an assertion failure, when the server was reconfigured at the same time or the cache was being flushed. This has been fixed. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3822-1 Released: Wed Sep 27 18:40:14 2023 Summary: Security update for supportutils Type: security Severity: moderate References: 1181477,1196933,1204942,1205533,1206402,1206608,1207543,1207598,1208928,1209979,1210015,1210950,1211598,1211599,1213127,CVE-2022-45154 This update for supportutils fixes the following issues: Security fixes: - CVE-2022-45154: Removed iSCSI passwords (bsc#1207598). Other Fixes: - Changes in version 3.1.26 + powerpc plugin to collect the slots and active memory (bsc#1210950) + A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154 + supportconfig: collect BPF information (pr#154) + Added additional iscsi information (pr#155) - Added run time detection (bsc#1213127) - Changes for supportutils version 3.1.25 + Removed iSCSI passwords CVE-2022-45154 (bsc#1207598) + powerpc: Collect lsslot,amsstat, and opal elogs (pr#149) + powerpc: collect invscout logs (pr#150) + powerpc: collect RMC status logs (pr#151) + Added missing nvme nbft commands (bsc#1211599) + Fixed invalid nvme commands (bsc#1211598) + Added missing podman information (PED-1703, bsc#1181477) + Removed dependency on sysfstools + Check for systool use (bsc#1210015) + Added selinux checking (bsc#1209979) + Updated SLES_VER matrix - Fixed missing status detail for apparmor (bsc#1196933) - Corrected invalid argument list in docker.txt (bsc#1206608) - Applies limit equally to sar data and text files (bsc#1207543) - Collects hwinfo hardware logs (bsc#1208928) - Collects lparnumascore logs (issue#148) - Add dependency to `numactl` on ppc64le and `s390x`, this enforces that `numactl --hardware` data is provided in supportconfigs - Changes to supportconfig.rc version 3.1.11-35 + Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402) - Changes to supportconfig version 3.1.11-46.4 + Added plymouth_info - Changes to getappcore version 1.53.02 + The location of chkbin was updated earlier. This documents that change (bsc#1205533, bsc#1204942) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3823-1 Released: Wed Sep 27 18:42:38 2023 Summary: Security update for curl Type: security Severity: important References: 1215026,CVE-2023-38039 This update for curl fixes the following issues: - CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. (bsc#1215026) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3828-1 Released: Wed Sep 27 19:07:38 2023 Summary: Security update for python3 Type: security Severity: important References: 1214692,CVE-2023-40217 This update for python3 fixes the following issues: - CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3831-1 Released: Wed Sep 27 19:15:23 2023 Summary: Security update for xen Type: security Severity: important References: 1215145,1215474,CVE-2023-20588,CVE-2023-34322 This update for xen fixes the following issues: - CVE-2023-20588: Fixed AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474). - CVE-2023-34322: Fixed top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3843-1 Released: Wed Sep 27 20:18:06 2023 Summary: Recommended update for suse-build-key Type: recommended Severity: important References: This update for suse-build-key fixes the following issues: This update adds and runs a import-suse-build-key script. It is run after installation with libzypp based installers. (jsc#PED-2777) It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3951-1 Released: Tue Oct 3 19:37:46 2023 Summary: Recommended update for python3-jmespath, python3-ply Type: recommended Severity: moderate References: 1209233 This update for python3-jmespath and python3-ply fixes the following issue: - the packages are required as dependencies for python3-salt, and were missing on aarch64 based SLE Micro flavors so far. There are no functional changes. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3952-1 Released: Tue Oct 3 20:06:23 2023 Summary: Security update for runc Type: security Severity: important References: 1212475 This update of runc fixes the following issues: - Update to runc v1.1.8. Upstream changelog is available from . - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3970-1 Released: Wed Oct 4 14:17:12 2023 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1215578 This update for dracut fixes the following issues: - Honor nvme-cli's /etc/nvme/config.json in NVMe/TCP (bsc#1215578) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3971-1 Released: Wed Oct 4 14:36:01 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1023051,1120059,1177719,1188885,1193629,1194869,1203329,1203330,1205462,1206453,1208902,1208949,1209284,1209799,1210048,1210448,1211220,1212091,1212142,1212423,1212526,1212857,1212873,1213026,1213123,1213546,1213580,1213601,1213666,1213733,1213757,1213759,1213916,1213921,1213927,1213946,1213949,1213968,1213970,1213971,1214000,1214019,1214073,1214120,1214149,1214180,1214233,1214238,1214285,1214297,1214299,1214305,1214350,1214368,1214370,1214371,1214372,1214380,1214386,1214392,1214393,1214397,1214404,1214428,1214451,1214635,1214659,1214661,1214727,1214729,1214742,1214743,1214756,1214976,1215522,1215523,1215552,1215553,CVE-2022-38457,CVE-2022-40133,CVE-2023-2007,CVE-2023-20588,CVE-2023-34319,CVE-2023-3610,CVE-2023-37453,CVE-2023-3772,CVE-2023-3863,CVE-2023-40283,CVE-2023-4128,CVE-2023-4133,CVE-2023-4134,CVE-2023-4147,CVE-2023-4194,CVE-2023-4273,CVE-2023-4387,CVE-2023-4459,CVE-2023-4563,CVE-2023-4569 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-38457: Fixed a use-after-free vulnerability in vmwgfx driver that allowed a local attacker to cause a denial of service (bsc#1203330). - CVE-2022-40133: Fixed a use-after-free vulnerability in vmwgfx driver that allowed a local attacker to cause a denial of service (bsc#1203329). - CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448). - CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927). - CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546). - CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580). - CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123). - CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666). - CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). - CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233). - CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149). - CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970). - CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971). - CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968). - CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019). - CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120). - CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350). - CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451). - CVE-2023-4563: Fixed use-after-free in nft_verdict_dump due to a race between set GC and transaction (bsc#1214727). - CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c (bsc#1214729). The following non-security bugs were fixed: - ACPI/IORT: Update SMMUv3 DeviceID support (bsc#1214305). - ACPI: processor: perflib: Avoid updating frequency QoS unnecessarily (git-fixes). - ACPI: processor: perflib: Use the 'no limit' frequency QoS (git-fixes). - ACPI: x86: s2idle: Fix a logic error parsing AMD constraints table (git-fixes). - ALSA: ac97: Fix possible error value of *rac97 (git-fixes). - ALSA: hda/cs8409: Support new Dell Dolphin Variants (git-fixes). - ALSA: hda/realtek - Remodified 3k pull low procedure (git-fixes). - ALSA: hda/realtek: Add quirk for HP Victus 16-d1xxx to enable mute LED (git-fixes). - ALSA: hda/realtek: Add quirk for mute LEDs on HP ENVY x360 15-eu0xxx (git-fixes). - ALSA: hda/realtek: Add quirks for HP G11 Laptops (git-fixes). - ALSA: hda/realtek: Switch Dell Oasis models to use SPI (git-fixes). - ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl (git-fixes). - ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces (git-fixes). - ALSA: usb-audio: Fix init call orders for UAC1 (git-fixes). - ALSA: ymfpci: Fix the missing snd_card_free() call at probe error (git-fixes). - ARM: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix USB related warnings (git-fixes). - ARM: dts: imx6sll: fixup of operating points (git-fixes). - ARM: spear: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - ASoC: SOF: Intel: fix SoundWire/HDaudio mutual exclusion (git-fixes). - ASoC: amd: yc: Fix a non-functional mic on Lenovo 82SJ (git-fixes). - ASoC: lower 'no backend DAIs enabled for ... Port' log severity (git-fixes). - ASoC: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes). - ASoC: rt5665: add missed regulator_bulk_disable (git-fixes). - ASoC: stac9766: fix build errors with REGMAP_AC97 (git-fixes). - ASoC: tegra: Fix SFC conversion for few rates (git-fixes). - Bluetooth: Fix potential use-after-free when clear keys (git-fixes). - Bluetooth: L2CAP: Fix use-after-free (git-fixes). - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (git-fixes). - Bluetooth: Remove unused declaration amp_read_loc_info() (git-fixes). - Bluetooth: btusb: Add MT7922 bluetooth ID for the Asus Ally (git-fixes). - Bluetooth: btusb: Do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git-fixes). - CONFIG_NVME_VERBOSE_ERRORS=y gone with a82baa8083b - CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13 gone with 7e152d55123 - Created new preempt kernel flavor Configs are cloned from the respective $arch/default configs. All changed configs appart from CONFIG_PREEMPT->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. TREE_RCU has been also changed to PREEMPT_RCU which is the default implementation for PREEMPT kernel. - Documentation: devices.txt: Fix minors for ttyCPM* (git-fixes). - Documentation: devices.txt: Remove ttyIOC* (git-fixes). - Documentation: devices.txt: Remove ttySIOC* (git-fixes). - Drivers: hv: Do not remap addresses that are above shared_gpa_boundary (bsc#1206453). - Drivers: hv: Enable vmbus driver for nested root partition (bsc#1206453). - Drivers: hv: Explicitly request decrypted in vmap_pfn() calls (bsc#1206453). - Drivers: hv: Setup synic registers in case of nested root partition (bsc#1206453). - Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (bsc#1206453). - Drivers: hv: vmbus: Remove second mapping of VMBus monitor pages (bsc#1206453). - Drivers: hv: vmbus: Remove second way of mapping ring buffers (bsc#1206453). - Drivers: hv: vmbus: Remove the per-CPU post_msg_page (bsc#1206453). - Drop amdgpu patch causing spamming (bsc#1215523) - Drop cfg80211 lock fix patches that caused a regression (bsc#1213757) - Drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428) - Enable Analog Devices Industrial Ethernet PHY driver (jsc#PED-4759) - HID: add quirk for 03f0:464a HP Elite Presenter Mouse (git-fixes). - HID: logitech-dj: Fix error handling in logi_dj_recv_switch_to_dj_mode() (git-fixes). - HID: logitech-hidpp: Add USB and Bluetooth IDs for the Logitech G915 TKL Keyboard (git-fixes). - HID: multitouch: Correct devm device reference for hidinput input_dev name (git-fixes). - HID: wacom: remove the battery when the EKR is off (git-fixes). - HWPOISON: offline support: fix spelling in Documentation/ABI/ (git-fixes). - IB/hfi1: Fix possible panic during hotplug remove (git-fixes) - IB/uverbs: Fix an potential error pointer dereference (git-fixes) - Input: exc3000 - properly stop timer on shutdown (git-fixes). - KVM: s390: fix sthyi error handling (git-fixes bsc#1214370). - Kbuild: add -Wno-shift-negative-value where -Wextra is used (bsc#1214756). - Kbuild: move to -std=gnu11 (bsc#1214756). - PCI/ASPM: Avoid link retraining race (git-fixes). - PCI/ASPM: Factor out pcie_wait_for_retrain() (git-fixes). - PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link() (git-fixes). - PCI: Mark NVIDIA T4 GPUs to avoid bus reset (git-fixes). - PCI: acpiphp: Reassign resources on bridge if necessary (git-fixes). - PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus (git-fixes). - PCI: hv: Enable PCI pass-thru devices in Confidential VMs (bsc#1206453). - PCI: hv: Replace retarget_msi_interrupt_params with (bsc#1206453). - PCI: meson: Remove cast between incompatible function type (git-fixes). - PCI: microchip: Correct the DED and SEC interrupt bit offsets (git-fixes). - PCI: microchip: Remove cast between incompatible function type (git-fixes). - PCI: pciehp: Use RMW accessors for changing LNKCTL (git-fixes). - PCI: rockchip: Remove writes to unused registers (git-fixes). - PCI: s390: Fix use-after-free of PCI resources with per-function hotplug (git-fixes). - PCI: tegra194: Fix possible array out of bounds access (git-fixes). - PM / devfreq: Fix leak in devfreq_dev_release() (git-fixes). - RDMA/bnxt_re: Fix error handling in probe failure path (git-fixes) - RDMA/bnxt_re: Fix max_qp count for virtual functions (git-fixes) - RDMA/efa: Fix wrong resources deallocation order (git-fixes) - RDMA/hns: Fix CQ and QP cache affinity (git-fixes) - RDMA/hns: Fix incorrect post-send with direct wqe of wr-list (git-fixes) - RDMA/hns: Fix port active speed (git-fixes) - RDMA/irdma: Prevent zero-length STAG registration (git-fixes) - RDMA/irdma: Replace one-element array with flexible-array member (git-fixes) - RDMA/mlx5: Return the firmware result upon destroying QP/RQ (git-fixes) - RDMA/qedr: Remove a duplicate assignment in irdma_query_ah() (git-fixes) - RDMA/siw: Balance the reference of cep->kref in the error path (git-fixes) - RDMA/siw: Correct wrong debug message (git-fixes) - RDMA/umem: Set iova in ODP flow (git-fixes) - README.BRANCH: Add Miroslav Franc as a SLE15-SP4 co-maintainer. - Revert 'IB/isert: Fix incorrect release of isert connection' (git-fixes) - Revert 'tracing: Add '(fault)' name injection to kernel probes' (git-fixes). - SMB3: Do not send lease break acknowledgment if all file handles have been closed (git-fixes). - Update patches.suse/cpufreq-intel_pstate-Fix-cpu-pstate.turbo_freq-initi.patch (git-fixes bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). - amba: bus: fix refcount leak (git-fixes). - arm64: dts: imx8mn-var-som: add missing pull-up for onboard PHY reset pinmux (git-fixes). - arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (git-fixes). - arm64: dts: rockchip: Disable HS400 for eMMC on ROCK Pi 4 (git-fixes). - audit: fix possible soft lockup in __audit_inode_child() (git-fixes). - backlight/bd6107: Compare against struct fb_info.device (git-fixes). - backlight/gpio_backlight: Compare against struct fb_info.device (git-fixes). - backlight/lv5207lp: Compare against struct fb_info.device (git-fixes). - batman-adv: Do not get eth header before batadv_check_management_packet (git-fixes). - batman-adv: Do not increase MTU when set by user (git-fixes). - batman-adv: Fix TT global entry leak when client roamed back (git-fixes). - batman-adv: Fix batadv_v_ogm_aggr_send memory leak (git-fixes). - batman-adv: Hold rtnl lock during MTU update via netlink (git-fixes). - batman-adv: Trigger events for auto adjusted MTU (git-fixes). - bnx2x: fix page fault following EEH recovery (bsc#1214299). - bpf: Disable preemption in bpf_event_output (git-fixes). - bpftool: Print newline before '}' for struct with padding only fields (bsc#1211220 jsc#PED-3924). - bus: mhi: host: Skip MHI reset if device is in RDDM (git-fixes). - bus: ti-sysc: Fix build warning for 64-bit build (git-fixes). - bus: ti-sysc: Fix cast to enum warning (git-fixes). - bus: ti-sysc: Flush posted write on enable before reset (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM (git-fixes). - ceph: defer stopping mdsc delayed_work (bsc#1214392). - ceph: do not check for quotas on MDS stray dirs (bsc#1214238). - ceph: never send metrics if disable_send_metrics is set (bsc#1214180). - check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380). gcc7 on SLE 15 does not support this while later gcc does. - cifs: add missing return value check for cifs_sb_tlink (bsc#1193629). - cifs: allow dumping keys for directories too (bsc#1193629). - cifs: fix mid leak during reconnection after timeout threshold (git-fixes). - cifs: if deferred close is disabled then close files immediately (git-fixes). - cifs: is_network_name_deleted should return a bool (bsc#1193629). - cifs: update internal module version number for cifs.ko (bsc#1193629). - clk: Fix slab-out-of-bounds error in devm_clk_release() (git-fixes). - clk: Fix undefined reference to `clk_rate_exclusive_{get,put}' (git-fixes). - clk: imx8mp: fix sai4 clock (git-fixes). - clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op (git-fixes). - clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz (git-fixes). - clk: qcom: camcc-sc7180: fix async resume during probe (git-fixes). - clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (git-fixes). - clk: qcom: gcc-sc7180: Fix up gcc_sdcc2_apps_clk_src (git-fixes). - clk: qcom: gcc-sm8250: Fix gcc_sdcc2_apps_clk_src (git-fixes). - clk: sunxi-ng: Modify mismatched function name (git-fixes). - clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - clocksource/drivers/hyper-v: Rework clocksource and sched clock setup (bsc#1206453). - clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - clocksource: hyper-v: Add TSC page support for root partition (bsc#1206453). - clocksource: hyper-v: Introduce TSC PFN getter (bsc#1206453). - clocksource: hyper-v: Introduce a pointer to TSC page (bsc#1206453). - clocksource: hyper-v: Use TSC PFN getter to map vvar page (bsc#1206453). - clocksource: hyper-v: make sure Invariant-TSC is used if it is (bsc#1206453). - cpu/SMT: Allow enabling partial SMT states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/SMT: Create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/SMT: Move SMT prototypes into cpu_smt.h (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/SMT: Move smt/control simple exit cases earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/SMT: Remove topology_smt_supported() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/SMT: Store the current/max number of threads (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpufreq: Fix the race condition while updating the transition_task of policy (git-fixes). - cpufreq: intel_pstate: Adjust balance_performance EPP for Sapphire Rapids (bsc#1214659). - cpufreq: intel_pstate: Enable HWP IO boost for all servers (bsc#1208949 jsc#PED-6003 jsc#PED-6004). - cpufreq: intel_pstate: Fix scaling for hybrid-capable systems with disabled E-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). - cpufreq: intel_pstate: Read all MSRs on the target CPU (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). - cpufreq: intel_pstate: hybrid: Rework HWP calibration (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). - cpufreq: intel_pstate: hybrid: Use known scaling factor for P-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). - crypto: caam - fix unchecked return value error (git-fixes). - crypto: stm32 - Properly handle pm_runtime_get failing (git-fixes). - define more Hyper-V related constants (bsc#1206453). - dma-buf/sw_sync: Avoid recursive lock during fence signal (git-fixes). - dma-buf/sync_file: Fix docs syntax (git-fixes). - dmaengine: idxd: Modify the dependence of attribute pasid_enabled (git-fixes). - dmaengine: mcf-edma: Fix a potential un-allocated memory access (git-fixes). - dmaengine: pl330: Return DMA_PAUSED when transaction is paused (git-fixes). - dmaengine: ste_dma40: Add missing IRQ check in d40_probe (git-fixes). - docs/process/howto: Replace C89 with C11 (bsc#1214756). - docs: kernel-parameters: Refer to the correct bitmap function (git-fixes). - docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx (git-fixes). - docs: printk-formats: Fix hex printing of signed values (git-fixes). - driver core: test_async: fix an error code (git-fixes). - drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init() (git-fixes). - drivers: usb: smsusb: fix error handling code in smsusb_init_device (git-fixes). - drm/amd/display: Apply 60us prefetch for DCFCLK <= 300Mhz (git-fixes). - drm/amd/display: Disable phantom OTG after enable for plane disable (git-fixes). - drm/amd/display: Do not set drr on pipe commit (git-fixes). - drm/amd/display: Enable dcn314 DPP RCO (git-fixes). - drm/amd/display: Ensure that planes are in the same order (git-fixes). - drm/amd/display: Implement workaround for writing to OTG_PIXEL_RATE_DIV register (git-fixes). - drm/amd/display: Retain phantom plane/stream if validation fails (git-fixes). - drm/amd/display: Skip DPP DTO update if root clock is gated (git-fixes). - drm/amd/display: Use update plane and stream routine for DCN32x (git-fixes). - drm/amd/display: check TG is non-null before checking if enabled (git-fixes). - drm/amd/display: check attr flag before set cursor degamma on DCN3+ (git-fixes). - drm/amd/display: disable RCO for DCN314 (git-fixes). - drm/amd/display: do not wait for mpc idle if tg is disabled (git-fixes). - drm/amd/display: fix access hdcp_workqueue assert (git-fixes). - drm/amd/display: fix the build when DRM_AMD_DC_DCN is not set (git-fixes). - drm/amd/display: limit DPIA link rate to HBR3 (git-fixes). - drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes). - drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes). - drm/amd/display: trigger timing sync only if TG is running (git-fixes). - drm/amd/pm/smu7: move variables to where they are used (git-fixes). - drm/amd/pm: avoid unintentional shutdown due to temperature momentary fluctuation (git-fixes). - drm/amd/pm: expose swctf threshold setting for legacy powerplay (git-fixes). - drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create() (git-fixes). - drm/amd/pm: fulfill powerplay peak profiling mode shader/memory clock settings (git-fixes). - drm/amd/pm: fulfill swsmu peak profiling mode shader/memory clock settings (git-fixes). - drm/amd/pm: skip the RLC stop when S0i3 suspend for SMU v13.0.4/11 (git-fixes). - drm/amd: Disable S/G for APUs when 64GB or more host memory (git-fixes). - drm/amd: flush any delayed gfxoff on suspend entry (git-fixes). - drm/amdgpu/pm: fix throttle_status for other than MP1 11.0.7 (git-fixes). - drm/amdgpu: Fix integer overflow in amdgpu_cs_pass1 (git-fixes). - drm/amdgpu: Fix potential fence use-after-free v2 (git-fixes). - drm/amdgpu: Remove unnecessary domain argument (git-fixes). - drm/amdgpu: Use RMW accessors for changing LNKCTL (git-fixes). - drm/amdgpu: add S/G display parameter (git-fixes). - drm/amdgpu: add vram reservation based on vram_usagebyfirmware_v2_2 (git-fixes). - drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() (git-fixes). - drm/amdgpu: fix calltrace warning in amddrm_buddy_fini (git-fixes). - drm/amdgpu: fix memory leak in mes self test (git-fixes). - drm/amdgpu: fix possible UAF in amdgpu_cs_pass1() (git-fixes). - drm/amdgpu: install stub fence into potential unused fence pointers (git-fixes). - drm/amdgpu: keep irq count in amdgpu_irq_disable_all (git-fixes). - drm/amdgpu: skip fence GFX interrupts disable/enable for S0ix (git-fixes). - drm/armada: Fix off-by-one error in armada_overlay_get_property() (git-fixes). - drm/ast: Fix DRAM init on AST2200 (git-fixes). - drm/atomic-helper: Update reference to drm_crtc_force_disable_all() (git-fixes). - drm/bridge: anx7625: Drop device lock before drm_helper_hpd_irq_event() (git-fixes). - drm/bridge: anx7625: Use common macros for DP power sequencing commands (git-fixes). - drm/bridge: anx7625: Use common macros for HDCP capabilities (git-fixes). - drm/bridge: fix -Wunused-const-variable= warning (git-fixes). - drm/bridge: tc358764: Fix debug print parameter order (git-fixes). - drm/etnaviv: fix dumping of active MMU context (git-fixes). - drm/gma500: Use drm_aperture_remove_conflicting_pci_framebuffers (git-fixes). - drm/i915/sdvo: fix panel_type initialization (git-fixes). - drm/i915: Fix premature release of request's reusable memory (git-fixes). - drm/mediatek: Fix dereference before null check (git-fixes). - drm/mediatek: Fix potential memory leak if vmap() fail (git-fixes). - drm/mediatek: Remove freeing not dynamic allocated memory (git-fixes). - drm/msm/a2xx: Call adreno_gpu_init() earlier (git-fixes). - drm/msm/dpu: fix the irq index in dpu_encoder_phys_wb_wait_for_commit_done (git-fixes). - drm/msm/mdp5: Do not leak some plane state (git-fixes). - drm/msm: Update dev core dump to not print backwards (git-fixes). - drm/mxsfb: Disable overlay plane in mxsfb_plane_overlay_atomic_disable() (git-fixes). - drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes (git-fixes). - drm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create (bsc#1214073). - drm/nouveau/gr: enable memory loads on helper invocation on all channels (git-fixes). - drm/nouveau/nvkm/dp: Add workaround to fix DP 1.3+ DPCD issues (git-fixes). - drm/panel: simple: Add missing connector type and pixel format for AUO T215HVN01 (git-fixes). - drm/panel: simple: Fix AUO G121EAN01 panel timings according to the docs (git-fixes). - drm/qxl: fix UAF on handle creation (git-fixes). - drm/radeon: Use RMW accessors for changing LNKCTL (git-fixes). - drm/repaper: Reduce temporary buffer size in repaper_fb_dirty() (git-fixes). - drm/rockchip: Do not spam logs in atomic check (git-fixes). - drm/shmem-helper: Reset vma->vm_ops before calling dma_buf_mmap() (git-fixes). - drm/stm: ltdc: fix late dereference check (git-fixes). - drm/tegra: dpaux: Fix incorrect return value of platform_get_irq (git-fixes). - drm/ttm: check null pointer before accessing when swapping (git-fixes). - drm/ttm: never consider pinned BOs for eviction&swap (git-fixes). - drm/vmwgfx: Fix shader stage validation (git-fixes). - drm: adv7511: Fix low refresh rate register for ADV7533/5 (git-fixes). - drm: rcar-du: remove R-Car H3 ES1.* workarounds (git-fixes). - drm: xlnx: zynqmp_dpsub: Add missing check for dma_set_mask (git-fixes). - dt-bindings: clock: xlnx,versal-clk: drop select:false (git-fixes). - dt-bindings: clocks: imx8mp: make sai4 a dummy clock (git-fixes). - dt-bindings: crypto: ti,sa2ul: make power-domains conditional (git-fixes). - e1000: Fix typos in comments (jsc#PED-5738). - e1000: Remove unnecessary use of kmap_atomic() (jsc#PED-5738). - e1000: switch to napi_build_skb() (jsc#PED-5738). - e1000: switch to napi_consume_skb() (jsc#PED-5738). - exfat: fix unexpected EOF while reading dir (bsc#1214000). - exfat: release s_lock before calling dir_emit() (bsc#1214000). - exfat_iterate(): do not open-code file_inode(file) (bsc#1214000). - fbdev/ep93xx-fb: Do not assign to struct fb_info.dev (git-fixes). - fbdev: Fix sys_imageblit() for arbitrary image widths (git-fixes). - fbdev: Improve performance of sys_imageblit() (git-fixes). - fbdev: Update fbdev source file paths (git-fixes). - fbdev: fix potential OOB read in fast_imageblit() (git-fixes). - fbdev: mmp: fix value check in mmphw_probe() (git-fixes). - file: reinstate f_pos locking optimization for regular files (bsc#1213759). - firmware: arm_scmi: Drop OF node reference in the transport channel setup (git-fixes). - firmware: cs_dsp: Fix new control name check (git-fixes). - firmware: meson_sm: fix to avoid potential NULL pointer dereference (git-fixes). - firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes). - fprobe: Release rethook after the ftrace_ops is unregistered (git-fixes). - fprobe: add unlock to match a succeeded ftrace_test_recursion_trylock (git-fixes). - fs/sysv: Null check to prevent null-ptr-deref bug (git-fixes). - fsi: aspeed: Reset master errors after CFAM reset (git-fixes). - fsi: master-ast-cf: Add MODULE_FIRMWARE macro (git-fixes). - ftrace: Fix possible warning on checking all pages used in ftrace_process_locs() (git-fixes). - gpio: mvebu: Make use of devm_pwmchip_add (git-fixes). - gpio: mvebu: fix irq domain leak (git-fixes). - gpio: tps68470: Make tps68470_gpio_output() always set the initial value (git-fixes). - hv_netvsc: Remove second mapping of send and recv buffers (bsc#1206453). - hwmon: (pmbus/bel-pfe) Enable PMBUS_SKIP_STATUS_CHECK for pfe1100 (git-fixes). - hwmon: (tmp513) Fix the channel number in tmp51x_is_visible() (git-fixes). - hwrng: iproc-rng200 - Implement suspend and resume calls (git-fixes). - hwrng: nomadik - keep clock enabled while hwrng is registered (git-fixes). - hwrng: pic32 - use devm_clk_get_enabled (git-fixes). - i2c: Delete error messages for failed memory allocations (git-fixes). - i2c: Improve size determinations (git-fixes). - i2c: bcm-iproc: Fix bcm_iproc_i2c_isr deadlock issue (git-fixes). - i2c: designware: Correct length byte validation logic (git-fixes). - i2c: designware: Handle invalid SMBus block data response length value (git-fixes). - i2c: hisi: Only handle the interrupt of the driver's transfer (git-fixes). - i2c: nomadik: Remove a useless call in the remove function (git-fixes). - i2c: nomadik: Remove unnecessary goto label (git-fixes). - i2c: nomadik: Use devm_clk_get_enabled() (git-fixes). - i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes). - iavf: fix potential races for FDIR filters (git-fixes). - ice: Fix RDMA VSI removal during queue rebuild (git-fixes). - ice: Fix crash by keep old cfg when update TCs more than queues (git-fixes). - ice: Fix max_rate check while configuring TX rate limits (git-fixes). - ice: Fix memory management in ice_ethtool_fdir.c (git-fixes). - iio: adc: ina2xx: avoid NULL pointer dereference on OF device match (git-fixes). - iio: adc: stx104: Implement and utilize register structures (git-fixes). - iio: adc: stx104: Utilize iomap interface (git-fixes). - iio: cros_ec: Fix the allocation size for cros_ec_command (git-fixes). - intel/e1000:fix repeated words in comments (jsc#PED-5738). - intel: remove unused macros (jsc#PED-5738). - iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423). - iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423). - iommu/amd: Add PCI segment support for ivrs_ commands (git-fixes). - iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423). - iommu/amd: Do not identity map v2 capable device when snp is enabled (git-fixes). - iommu/amd: Fix compile warning in init code (git-fixes). - iommu/amd: Fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (git-fixes). - iommu/amd: Fix ivrs_acpihid cmdline parsing code (git-fixes). - iommu/amd: Fix pci device refcount leak in ppr_notifier() (git-fixes). - iommu/amd: use full 64-bit value in build_completion_wait() (git-fixes). - iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT device to identity (git-fixes). - iommu/arm-smmu-v3: check return value after calling platform_get_resource() (git-fixes). - iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes). - iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (git-fixes). - iommu/dart: Initialize DART_STREAMS_ENABLE (git-fixes). - iommu/dma: Fix incorrect error return on iommu deferred attach (git-fixes). - iommu/dma: Fix iova map result check bug (git-fixes). - iommu/dma: return error code from iommu_dma_map_sg() (git-fixes). - iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe() (git-fixes). - iommu/io-pgtable-arm-v7s: Add a quirk to allow pgtable PA up to 35bit (git-fixes). - iommu/iova: Fix module config properly (git-fixes). - iommu/mediatek: Add error path for loop of mm_dts_parse (git-fixes). - iommu/mediatek: Add platform_device_put for recovering the device refcnt (git-fixes). - iommu/mediatek: Check return value after calling platform_get_resource() (git-fixes). - iommu/mediatek: Set dma_mask for PGTABLE_PA_35_EN (git-fixes). - iommu/mediatek: Use component_match_add (git-fixes). - iommu/mediatek: Validate number of phandles associated with 'mediatek,larbs' (git-fixes). - iommu/omap: Fix buffer overflow in debugfs (git-fixes). - iommu/rockchip: fix permission bits in page table entries v2 (git-fixes). - iommu/s390: Fix duplicate domain attachments (git-fixes). - iommu/sun50i: Consider all fault sources for reset (git-fixes). - iommu/sun50i: Fix R/W permission check (git-fixes). - iommu/sun50i: Fix flush size (git-fixes). - iommu/sun50i: Fix reset release (git-fixes). - iommu/sun50i: Implement .iotlb_sync_map (git-fixes). - iommu/sun50i: Remove IOMMU_DOMAIN_IDENTITY (git-fixes). - iommu/vt-d: Add RPLS to quirk list to skip TE disabling (git-fixes). - iommu/vt-d: Check correct capability for sagaw determination (git-fixes). - iommu/vt-d: Clean up si_domain in the init_dmars() error path (git-fixes). - iommu/vt-d: Correctly calculate sagaw value of IOMMU (git-fixes). - iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init() (git-fixes). - iommu/vt-d: Fix PCI device refcount leak in has_external_pci() (git-fixes). - iommu/vt-d: Fix kdump kernels boot failure with scalable mode (git-fixes). - iommu/vt-d: Preset Access bit for IOVA in FL non-leaf paging entries (git-fixes). - iommu/vt-d: Set SRE bit only when hardware has SRS cap (git-fixes). - ipmi:ssif: Add check for kstrdup (git-fixes). - ipmi:ssif: Fix a memory leak when scanning for an adapter (git-fixes). - ipmi_si: fix a memleak in try_smi_init() (git-fixes). - jffs2: correct logic when creating a hole in jffs2_write_begin (git-fixes). - kabi/severities: Ignore newly added SRSO mitigation functions - kabi: Allow extra bugsints (bsc#1213927). - kernel-binary: Common dependencies cleanup Common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there. - kernel-binary: Drop code for kerntypes support Kerntypes was a SUSE-specific feature dropped before SLE 12. - kunit: make kunit_test_timeout compatible with comment (git-fixes). - leds: Fix BUG_ON check for LED_COLOR_ID_MULTI that is always false (git-fixes). - leds: multicolor: Use rounded division when calculating color components (git-fixes). - leds: pwm: Fix error code in led_pwm_create_fwnode() (git-fixes). - leds: trigger: tty: Do not use LED_ON/OFF constants, use led_blink_set_oneshot instead (git-fixes). - leds: turris-omnia: Drop unnecessary mutex locking (git-fixes). - lib/test_meminit: allocate pages up to order MAX_ORDER (git-fixes). - lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test (git-fixes). - libbpf: Fix BTF-to-C converter's padding logic (bsc#1211220 jsc#PED-3924). - libbpf: Fix btf_dump's packed struct determination (bsc#1211220 jsc#PED-3924). - libbpf: Fix single-line struct definition output in btf_dump (bsc#1211220 jsc#PED-3924). - libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393). - md/raid0: Factor out helper for mapping and submitting a bio (bsc#1213916). - md/raid0: Fix performance regression for large sequential writes (bsc#1213916). - media: ad5820: Drop unsupported ad5823 from i2c_ and of_device_id tables (git-fixes). - media: cx24120: Add retval check for cx24120_message_send() (git-fixes). - media: dib7000p: Fix potential division by zero (git-fixes). - media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() (git-fixes). - media: go7007: Remove redundant if statement (git-fixes). - media: i2c: ccs: Check rules is non-NULL (git-fixes). - media: i2c: rdacm21: Fix uninitialized value (git-fixes). - media: i2c: tvp5150: check return value of devm_kasprintf() (git-fixes). - media: ov2680: Add ov2680_fill_format() helper function (git-fixes). - media: ov2680: Do not take the lock for try_fmt calls (git-fixes). - media: ov2680: Fix ov2680_bayer_order() (git-fixes). - media: ov2680: Fix ov2680_set_fmt() which == V4L2_SUBDEV_FORMAT_TRY not working (git-fixes). - media: ov2680: Fix regulators being left enabled on ov2680_power_on() errors (git-fixes). - media: ov2680: Fix vflip / hflip set functions (git-fixes). - media: ov2680: Remove VIDEO_V4L2_SUBDEV_API ifdef-s (git-fixes). - media: ov5640: Enable MIPI interface in ov5640_set_power_mipi() (git-fixes). - media: rkvdec: increase max supported height for H.264 (git-fixes). - media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link() (git-fixes). - media: v4l2-mem2mem: add lock to protect parameter num_rdy (git-fixes). - media: venus: hfi_venus: Only consider sys_idle_indicator on V1 (git-fixes). - media: venus: hfi_venus: Write to VIDC_CTRL_INIT after unmasking interrupts (git-fixes). - misc: rtsx: judge ASPM Mode to set PETXCFG Reg (git-fixes). - mkspec: Allow unsupported KMPs (bsc#1214386) - mlxsw: pci: Add shutdown method in PCI driver (git-fixes). - mmc: block: Fix in_flight[issue_type] value error (git-fixes). - mmc: moxart: read scr register without changing byte order (git-fixes). - mmc: wbsd: fix double mmc_free_host() in wbsd_init() (git-fixes). - module: avoid allocation if module is already present and ready (bsc#1213921). - module: extract patient module check into helper (bsc#1213921). - module: move check_modinfo() early to early_mod_check() (bsc#1213921). - module: move early sanity checks into a helper (bsc#1213921). - mtd: rawnand: brcmnand: Fix crash during the panic_write (git-fixes). - mtd: rawnand: brcmnand: Fix mtd oobsize (git-fixes). - mtd: rawnand: brcmnand: Fix potential false time out warning (git-fixes). - mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write (git-fixes). - mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op() (git-fixes). - mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() (git-fixes). - mtd: rawnand: omap_elm: Fix incorrect type in assignment (git-fixes). - mtd: rawnand: rockchip: Align hwecc vs. raw page helper layouts (git-fixes). - mtd: rawnand: rockchip: fix oobfree offset and description (git-fixes). - mtd: spi-nor: Check bus width while setting QE bit (git-fixes). - mtd: spinand: toshiba: Fix ecc_get_status (git-fixes). - n_tty: Rename tail to old_tail in n_tty_read() (git-fixes). - net: hns3: fix wrong bw weight of disabled tc issue (git-fixes). - net: ieee802154: at86rf230: Stop leaking skb's (git-fixes). - net: mana: Fix MANA VF unload when hardware is unresponsive (git-fixes). - net: phy: at803x: remove set/get wol callbacks for AR8032 (git-fixes). - net: phy: broadcom: stub c45 read/write for 54810 (git-fixes). - net: phy: fix IRQ-based wake-on-lan over hibernate / power off (git-fixes). - net: stmmac: tegra: Properly allocate clock bulk data (bsc#1213733) - net: usb: lan78xx: reorder cleanup operations to avoid UAF bugs (git-fixes). - net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb (git-fixes). - netfs: Fix lockdep warning from taking sb_writers whilst holding mmap_lock (bsc#1214742). - netfs: Fix missing xas_retry() calls in xarray iteration (bsc#1213946 bsc#1214404). - netfs: Fix missing xas_retry() calls in xarray iteration (bsc#1213946). - netfs: fix parameter of cleanup() (bsc#1214743). - nfsd: Remove incorrect check in nfsd4_validate_stateid (git-fixes). - nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse (git-fixes). - nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (git-fixes). - nvme-rdma: fix potential unbalanced freeze & unfreeze (bsc#1208902). - nvme-tcp: fix potential unbalanced freeze & unfreeze (bsc#1208902). - objtool/x86: Fix SRSO mess (git-fixes). - objtool/x86: Fixup frame-pointer vs rethunk (git-fixes). - objtool: Union instruction::{call_dest,jump_table} (git-fixes). - old-flavors: Drop 2.6 kernels. 2.6 based kernels are EOL, upgrading from them is no longer suported. - pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() (git-fixes). - phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write (git-fixes). - phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate (git-fixes). - phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 (git-fixes). - phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend (git-fixes). - phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes). - phy: qcom-snps: Use dev_err_probe() to simplify code (git-fixes). - phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc (git-fixes). - pinctrl: amd: Mask wake bits on probe again (git-fixes). - pinctrl: amd: Revert 'pinctrl: amd: disable and mask interrupts on probe' (git-fixes). - pinctrl: cherryview: fix address_space_handler() argument (git-fixes). - pinctrl: mcp23s08: check return value of devm_kasprintf() (git-fixes). - pinctrl: renesas: rza2: Add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function} (git-fixes). - platform/x86: dell-sysman: Fix reference leak (git-fixes). - powerpc/64e: Fix kexec build error (bsc#1212091 ltc#199106). - powerpc/iommu: Fix iommu_table_in_use for a small default DMA window case (bsc#1212091 ltc#199106). - powerpc/iommu: Incorrect DDW Table is referenced for SR-IOV device (bsc#1212091 ltc#199106). - powerpc/iommu: TCEs are incorrectly manipulated with DLPAR add/remove of memory (bsc#1212091 ltc#199106). - powerpc/iommu: do not set failed sg dma_address to DMA_MAPPING_ERROR (bsc#1212091 ltc#199106). - powerpc/iommu: return error code from .map_sg() ops (bsc#1212091 ltc#199106). - powerpc/kernel/iommu: Add new iommu_table_in_use() helper (bsc#1212091 ltc#199106). - powerpc/kexec: Fix build failure from uninitialised variable (bsc#1212091 ltc#199106). - powerpc/mm/altmap: Fix altmap boundary check (bsc#1120059 git-fixes). - powerpc/pseries/ddw: Do not try direct mapping with persistent memory and one window (bsc#1212091 ltc#199106). - powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Add ddw_list_new_entry() helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Add ddw_property_create() and refactor enable_ddw() (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Add iommu_pseries_alloc_table() helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Add of_node_put() before break (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Allow DDW windows starting at 0x00 (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Check if the default window in use before removing it (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Create huge DMA window if no MMIO32 is present (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Find existing DDW with given property name (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Make use of DDW for indirect mapping (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Print ibm,query-pe-dma-windows parameters (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Rename 'direct window' to 'dma window' (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Reorganize iommu_table_setparms*() with new helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Replace hard-coded page shift (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Update remove_dma_window() to accept property name (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Use correct vfree for it_map (bsc#1212091 ltc#199106). - powerpc/pseries: Add __init attribute to eligible functions (bsc#1212091 ltc#199106). - powerpc/pseries: Honour current SMT state when DLPAR onlining CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - powerpc/pseries: Initialise CPU hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - powerpc/rtas: block error injection when locked down (bsc#1023051). - powerpc/rtas: enture rtas_call is called with MMU enabled (bsc#1023051). - powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051). - powerpc/rtas_flash: allow user copy to flash block cache objects (bsc#1194869). - powerpc/security: Fix Speculation_Store_Bypass reporting on Power10 (bsc#1188885 ltc#193722 git-fixes). - powerpc: Add HOTPLUG_SMT support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). Update config files. - powerpc: Move DMA64_PROPNAME define to a header (bsc#1214297 ltc#197503). - powerpc: fix typos in comments (bsc#1212091 ltc#199106). - pseries/iommu/ddw: Fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503). - pstore/ram: Check start of empty przs during init (git-fixes). - pwm: Add a stub for devm_pwmchip_add() (git-fixes). - pwm: meson: Simplify duplicated per-channel tracking (git-fixes). - pwm: meson: fix handling of period/duty if greater than UINT_MAX (git-fixes). - qed: Fix scheduling in a tasklet while getting stats (git-fixes). - regmap: rbtree: Use alloc_flags for memory allocations (git-fixes). - ring-buffer: Do not swap cpu_buffer during resize process (git-fixes). - ring-buffer: Fix deadloop issue on reading trace_pipe (git-fixes). - ring-buffer: Fix wrong stat of cpu_buffer->read (git-fixes). - rpm/mkspec-dtb: support for nested subdirs - rpmsg: glink: Add check for kstrdup (git-fixes). - s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976). - s390/purgatory: disable branch profiling (git-fixes bsc#1214372). - s390/zcrypt: fix reply buffer calculations for CCA replies (bsc#1213949). - sched/fair: Fix inaccurate tally of ttwu_move_affine (git fixes). - sched/fair: Use recent_used_cpu to test p->cpus_ptr (git fixes). - sched/psi: use kernfs polling functions for PSI trigger polling (bsc#1209799). - scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes). - scsi: 53c700: Check that command slot is not NULL (git-fixes). - scsi: RDMA/srp: Fix residual handling (git-fixes) - scsi: bsg: Increase number of devices (bsc#1210048). - scsi: core: Do not wait for quiesce in scsi_device_block() (bsc#1209284). - scsi: core: Do not wait for quiesce in scsi_stop_queue() (bsc#1209284). - scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes). - scsi: core: Fix possible memory leak if device_add() fails (git-fixes). - scsi: core: Improve warning message in scsi_device_block() (bsc#1209284). - scsi: core: Merge scsi_internal_device_block() and device_block() (bsc#1209284). - scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes). - scsi: qedf: Fix NULL dereference in error handling (git-fixes). - scsi: qedf: Fix firmware halt over suspend and resume (git-fixes). - scsi: qedi: Fix firmware halt over suspend and resume (git-fixes). - scsi: scsi_debug: Remove dead code (git-fixes). - scsi: sg: Increase number of devices (bsc#1210048). - scsi: snic: Fix double free in snic_tgt_create() (git-fixes). - scsi: snic: Fix possible memory leak if device_add() fails (git-fixes). - scsi: storvsc: Always set no_report_opcodes (git-fixes). - scsi: storvsc: Fix handling of virtual Fibre Channel timeouts (git-fixes). - scsi: storvsc: Handle SRB status value 0x30 (git-fixes). - scsi: storvsc: Limit max_sectors for virtual Fibre Channel devices (git-fixes). - scsi: zfcp: Defer fc_rport blocking until after ADISC response (git-fixes bsc#1214371). - selftests/bpf: Test btf dump for struct with padding only fields (bsc#1211220 jsc#PED-3924). - selftests/futex: Order calls to futex_lock_pi (git-fixes). - selftests/harness: Actually report SKIP for signal tests (git-fixes). - selftests/resctrl: Close perf value read fd on errors (git-fixes). - selftests/resctrl: Do not leak buffer in fill_cache() (git-fixes). - selftests/resctrl: Unmount resctrl FS if child fails to run benchmark (git-fixes). - selftests/rseq: check if libc rseq support is registered (git-fixes). - selftests: forwarding: Add a helper to skip test when using veth pairs (git-fixes). - selftests: forwarding: Skip test when no interfaces are specified (git-fixes). - selftests: forwarding: Switch off timeout (git-fixes). - selftests: forwarding: ethtool: Skip when using veth pairs (git-fixes). - selftests: forwarding: ethtool_extended_state: Skip when using veth pairs (git-fixes). - selftests: forwarding: tc_actions: Use ncat instead of nc (git-fixes). - selftests: forwarding: tc_actions: cleanup temporary files when test is aborted (git-fixes). - selftests: forwarding: tc_flower: Relax success criterion (git-fixes). - selftests: mirror_gre_changes: Tighten up the TTL test match (git-fixes). - serial: sc16is7xx: fix broken port 0 uart init (git-fixes). - serial: sc16is7xx: fix bug when first setting GPIO direction (git-fixes). - serial: sprd: Assign sprd_port after initialized to avoid wrong access (git-fixes). - serial: sprd: Fix DMA buffer leak issue (git-fixes). - serial: tegra: handle clk prepare error in tegra_uart_hw_init() (git-fixes). - sfc: fix crash when reading stats while NIC is resetting (git-fixes). - smb3: do not set NTLMSSP_VERSION flag for negotiate not auth request (bsc#1193629). - smb: client: Fix -Wstringop-overflow issues (bsc#1193629). - smb: client: fix dfs link mount against w2k8 (bsc#1212142). - smb: client: fix null auth (git-fixes). - soc: aspeed: socinfo: Add kfree for kstrdup (git-fixes). - soundwire: bus: pm_runtime_request_resume on peripheral attachment (git-fixes). - soundwire: fix enumeration completion (git-fixes). - spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (git-fixes). - supported.conf: fix typos for -!optional markers - swiotlb: Remove bounce buffer remapping for Hyper-V (bsc#1206453). - target: compare and write backend driver sense handling (bsc#1177719 bsc#1213026). - target_core_rbd: fix leak and reduce kmalloc calls (bsc#1212873). - target_core_rbd: fix rbd_img_request.snap_id assignment (bsc#1212857). - target_core_rbd: remove snapshot existence validation code (bsc#1212857). - thunderbolt: Read retimer NVM authentication status prior tb_retimer_set_inbound_sbtx() (git-fixes). - timers: Add shutdown mechanism to the internal functions (bsc#1213970). - timers: Provide timer_shutdown[_sync]() (bsc#1213970). - timers: Rename del_timer() to timer_delete() (bsc#1213970). - timers: Rename del_timer_sync() to timer_delete_sync() (bsc#1213970). - timers: Replace BUG_ON()s (bsc#1213970). - timers: Silently ignore timers with a NULL function (bsc#1213970). - timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970). - timers: Update kernel-doc for various functions (bsc#1213970). - timers: Use del_timer_sync() even on UP (bsc#1213970). - tracing/histograms: Add histograms to hist_vars if they have referenced variables (git-fixes). - tracing/histograms: Return an error if we fail to add histogram to hist_vars list (git-fixes). - tracing/probes: Fix not to count error code to total length (git-fixes). - tracing/probes: Fix to avoid double count of the string length on the array (git-fixes). - tracing/probes: Fix to record 0-length data_loc in fetch_store_string*() if fails (git-fixes). - tracing/probes: Fix to update dynamic data counter if fetcharg uses it (git-fixes). - tracing: Fix cpu buffers unavailable due to 'record_disabled' missed (git-fixes). - tracing: Fix memleak due to race between current_tracer and trace (git-fixes). - tracing: Fix memory leak of iter->temp when reading trace_pipe (git-fixes). - tracing: Fix null pointer dereference in tracing_err_log_open() (git-fixes). - tracing: Fix warning in trace_buffered_event_disable() (git-fixes). - tty: fix hang on tty device with no_room set (git-fixes). - tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux (git-fixes). - tty: serial: fsl_lpuart: Add i.MXRT1050 support (git-fixes). - tty: serial: fsl_lpuart: Clear the error flags by writing 1 for lpuart32 platforms (git-fixes). - tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms (git-fixes). - tty: serial: fsl_lpuart: reduce RX watermark to 0 on LS1028A (git-fixes). - ubifs: Fix memleak when insert_old_idx() failed (git-fixes). - usb-storage: alauda: Fix uninit-value in alauda_check_media() (git-fixes). - usb: chipidea: imx: add missing USB PHY DPDM wakeup setting (git-fixes). - usb: chipidea: imx: do not request QoS for imx8ulp (git-fixes). - usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 (git-fixes). - usb: common: usb-conn-gpio: Prevent bailing out if initial role is none (git-fixes). - usb: dwc3: Fix typos in gadget.c (git-fixes). - usb: dwc3: Properly handle processing of pending events (git-fixes). - usb: dwc3: meson-g12a: do post init to fix broken usb after resumption (git-fixes). - usb: gadget: Fix the memory leak in raw_gadget driver (git-fixes). - usb: gadget: f_mass_storage: Fix unused variable warning (git-fixes). - usb: gadget: u_serial: Avoid spinlock recursion in __gs_console_push (git-fixes). - usb: ohci-at91: Fix the unhandle interrupt when resume (git-fixes). - usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (git-fixes). - usb: quirks: add quirk for Focusrite Scarlett (git-fixes). - usb: serial: option: add Quectel EC200A module support (git-fixes). - usb: serial: option: support Quectel EM060K_128 (git-fixes). - usb: serial: simple: add Kaufmann RKS+CAN VCP (git-fixes). - usb: serial: simple: sort driver entries (git-fixes). - usb: typec: altmodes/displayport: Signal hpd when configuring pin assignment (git-fixes). - usb: typec: tcpm: Fix response to vsafe0V event (git-fixes). - usb: typec: tcpm: set initial svdm version based on pd revision (git-fixes). - usb: zaurus: Add ID for A-300/B-500/C-700 (git-fixes). - watchdog: sp5100_tco: support Hygon FCH/SCH (Server Controller Hub) (git-fixes). - wifi: ath10k: Use RMW accessors for changing LNKCTL (git-fixes). - wifi: ath11k: Use RMW accessors for changing LNKCTL (git-fixes). - wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx (git-fixes). - wifi: ath9k: protect WMI command response buffer replacement with a lock (git-fixes). - wifi: ath9k: use IS_ERR() with debugfs_create_dir() (git-fixes). - wifi: cfg80211: Fix return value in scan logic (git-fixes). - wifi: cfg80211: fix sband iftype data lookup for AP_VLAN (git-fixes). - wifi: mt76: mt7615: do not advertise 5 GHz on first phy of MT7615D (DBDC) (git-fixes). - wifi: mt76: mt7915: fix power-limits while chan_switch (git-fixes). - wifi: mt76: mt7921: do not support one stream on secondary antenna only (git-fixes). - wifi: mt76: mt7921: fix non-PSC channel scan fail (git-fixes). - wifi: mt76: testmode: add nla_policy for MT76_TM_ATTR_TX_LENGTH (git-fixes). - wifi: mwifiex: Fix OOB and integer underflow when rx packets (git-fixes). - wifi: mwifiex: Fix missed return in oob checks failed path (git-fixes). - wifi: mwifiex: avoid possible NULL skb pointer dereference (git-fixes). - wifi: mwifiex: fix error recovery in PCIE buffer descriptor management (git-fixes). - wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (git-fixes). - wifi: nl80211/cfg80211: add forgotten nla_policy for BSS color attribute (git-fixes). - wifi: radiotap: fix kernel-doc notation warnings (git-fixes). - wifi: rtw89: debug: Fix error handling in rtw89_debug_priv_btc_manual_set() (git-fixes). - x86/CPU/AMD: Disable XSAVES on AMD family 0x17 (git-fixes). - x86/alternative: Make custom return thunk unconditional (git-fixes). - x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes). - x86/cpu: Clean up SRSO return thunk mess (git-fixes). - x86/cpu: Cleanup the untrain mess (git-fixes). - x86/cpu: Fix __x86_return_thunk symbol type (git-fixes). - x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (git-fixes). - x86/cpu: Rename original retbleed methods (git-fixes). - x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (git-fixes). - x86/hyperv: Add an interface to do nested hypercalls (bsc#1206453). - x86/hyperv: Add support for detecting nested hypervisor (bsc#1206453). - x86/hyperv: Change vTOM handling to use standard coco mechanisms (bsc#1206453). - x86/hyperv: Remove BUG_ON() for kmap_local_page() (bsc#1206453). - x86/hyperv: Reorder code to facilitate future work (bsc#1206453). - x86/hyperv: Replace kmap() with kmap_local_page() (bsc#1206453). - x86/ioremap: Add hypervisor callback for private MMIO mapping in coco (bsc#1206453). - x86/mce: Make sure logged MCEs are processed after sysfs update (git-fixes). - x86/mm: Handle decryption/re-encryption of bss_decrypted consistently (bsc#1206453). - x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (git-fixes). - x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (git-fixes). - x86/retpoline: Do not clobber RFLAGS during srso_safe_ret() (git-fixes). - x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635). - x86/speculation: Add cpu_show_gds() prototype (git-fixes). - x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes). - x86/srso: Correct the mitigation status when SMT is disabled (git-fixes). - x86/srso: Disable the mitigation on unaffected configurations (git-fixes). - x86/srso: Explain the untraining sequences a bit more (git-fixes). - x86/srso: Fix build breakage with the LLVM linker (git-fixes). - x86/srso: Fix return thunks in generated code (git-fixes). - x86/static_call: Fix __static_call_fixup() (git-fixes). - x86/tdx: Add more registers to struct tdx_hypercall_args (bsc#1206453). - x86/tdx: Do not corrupt frame-pointer in __tdx_hypercall() (bsc#1206453). - x86/tdx: Expand __tdx_hypercall() to handle more arguments (bsc#1206453). - x86/tdx: Fix typo in comment in __tdx_hypercall() (bsc#1206453). - x86/tdx: Refactor __tdx_hypercall() to allow pass down more arguments (bsc#1206453). - xfs: fix sb write verify for lazysbcount (bsc#1214661). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3973-1 Released: Thu Oct 5 10:14:49 2023 Summary: Recommended update for zypper Type: recommended Severity: moderate References: 1213854,1214292,1214395,1215007 This update for zypper fixes the following issues: - Fix name of the bash completion script (bsc#1215007) - Update notes about failing signature checks (bsc#1214395) - Improve the SIGINT handler to be signal safe (bsc#1214292) - Update to version 1.14.64 - Changed location of bash completion script (bsc#1213854). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3978-1 Released: Thu Oct 5 11:45:05 2023 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1157881,1200710,1209859,1212594 This update for nfs-utils fixes the following issues: - SLE15-SP5 and earlier don't use /usr/lib/modprobe.d (bsc#1200710) - Avoid unhelpful warnings (bsc#1157881) - Fix rpc.nfsd man pages (bsc#1209859) - Cope better with duplicate entries in /etc/exports (bsc#1212594) - Allow scope to be set in sysconfig: NFSD_SCOPE ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3985-1 Released: Thu Oct 5 14:05:51 2023 Summary: Recommended update for suse-module-tools Type: recommended Severity: important References: 1201066,1212957,1213428,1213822 This update for suse-module-tools fixes the following issues: - Update to version 15.5.2: * rpm-script: update bootloader after creating initramfs (bsc#1213822) * rpm-script: generate initrd when INITRD_IN_POSTTRANS is set (bsc#1212957) * cert-script: skip cert handling if efivarfs is not writable (bsc#1213428, bsc#1201066) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4003-1 Released: Mon Oct 9 08:29:33 2023 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1215596 This update for apparmor fixes the following issues: - Handle pam-config errors in pam_apparmor %post and %postun scripts (bsc#1215596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4046-1 Released: Wed Oct 11 09:26:03 2023 Summary: Security update for samba Type: security Severity: important References: 1215904,1215905,1215906,1215907,1215908,CVE-2023-3961,CVE-2023-4091,CVE-2023-4154,CVE-2023-42669,CVE-2023-42670 This update for samba fixes the following issues: - CVE-2023-4091: Fixed a bug where a client can truncate file with read-only permissions. (bsc#1215904) - CVE-2023-42669: Fixed a bug in 'rpcecho' development server which allows Denial of Service via sleep() call on AD DC. (bsc#1215905) - CVE-2023-42670: Fixed the procedure number which was out of range when starting Active Directory Users and Computers. (bsc#1215906) - CVE-2023-3961: Fixed an unsanitized client pipe name passed to local_np_connect(). (bsc#1215907) - CVE-2023-4154: Fixed a bug in dirsync which allows SYSTEM access with only 'GUID_DRS_GET_CHANGES' right. (bsc#1215908) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4054-1 Released: Thu Oct 12 09:49:39 2023 Summary: Security update for xen Type: security Severity: important References: 1215744,1215746,1215747,1215748,CVE-2023-34323,CVE-2023-34325,CVE-2023-34326,CVE-2023-34327,CVE-2023-34328 This update for xen fixes the following issues: - CVE-2023-34323: A transaction conflict can crash C Xenstored (XSA-440, bsc#1215744) - CVE-2023-34326: Missing IOMMU TLB flushing (XSA-442, bsc#1215746) - CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling (XSA-443, bsc#1215747) - CVE-2023-34327: Debug Mask handling (XSA-444, bsc#1215748) - CVE-2023-34328: Debug Mask handling (XSA-444, bsc#1215748) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4071-1 Released: Fri Oct 13 10:29:55 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1152472,1202845,1206453,1213808,1214928,1214942,1214943,1214944,1214950,1214951,1214954,1214957,1214986,1214988,1214992,1214993,1215322,1215877,1215894,1215895,1215896,1215911,1215915,1215916,CVE-2023-1192,CVE-2023-1206,CVE-2023-1859,CVE-2023-2177,CVE-2023-39192,CVE-2023-39193,CVE-2023-39194,CVE-2023-4155,CVE-2023-42753,CVE-2023-42754,CVE-2023-4389,CVE-2023-4622,CVE-2023-4623,CVE-2023-4881,CVE-2023-4921,CVE-2023-5345 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-39194: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215861) - CVE-2023-39193: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215860) - CVE-2023-39192: Fixed a flaw in the u32_match_it function which could allow a local attackers to disclose sensitive information. (bsc#1215858) - CVE-2023-42754: Fixed a null pointer dereference in ipv4_link_failure which could lead an authenticated attacker to trigger a DoS. (bsc#1215467) - CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215899) - CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages. (bsc#1214022) - CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351). - CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150). - CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703). - CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275). - CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117). - CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). - CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169). - CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). - CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system (bsc#1210643). - CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995). The following non-security bugs were fixed: - ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs (git-fixes). - ALSA: hda/realtek: Splitting the UX3402 into two separate models (git-fixes). - ARM: pxa: remove use of symbol_get() (git-fixes). - arm64: csum: Fix OoB access in IP checksum code for negative lengths (git-fixes). - arm64: module-plts: inline linux/moduleloader.h (git-fixes) - arm64: module: Use module_init_layout_section() to spot init sections (git-fixes) - arm64: sdei: abort running SDEI handlers during crash (git-fixes) - arm64: tegra: Update AHUB clock parent and rate (git-fixes) - arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git-fixes) - arm64/hyperv: Use CPUHP_AP_HYPERV_ONLINE state to fix CPU online sequencing (bsc#1206453). - ASoC: amd: yc: Fix non-functional mic on Lenovo 82QF and 82UG (git-fixes). - ASoC: hdaudio.c: Add missing check for devm_kstrdup (git-fixes). - ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes). - ASoC: meson: spdifin: start hw on dai probe (git-fixes). - ASoC: rt5640: Fix IRQ not being free-ed for HDA jack detect mode (git-fixes). - ASoC: rt5640: Fix sleep in atomic context (git-fixes). - ASoC: rt5640: Revert 'Fix sleep in atomic context' (git-fixes). - ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes). - ASoC: SOF: core: Only call sof_ops_free() on remove if the probe was successful (git-fixes). - ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes). - ata: libata: disallow dev-initiated LPM transitions to unsupported states (git-fixes). - ata: pata_falcon: fix IO base selection for Q40 (git-fixes). - ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes). - ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes). - backlight: gpio_backlight: Drop output GPIO direction check for initial power state (git-fixes). - blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986). - blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992). - block/mq-deadline: use correct way to throttling write requests (bsc#1214993). - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (git-fixes). - bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322). - bpf: Clear the probe_addr for uprobe (git-fixes). - btrfs: do not hold CPU for too long when defragging a file (bsc#1214988). - clocksource: hyper-v: Mark hyperv tsc page unencrypted in sev-snp enlightened guest (bsc#1206453). - drivers: hv: Mark percpu hvcall input arg page unencrypted in SEV-SNP enlightened guest (bsc#1206453). - Drivers: hv: vmbus: Bring the post_msg_page back for TDX VMs with the paravisor (bsc#1206453). - Drivers: hv: vmbus: Support >64 VPs for a fully enlightened TDX/SNP VM (bsc#1206453). - Drivers: hv: vmbus: Support fully enlightened TDX guests (bsc#1206453). - drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (git-fixes). - drm/amd/display: Add smu write msg id fail retry process (git-fixes). - drm/amd/display: enable cursor degamma for DCN3+ DRM legacy gamma (git-fixes). - drm/amd/display: fix the white screen issue when >= 64GB DRAM (git-fixes). - drm/amd/display: prevent potential division by zero errors (git-fixes). - drm/amd/display: register edp_backlight_control() for DCN301 (git-fixes). - drm/amd/display: Remove wait while locked (git-fixes). - drm/ast: Add BMC virtual connector (bsc#1152472) Backporting changes: * rename ast_device to ast_private - drm/ast: report connection status on Display Port. (bsc#1152472) Backporting changes: * rename ast_device to ast_private * context changes - drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808). - drm/i915: mark requests for GuC virtual engines to avoid use-after-free (git-fixes). - drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (git-fixes). - drm/i915/gvt: Put the page reference obtained by KVM's gfn_to_pfn() (git-fixes). - drm/i915/gvt: Verify pfn is 'valid' before dereferencing 'struct page' (git-fixes). - drm/meson: fix memory leak on ->hpd_notify callback (git-fixes). - drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes). - drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes). - ext4: avoid potential data overflow in next_linear_group (bsc#1214951). - ext4: correct inline offset when handling xattrs in inode body (bsc#1214950). - ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954). - ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943). - ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944). - ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942). - ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941). - ext4: Remove ext4 locking of moved directory (bsc#1214957). - ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940). - fs: do not update freeing inode i_io_list (bsc#1214813). - fs: Establish locking order for unrelated directories (bsc#1214958). - fs: Lock moved directories (bsc#1214959). - fs: lockd: avoid possible wrong NULL parameter (git-fixes). - fs: no need to check source (bsc#1215752). - fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE (bsc#1214813). - fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581). - gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479). - gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479). - gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479). - gve: Changes to add new TX queues (bsc#1214479). - gve: Control path for DQO-QPL (bsc#1214479). - gve: fix frag_list chaining (bsc#1214479). - gve: Fix gve interrupt names (bsc#1214479). - gve: RX path for DQO-QPL (bsc#1214479). - gve: trivial spell fix Recive to Receive (bsc#1214479). - gve: Tx path for DQO-QPL (bsc#1214479). - gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479). - gve: use vmalloc_array and vcalloc (bsc#1214479). - gve: XDP support GQI-QPL: helper function changes (bsc#1214479). - hwrng: virtio - add an internal buffer (git-fixes). - hwrng: virtio - always add a pending request (git-fixes). - hwrng: virtio - do not wait on cleanup (git-fixes). - hwrng: virtio - do not waste entropy (git-fixes). - hwrng: virtio - Fix race on data_avail and actual data (git-fixes). - i2c: aspeed: Reset the i2c controller when timeout occurs (git-fixes). - i3c: master: svc: fix probe failure when no i3c device exist (git-fixes). - i915/pmu: Move execlist stats initialization to execlist specific setup (git-fixes). - idr: fix param name in idr_alloc_cyclic() doc (git-fixes). - Input: tca6416-keypad - fix interrupt enable disbalance (git-fixes). - iommu/virtio: Detach domain on endpoint release (git-fixes). - iommu/virtio: Return size mapped for a detached domain (git-fixes). - jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953). - jbd2: correct the end of the journal recovery scan range (bsc#1214955). - jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949). - jbd2: fix checkpoint cleanup performance regression (bsc#1214952). - jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948). - jbd2: recheck chechpointing non-dirty buffer (bsc#1214945). - jbd2: remove journal_clean_one_cp_list() (bsc#1214947). - jbd2: remove t_checkpoint_io_list (bsc#1214946). - jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946). - kabi: hide changes in enum ipl_type and struct sclp_info (jsc#PED-2023 jsc#PED-2025). - kabi/severities: ignore mlx4 internal symbols - kconfig: fix possible buffer overflow (git-fixes). - kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template. - kernel-binary: python3 is needed for build At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar scripts may exist. - kselftest/runner.sh: Propagate SIGTERM to runner child (git-fixes). - KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915). - KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896). - KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916). - KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894). - KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895). - KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911). - KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-fixes). - KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes). - KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes). - KVM: x86/mmu: Include mmu.h in spte.h (git-fixes). - loop: Fix use-after-free issues (bsc#1214991). - loop: loop_set_status_from_info() check before assignment (bsc#1214990). - mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (bsc#1187236). - mlx4: Connect the ethernet part to the auxiliary bus (bsc#1187236). - mlx4: Connect the infiniband part to the auxiliary bus (bsc#1187236). - mlx4: Delete custom device management logic (bsc#1187236). - mlx4: Get rid of the mlx4_interface.activate callback (bsc#1187236). - mlx4: Get rid of the mlx4_interface.get_dev callback (bsc#1187236). - mlx4: Move the bond work to the core driver (bsc#1187236). - mlx4: Register mlx4 devices to an auxiliary virtual bus (bsc#1187236). - mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236). - mlx4: Replace the mlx4_interface.event callback with a notifier (bsc#1187236). - mlx4: Use 'void *' as the event param of mlx4_dispatch_event() (bsc#1187236). - module: Expose module_init_layout_section() (git-fixes) - net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes). - net: mana: Add page pool for RX buffers (bsc#1214040). - net: mana: Configure hwc timeout from hardware (bsc#1214037). - net: phy: micrel: Correct bit assignments for phy_device flags (git-fixes). - net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes). - net/mlx4: Remove many unnecessary NULL values (bsc#1187236). - NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git-fixes). - NFS/blocklayout: Use the passed in gfp flags (git-fixes). - NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes). - NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes). - NFSD: fix change_info in NFSv4 RENAME replies (git-fixes). - NFSD: Fix race to FREE_STATEID and cl_revoked (git-fixes). - NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes). - NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes). - NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes). - NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes). - NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes). - ntb: Clean up tx tail index on link down (git-fixes). - ntb: Drop packets when qp link is down (git-fixes). - ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes). - nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543). - nvme-tcp: add recovery_delay to sysfs (bsc#1201284). - nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284). - nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284). - nvme-tcp: make 'err_work' a delayed work (bsc#1201284). - PCI: Free released resource after coalescing (git-fixes). - platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (git-fixes). - platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (git-fixes). - platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes). - platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors (git-fixes). - platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git-fixes). - platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes). - platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes). - platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes). - pNFS: Fix assignment of xprtdata.cred (git-fixes). - powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582). - powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729). - powerpc/xics: Remove unnecessary endian conversion (bsc#1065729). - printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875). - pwm: lpc32xx: Remove handling of PWM channels (git-fixes). - quota: add new helper dquot_active() (bsc#1214998). - quota: factor out dquot_write_dquot() (bsc#1214995). - quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963). - quota: fix warning in dqgrab() (bsc#1214962). - quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961). - quota: rename dquot_active() to inode_quota_active() (bsc#1214997). - RDMA/siw: Fabricate a GID on tun and loopback devices (git-fixes) - s390/dasd: fix command reject error on ESE devices (LTC#203630 bsc#1215123 git-fixes). - s390/dasd: fix hanging device after request requeue (git-fixes LTC#203629 bsc#1215124). - s390/ipl: add DEFINE_GENERIC_LOADPARM() (jsc#PED-2023). - s390/ipl: add eckd dump support (jsc#PED-2025). - s390/ipl: add eckd support (jsc#PED-2023). - s390/ipl: add loadparm parameter to eckd ipl/reipl data (jsc#PED-2023). - s390/ipl: use octal values instead of S_* macros (jsc#PED-2023). - s390/qeth: Do not call dev_close/dev_open (DOWN/UP) (bsc#1214873 git-fixes). - s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215148). - scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes). - scsi: 53c700: Check that command slot is not NULL (git-fixes). - scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes). - scsi: core: Fix possible memory leak if device_add() fails (git-fixes). - scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes). - scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE (git-fixes). - scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes). - scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes). - scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (git-fixes). - scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes). - scsi: lpfc: Remove reftag check in DIF paths (git-fixes). - scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658). - scsi: qedf: Fix firmware halt over suspend and resume (git-fixes). - scsi: qedf: Fix NULL dereference in error handling (git-fixes). - scsi: qedi: Fix firmware halt over suspend and resume (git-fixes). - scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928). - scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928). - scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928). - scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928). - scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes). - scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928). - scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928). - scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928). - scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928). - scsi: qla2xxx: Remove unused declarations (bsc#1214928). - scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928). - scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928). - scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes). - scsi: scsi_debug: Remove dead code (git-fixes). - scsi: snic: Fix double free in snic_tgt_create() (git-fixes). - scsi: snic: Fix possible memory leak if device_add() fails (git-fixes). - scsi: storvsc: Handle additional SRB status values (git-fixes). - scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941). - selftests: mlxsw: Fix test failure on Spectrum-4 (jsc#PED-1549). - selftests: tracing: Fix to unmount tracefs for recovering environment (git-fixes). - spi: Add TPM HW flow flag (bsc#1213534) - spi: tegra210-quad: Enable TPM wait polling (bsc#1213534) - spi: tegra210-quad: set half duplex flag (bsc#1213534) - SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes). - tcpm: Avoid soft reset when partner does not support get_status (git-fixes). - tpm_tis_spi: Add hardware wait polling (bsc#1213534) - tracing: Fix race issue between cpu buffer write and swap (git-fixes). - tracing: Remove extra space at the end of hwlat_detector/mode (git-fixes). - tracing: Remove unnecessary copying of tr->current_trace (git-fixes). - uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes). - udf: Fix extension of the last extent in the file (bsc#1214964). - udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965). - udf: Fix off-by-one error when discarding preallocation (bsc#1214966). - udf: Fix uninitialized array access for some pathnames (bsc#1214967). - Update metadata - uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes). - usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes). - usb: ehci: move new member has_ci_pec_bug into hole (git-fixes). - usb: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes). - usb: serial: option: add Quectel EM05G variant (0x030e) (git-fixes). - usb: typec: tcpci: clear the fault status bit (git-fixes). - usb: typec: tcpci: move tcpci.h to include/linux/usb/ (git-fixes). - vhost_vdpa: fix the crash in unmap a large memory (git-fixes). - vhost-scsi: unbreak any layout for response (git-fixes). - vhost: allow batching hint without size (git-fixes). - vhost: allow batching hint without size (git-fixes). - vhost: fix hung thread due to erroneous iotlb entries (git-fixes). - vhost: handle error while adding split ranges to iotlb (git-fixes). - virtio_net: add checking sq is full inside xdp xmit (git-fixes). - virtio_net: Fix probe failed when modprobe virtio_net (git-fixes). - virtio_net: reorder some funcs (git-fixes). - virtio_net: separate the logic of checking whether sq is full (git-fixes). - virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes). - virtio-blk: set req->state to MQ_RQ_COMPLETE after polling I/O is finished (git-fixes). - virtio-mmio: do not break lifecycle of vm_dev (git-fixes). - virtio-net: fix race between set queues and probe (git-fixes). - virtio-net: set queues after driver_ok (git-fixes). - virtio-rng: make device ready before making request (git-fixes). - virtio: acknowledge all features before access (git-fixes). - vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582). - watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (git-fixes). - word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729). - x86/alternative: Fix race in try_get_desc() (git-fixes). - x86/boot/e820: Fix typo in e820.c comment (git-fixes). - x86/bugs: Reset speculation control settings on init (git-fixes). - x86/coco: Allow CPU online/offline for a TDX VM with the paravisor on Hyper-V (bsc#1206453). - x86/coco: Export cc_vendor (bsc#1206453). - x86/cpu: Add Lunar Lake M (git-fixes). - x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes). - x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git-fixes). - x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git-fixes). - x86/hyperv: Add hv_isolation_type_tdx() to detect TDX guests (bsc#1206453). - x86/hyperv: Add hv_write_efer() for a TDX VM with the paravisor (bsc#1206453). - x86/hyperv: Add hyperv-specific handling for VMMCALL under SEV-ES (bsc#1206453). - x86/hyperv: Add missing 'inline' to hv_snp_boot_ap() stub (bsc#1206453). - x86/hyperv: Add sev-snp enlightened guest static key (bsc#1206453) - x86/hyperv: Add smp support for SEV-SNP guest (bsc#1206453). - x86/hyperv: Add VTL specific structs and hypercalls (bsc#1206453). - x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline (bsc#1206453). - x86/hyperv: Fix serial console interrupts for fully enlightened TDX guests (bsc#1206453). - x86/hyperv: Fix undefined reference to isolation_type_en_snp without CONFIG_HYPERV (bsc#1206453). - x86/hyperv: Introduce a global variable hyperv_paravisor_present (bsc#1206453). - x86/hyperv: Mark hv_ghcb_terminate() as noreturn (bsc#1206453). - x86/hyperv: Mark Hyper-V vp assist page unencrypted in SEV-SNP enlightened guest (bsc#1206453). - x86/hyperv: Move the code in ivm.c around to avoid unnecessary ifdef's (bsc#1206453). - x86/hyperv: Remove hv_isolation_type_en_snp (bsc#1206453). - x86/hyperv: Set Virtual Trust Level in VMBus init message (bsc#1206453). - x86/hyperv: Support hypercalls for fully enlightened TDX guests (bsc#1206453). - x86/hyperv: Use TDX GHCI to access some MSRs in a TDX VM with the paravisor (bsc#1206453). - x86/hyperv: Use vmmcall to implement Hyper-V hypercall in sev-snp enlightened guest (bsc#1206453). - x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes). - x86/ioapic: Do not return 0 from arch_dynirq_lower_bound() (git-fixes). - x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes). - x86/mce: Retrieve poison range from hardware (git-fixes). - x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes). - x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes). - x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes). - x86/purgatory: remove PGO flags (git-fixes). - x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git-fixes). - x86/reboot: Disable virtualization in an emergency if SVM is supported (git-fixes). - x86/resctl: fix scheduler confusion with 'current' (git-fixes). - x86/resctrl: Fix task CLOSID/RMID update race (git-fixes). - x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes). - x86/rtc: Remove __init for runtime functions (git-fixes). - x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635). - x86/sgx: Reduce delay and interference of enclave release (git-fixes). - x86/srso: Do not probe microcode in a guest (git-fixes). - x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes). - x86/srso: Fix srso_show_state() side effect (git-fixes). - x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes). - x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes). - xen: remove a confusing comment on auto-translated guest I/O (git-fixes). - xprtrdma: Remap Receive buffers after a reconnect (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) The following package changes have been done: - apparmor-abstractions-3.0.4-150500.11.9.1 updated - apparmor-parser-3.0.4-150500.11.9.1 updated - bind-utils-9.16.44-150500.8.12.2 updated - containerd-ctr-1.6.21-150000.95.1 updated - containerd-1.6.21-150000.95.1 updated - curl-8.0.1-150400.5.32.1 updated - dracut-055+suse.371.g5237e44a-150500.3.12.1 updated - glibc-locale-base-2.31-150300.58.1 updated - glibc-locale-2.31-150300.58.1 updated - glibc-2.31-150300.58.1 updated - kernel-default-5.14.21-150500.55.31.1 updated - libapparmor1-3.0.4-150500.11.9.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - libeconf0-0.5.2-150400.3.6.1 updated - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libhidapi-hidraw0-0.10.1-150300.3.2.1 updated - libnghttp2-14-1.40.0-150200.9.1 updated - libpython3_6m1_0-3.6.15-150300.10.51.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - libxml2-2-2.10.3-150500.5.8.1 updated - login_defs-4.8.1-150400.10.12.1 updated - nfs-client-2.1.1-150500.22.3.1 updated - perl-Bootloader-0.945-150400.3.9.1 updated - python3-base-3.6.15-150300.10.51.1 updated - python3-bind-9.16.44-150500.8.12.2 updated - python3-ply-3.10-150000.3.5.1 updated - python3-3.6.15-150300.10.51.1 updated - rpm-ndb-4.14.3-150400.59.3.1 updated - runc-1.1.8-150000.49.1 updated - samba-client-libs-4.17.9+git.421.abde31ca5c2-150500.3.11.1 updated - shadow-4.8.1-150400.10.12.1 updated - supportutils-3.1.26-150300.7.35.21.1 updated - suse-build-key-12.0-150000.8.34.1 updated - suse-module-tools-15.5.2-150500.3.3.1 updated - xen-libs-4.17.2_06-150500.3.12.1 updated - zypper-1.14.64-150400.3.32.1 updated - sysfsutils-2.1.0-3.3.1 removed From sle-updates at lists.suse.com Mon Oct 16 09:12:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Oct 2023 11:12:28 +0200 (CEST) Subject: SUSE-IU-2023:732-1: Security update of suse-sles-15-sp5-chost-byos-v20231013-hvm-ssd-x86_64 Message-ID: <20231016091228.886B3F78C@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20231013-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:732-1 Image Tags : suse-sles-15-sp5-chost-byos-v20231013-hvm-ssd-x86_64:20231013 Image Release : Severity : important Type : security References : 1023051 1120059 1152472 1157881 1177719 1181477 1188885 1193629 1194869 1196933 1200710 1201066 1202845 1203329 1203330 1204942 1205462 1205533 1206402 1206453 1206453 1206608 1207543 1207598 1208902 1208928 1208949 1209233 1209284 1209799 1209859 1209979 1210015 1210048 1210448 1210950 1211078 1211220 1211598 1211599 1211829 1212091 1212142 1212423 1212475 1212475 1212526 1212594 1212819 1212857 1212873 1212910 1212957 1213026 1213123 1213127 1213428 1213546 1213580 1213601 1213666 1213733 1213757 1213759 1213808 1213822 1213854 1213916 1213921 1213927 1213946 1213949 1213968 1213970 1213971 1214000 1214019 1214052 1214073 1214120 1214149 1214180 1214233 1214238 1214285 1214292 1214297 1214299 1214305 1214350 1214368 1214370 1214371 1214372 1214380 1214386 1214392 1214393 1214395 1214397 1214404 1214428 1214451 1214458 1214535 1214635 1214659 1214661 1214692 1214727 1214729 1214742 1214743 1214756 1214768 1214806 1214928 1214942 1214943 1214944 1214950 1214951 1214954 1214957 1214976 1214986 1214988 1214992 1214993 1215007 1215026 1215064 1215145 1215322 1215472 1215474 1215522 1215523 1215552 1215553 1215578 1215596 1215713 1215744 1215746 1215747 1215748 1215877 1215888 1215889 1215894 1215895 1215896 1215904 1215905 1215906 1215907 1215908 1215911 1215915 1215916 CVE-2022-38457 CVE-2022-40133 CVE-2022-45154 CVE-2023-1192 CVE-2023-1206 CVE-2023-1859 CVE-2023-2007 CVE-2023-20588 CVE-2023-20588 CVE-2023-2177 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 CVE-2023-3341 CVE-2023-34319 CVE-2023-34322 CVE-2023-34323 CVE-2023-34325 CVE-2023-34326 CVE-2023-34327 CVE-2023-34328 CVE-2023-35945 CVE-2023-3610 CVE-2023-37453 CVE-2023-3772 CVE-2023-38039 CVE-2023-38545 CVE-2023-38546 CVE-2023-3863 CVE-2023-39192 CVE-2023-39193 CVE-2023-39194 CVE-2023-3961 CVE-2023-39615 CVE-2023-40217 CVE-2023-40283 CVE-2023-4039 CVE-2023-4091 CVE-2023-4128 CVE-2023-4133 CVE-2023-4134 CVE-2023-4147 CVE-2023-4154 CVE-2023-4155 CVE-2023-4194 CVE-2023-42669 CVE-2023-42670 CVE-2023-4273 CVE-2023-42753 CVE-2023-42754 CVE-2023-4387 CVE-2023-4389 CVE-2023-4459 CVE-2023-4563 CVE-2023-4569 CVE-2023-4622 CVE-2023-4623 CVE-2023-4641 CVE-2023-4881 CVE-2023-4921 CVE-2023-5345 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20231013-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3663-1 Released: Mon Sep 18 21:49:09 2023 Summary: Recommended update for perl-Bootloader Type: recommended Severity: important References: 1215064 This update for perl-Bootloader fixes the following issues: - bootloader_entry script can have an optional 'force-default' argument (bsc#1215064) - skip warning about unsupported options when in compat mode ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3666-1 Released: Mon Sep 18 21:52:18 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3717-1 Released: Thu Sep 21 06:51:51 2023 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1214458 This update for apparmor fixes the following issues: - Update zgrep profile to allow egrep helper use (bsc#1214458) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3780-1 Released: Tue Sep 26 10:58:21 2023 Summary: Recommended update hidapi Type: recommended Severity: moderate References: 1214535 This update for hidapi ships the missing libhidapi-raw0 library to SLE and Leap Micro 5.3 and 5.4. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3814-1 Released: Wed Sep 27 18:08:17 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1211829,1212819,1212910 This update for glibc fixes the following issues: - nscd: Fix netlink cache invalidation if epoll is used (bsc#1212910, BZ #29415) - Restore lookup of IPv4 mapped addresses in files database (bsc#1212819, BZ #25457) - elf: Remove excessive p_align check on PT_LOAD segments (bsc#1211829, BZ #28688) - elf: Properly align PT_LOAD segments (bsc#1211829, BZ #28676) - ld.so: Always use MAP_COPY to map the first segment (BZ #30452) - add GB18030-2022 charmap (jsc#PED-4908, BZ #30243) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3817-1 Released: Wed Sep 27 18:31:14 2023 Summary: Security update for containerd Type: security Severity: important References: 1212475 This update of containerd fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3821-1 Released: Wed Sep 27 18:38:33 2023 Summary: Security update for bind Type: security Severity: important References: 1215472,CVE-2023-3341 This update for bind fixes the following issues: Update to release 9.16.44: - CVE-2023-3341: Fixed stack exhaustion flaw in control channel code may cause named to terminate unexpectedly (bsc#1215472). Update to release 9.16.43 * Processing already-queued queries received over TCP could cause an assertion failure, when the server was reconfigured at the same time or the cache was being flushed. This has been fixed. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3822-1 Released: Wed Sep 27 18:40:14 2023 Summary: Security update for supportutils Type: security Severity: moderate References: 1181477,1196933,1204942,1205533,1206402,1206608,1207543,1207598,1208928,1209979,1210015,1210950,1211598,1211599,1213127,CVE-2022-45154 This update for supportutils fixes the following issues: Security fixes: - CVE-2022-45154: Removed iSCSI passwords (bsc#1207598). Other Fixes: - Changes in version 3.1.26 + powerpc plugin to collect the slots and active memory (bsc#1210950) + A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154 + supportconfig: collect BPF information (pr#154) + Added additional iscsi information (pr#155) - Added run time detection (bsc#1213127) - Changes for supportutils version 3.1.25 + Removed iSCSI passwords CVE-2022-45154 (bsc#1207598) + powerpc: Collect lsslot,amsstat, and opal elogs (pr#149) + powerpc: collect invscout logs (pr#150) + powerpc: collect RMC status logs (pr#151) + Added missing nvme nbft commands (bsc#1211599) + Fixed invalid nvme commands (bsc#1211598) + Added missing podman information (PED-1703, bsc#1181477) + Removed dependency on sysfstools + Check for systool use (bsc#1210015) + Added selinux checking (bsc#1209979) + Updated SLES_VER matrix - Fixed missing status detail for apparmor (bsc#1196933) - Corrected invalid argument list in docker.txt (bsc#1206608) - Applies limit equally to sar data and text files (bsc#1207543) - Collects hwinfo hardware logs (bsc#1208928) - Collects lparnumascore logs (issue#148) - Add dependency to `numactl` on ppc64le and `s390x`, this enforces that `numactl --hardware` data is provided in supportconfigs - Changes to supportconfig.rc version 3.1.11-35 + Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402) - Changes to supportconfig version 3.1.11-46.4 + Added plymouth_info - Changes to getappcore version 1.53.02 + The location of chkbin was updated earlier. This documents that change (bsc#1205533, bsc#1204942) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3823-1 Released: Wed Sep 27 18:42:38 2023 Summary: Security update for curl Type: security Severity: important References: 1215026,CVE-2023-38039 This update for curl fixes the following issues: - CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. (bsc#1215026) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3828-1 Released: Wed Sep 27 19:07:38 2023 Summary: Security update for python3 Type: security Severity: important References: 1214692,CVE-2023-40217 This update for python3 fixes the following issues: - CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3831-1 Released: Wed Sep 27 19:15:23 2023 Summary: Security update for xen Type: security Severity: important References: 1215145,1215474,CVE-2023-20588,CVE-2023-34322 This update for xen fixes the following issues: - CVE-2023-20588: Fixed AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474). - CVE-2023-34322: Fixed top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3843-1 Released: Wed Sep 27 20:18:06 2023 Summary: Recommended update for suse-build-key Type: recommended Severity: important References: This update for suse-build-key fixes the following issues: This update adds and runs a import-suse-build-key script. It is run after installation with libzypp based installers. (jsc#PED-2777) It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3951-1 Released: Tue Oct 3 19:37:46 2023 Summary: Recommended update for python3-jmespath, python3-ply Type: recommended Severity: moderate References: 1209233 This update for python3-jmespath and python3-ply fixes the following issue: - the packages are required as dependencies for python3-salt, and were missing on aarch64 based SLE Micro flavors so far. There are no functional changes. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3952-1 Released: Tue Oct 3 20:06:23 2023 Summary: Security update for runc Type: security Severity: important References: 1212475 This update of runc fixes the following issues: - Update to runc v1.1.8. Upstream changelog is available from . - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3970-1 Released: Wed Oct 4 14:17:12 2023 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1215578 This update for dracut fixes the following issues: - Honor nvme-cli's /etc/nvme/config.json in NVMe/TCP (bsc#1215578) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3971-1 Released: Wed Oct 4 14:36:01 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1023051,1120059,1177719,1188885,1193629,1194869,1203329,1203330,1205462,1206453,1208902,1208949,1209284,1209799,1210048,1210448,1211220,1212091,1212142,1212423,1212526,1212857,1212873,1213026,1213123,1213546,1213580,1213601,1213666,1213733,1213757,1213759,1213916,1213921,1213927,1213946,1213949,1213968,1213970,1213971,1214000,1214019,1214073,1214120,1214149,1214180,1214233,1214238,1214285,1214297,1214299,1214305,1214350,1214368,1214370,1214371,1214372,1214380,1214386,1214392,1214393,1214397,1214404,1214428,1214451,1214635,1214659,1214661,1214727,1214729,1214742,1214743,1214756,1214976,1215522,1215523,1215552,1215553,CVE-2022-38457,CVE-2022-40133,CVE-2023-2007,CVE-2023-20588,CVE-2023-34319,CVE-2023-3610,CVE-2023-37453,CVE-2023-3772,CVE-2023-3863,CVE-2023-40283,CVE-2023-4128,CVE-2023-4133,CVE-2023-4134,CVE-2023-4147,CVE-2023-4194,CVE-2023-4273,CVE-2023-4387,CVE-2023-4459,CVE-2023-4563,CVE-2023-4569 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-38457: Fixed a use-after-free vulnerability in vmwgfx driver that allowed a local attacker to cause a denial of service (bsc#1203330). - CVE-2022-40133: Fixed a use-after-free vulnerability in vmwgfx driver that allowed a local attacker to cause a denial of service (bsc#1203329). - CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448). - CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927). - CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546). - CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580). - CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123). - CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666). - CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). - CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233). - CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149). - CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970). - CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971). - CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968). - CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019). - CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120). - CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350). - CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451). - CVE-2023-4563: Fixed use-after-free in nft_verdict_dump due to a race between set GC and transaction (bsc#1214727). - CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c (bsc#1214729). The following non-security bugs were fixed: - ACPI/IORT: Update SMMUv3 DeviceID support (bsc#1214305). - ACPI: processor: perflib: Avoid updating frequency QoS unnecessarily (git-fixes). - ACPI: processor: perflib: Use the 'no limit' frequency QoS (git-fixes). - ACPI: x86: s2idle: Fix a logic error parsing AMD constraints table (git-fixes). - ALSA: ac97: Fix possible error value of *rac97 (git-fixes). - ALSA: hda/cs8409: Support new Dell Dolphin Variants (git-fixes). - ALSA: hda/realtek - Remodified 3k pull low procedure (git-fixes). - ALSA: hda/realtek: Add quirk for HP Victus 16-d1xxx to enable mute LED (git-fixes). - ALSA: hda/realtek: Add quirk for mute LEDs on HP ENVY x360 15-eu0xxx (git-fixes). - ALSA: hda/realtek: Add quirks for HP G11 Laptops (git-fixes). - ALSA: hda/realtek: Switch Dell Oasis models to use SPI (git-fixes). - ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl (git-fixes). - ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces (git-fixes). - ALSA: usb-audio: Fix init call orders for UAC1 (git-fixes). - ALSA: ymfpci: Fix the missing snd_card_free() call at probe error (git-fixes). - ARM: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix USB related warnings (git-fixes). - ARM: dts: imx6sll: fixup of operating points (git-fixes). - ARM: spear: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - ASoC: SOF: Intel: fix SoundWire/HDaudio mutual exclusion (git-fixes). - ASoC: amd: yc: Fix a non-functional mic on Lenovo 82SJ (git-fixes). - ASoC: lower 'no backend DAIs enabled for ... Port' log severity (git-fixes). - ASoC: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes). - ASoC: rt5665: add missed regulator_bulk_disable (git-fixes). - ASoC: stac9766: fix build errors with REGMAP_AC97 (git-fixes). - ASoC: tegra: Fix SFC conversion for few rates (git-fixes). - Bluetooth: Fix potential use-after-free when clear keys (git-fixes). - Bluetooth: L2CAP: Fix use-after-free (git-fixes). - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (git-fixes). - Bluetooth: Remove unused declaration amp_read_loc_info() (git-fixes). - Bluetooth: btusb: Add MT7922 bluetooth ID for the Asus Ally (git-fixes). - Bluetooth: btusb: Do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git-fixes). - CONFIG_NVME_VERBOSE_ERRORS=y gone with a82baa8083b - CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13 gone with 7e152d55123 - Created new preempt kernel flavor Configs are cloned from the respective $arch/default configs. All changed configs appart from CONFIG_PREEMPT->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. TREE_RCU has been also changed to PREEMPT_RCU which is the default implementation for PREEMPT kernel. - Documentation: devices.txt: Fix minors for ttyCPM* (git-fixes). - Documentation: devices.txt: Remove ttyIOC* (git-fixes). - Documentation: devices.txt: Remove ttySIOC* (git-fixes). - Drivers: hv: Do not remap addresses that are above shared_gpa_boundary (bsc#1206453). - Drivers: hv: Enable vmbus driver for nested root partition (bsc#1206453). - Drivers: hv: Explicitly request decrypted in vmap_pfn() calls (bsc#1206453). - Drivers: hv: Setup synic registers in case of nested root partition (bsc#1206453). - Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (bsc#1206453). - Drivers: hv: vmbus: Remove second mapping of VMBus monitor pages (bsc#1206453). - Drivers: hv: vmbus: Remove second way of mapping ring buffers (bsc#1206453). - Drivers: hv: vmbus: Remove the per-CPU post_msg_page (bsc#1206453). - Drop amdgpu patch causing spamming (bsc#1215523) - Drop cfg80211 lock fix patches that caused a regression (bsc#1213757) - Drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428) - Enable Analog Devices Industrial Ethernet PHY driver (jsc#PED-4759) - HID: add quirk for 03f0:464a HP Elite Presenter Mouse (git-fixes). - HID: logitech-dj: Fix error handling in logi_dj_recv_switch_to_dj_mode() (git-fixes). - HID: logitech-hidpp: Add USB and Bluetooth IDs for the Logitech G915 TKL Keyboard (git-fixes). - HID: multitouch: Correct devm device reference for hidinput input_dev name (git-fixes). - HID: wacom: remove the battery when the EKR is off (git-fixes). - HWPOISON: offline support: fix spelling in Documentation/ABI/ (git-fixes). - IB/hfi1: Fix possible panic during hotplug remove (git-fixes) - IB/uverbs: Fix an potential error pointer dereference (git-fixes) - Input: exc3000 - properly stop timer on shutdown (git-fixes). - KVM: s390: fix sthyi error handling (git-fixes bsc#1214370). - Kbuild: add -Wno-shift-negative-value where -Wextra is used (bsc#1214756). - Kbuild: move to -std=gnu11 (bsc#1214756). - PCI/ASPM: Avoid link retraining race (git-fixes). - PCI/ASPM: Factor out pcie_wait_for_retrain() (git-fixes). - PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link() (git-fixes). - PCI: Mark NVIDIA T4 GPUs to avoid bus reset (git-fixes). - PCI: acpiphp: Reassign resources on bridge if necessary (git-fixes). - PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus (git-fixes). - PCI: hv: Enable PCI pass-thru devices in Confidential VMs (bsc#1206453). - PCI: hv: Replace retarget_msi_interrupt_params with (bsc#1206453). - PCI: meson: Remove cast between incompatible function type (git-fixes). - PCI: microchip: Correct the DED and SEC interrupt bit offsets (git-fixes). - PCI: microchip: Remove cast between incompatible function type (git-fixes). - PCI: pciehp: Use RMW accessors for changing LNKCTL (git-fixes). - PCI: rockchip: Remove writes to unused registers (git-fixes). - PCI: s390: Fix use-after-free of PCI resources with per-function hotplug (git-fixes). - PCI: tegra194: Fix possible array out of bounds access (git-fixes). - PM / devfreq: Fix leak in devfreq_dev_release() (git-fixes). - RDMA/bnxt_re: Fix error handling in probe failure path (git-fixes) - RDMA/bnxt_re: Fix max_qp count for virtual functions (git-fixes) - RDMA/efa: Fix wrong resources deallocation order (git-fixes) - RDMA/hns: Fix CQ and QP cache affinity (git-fixes) - RDMA/hns: Fix incorrect post-send with direct wqe of wr-list (git-fixes) - RDMA/hns: Fix port active speed (git-fixes) - RDMA/irdma: Prevent zero-length STAG registration (git-fixes) - RDMA/irdma: Replace one-element array with flexible-array member (git-fixes) - RDMA/mlx5: Return the firmware result upon destroying QP/RQ (git-fixes) - RDMA/qedr: Remove a duplicate assignment in irdma_query_ah() (git-fixes) - RDMA/siw: Balance the reference of cep->kref in the error path (git-fixes) - RDMA/siw: Correct wrong debug message (git-fixes) - RDMA/umem: Set iova in ODP flow (git-fixes) - README.BRANCH: Add Miroslav Franc as a SLE15-SP4 co-maintainer. - Revert 'IB/isert: Fix incorrect release of isert connection' (git-fixes) - Revert 'tracing: Add '(fault)' name injection to kernel probes' (git-fixes). - SMB3: Do not send lease break acknowledgment if all file handles have been closed (git-fixes). - Update patches.suse/cpufreq-intel_pstate-Fix-cpu-pstate.turbo_freq-initi.patch (git-fixes bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). - amba: bus: fix refcount leak (git-fixes). - arm64: dts: imx8mn-var-som: add missing pull-up for onboard PHY reset pinmux (git-fixes). - arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (git-fixes). - arm64: dts: rockchip: Disable HS400 for eMMC on ROCK Pi 4 (git-fixes). - audit: fix possible soft lockup in __audit_inode_child() (git-fixes). - backlight/bd6107: Compare against struct fb_info.device (git-fixes). - backlight/gpio_backlight: Compare against struct fb_info.device (git-fixes). - backlight/lv5207lp: Compare against struct fb_info.device (git-fixes). - batman-adv: Do not get eth header before batadv_check_management_packet (git-fixes). - batman-adv: Do not increase MTU when set by user (git-fixes). - batman-adv: Fix TT global entry leak when client roamed back (git-fixes). - batman-adv: Fix batadv_v_ogm_aggr_send memory leak (git-fixes). - batman-adv: Hold rtnl lock during MTU update via netlink (git-fixes). - batman-adv: Trigger events for auto adjusted MTU (git-fixes). - bnx2x: fix page fault following EEH recovery (bsc#1214299). - bpf: Disable preemption in bpf_event_output (git-fixes). - bpftool: Print newline before '}' for struct with padding only fields (bsc#1211220 jsc#PED-3924). - bus: mhi: host: Skip MHI reset if device is in RDDM (git-fixes). - bus: ti-sysc: Fix build warning for 64-bit build (git-fixes). - bus: ti-sysc: Fix cast to enum warning (git-fixes). - bus: ti-sysc: Flush posted write on enable before reset (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM (git-fixes). - ceph: defer stopping mdsc delayed_work (bsc#1214392). - ceph: do not check for quotas on MDS stray dirs (bsc#1214238). - ceph: never send metrics if disable_send_metrics is set (bsc#1214180). - check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380). gcc7 on SLE 15 does not support this while later gcc does. - cifs: add missing return value check for cifs_sb_tlink (bsc#1193629). - cifs: allow dumping keys for directories too (bsc#1193629). - cifs: fix mid leak during reconnection after timeout threshold (git-fixes). - cifs: if deferred close is disabled then close files immediately (git-fixes). - cifs: is_network_name_deleted should return a bool (bsc#1193629). - cifs: update internal module version number for cifs.ko (bsc#1193629). - clk: Fix slab-out-of-bounds error in devm_clk_release() (git-fixes). - clk: Fix undefined reference to `clk_rate_exclusive_{get,put}' (git-fixes). - clk: imx8mp: fix sai4 clock (git-fixes). - clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op (git-fixes). - clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz (git-fixes). - clk: qcom: camcc-sc7180: fix async resume during probe (git-fixes). - clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (git-fixes). - clk: qcom: gcc-sc7180: Fix up gcc_sdcc2_apps_clk_src (git-fixes). - clk: qcom: gcc-sm8250: Fix gcc_sdcc2_apps_clk_src (git-fixes). - clk: sunxi-ng: Modify mismatched function name (git-fixes). - clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - clocksource/drivers/hyper-v: Rework clocksource and sched clock setup (bsc#1206453). - clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - clocksource: hyper-v: Add TSC page support for root partition (bsc#1206453). - clocksource: hyper-v: Introduce TSC PFN getter (bsc#1206453). - clocksource: hyper-v: Introduce a pointer to TSC page (bsc#1206453). - clocksource: hyper-v: Use TSC PFN getter to map vvar page (bsc#1206453). - clocksource: hyper-v: make sure Invariant-TSC is used if it is (bsc#1206453). - cpu/SMT: Allow enabling partial SMT states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/SMT: Create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/SMT: Move SMT prototypes into cpu_smt.h (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/SMT: Move smt/control simple exit cases earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/SMT: Remove topology_smt_supported() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/SMT: Store the current/max number of threads (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpufreq: Fix the race condition while updating the transition_task of policy (git-fixes). - cpufreq: intel_pstate: Adjust balance_performance EPP for Sapphire Rapids (bsc#1214659). - cpufreq: intel_pstate: Enable HWP IO boost for all servers (bsc#1208949 jsc#PED-6003 jsc#PED-6004). - cpufreq: intel_pstate: Fix scaling for hybrid-capable systems with disabled E-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). - cpufreq: intel_pstate: Read all MSRs on the target CPU (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). - cpufreq: intel_pstate: hybrid: Rework HWP calibration (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). - cpufreq: intel_pstate: hybrid: Use known scaling factor for P-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). - crypto: caam - fix unchecked return value error (git-fixes). - crypto: stm32 - Properly handle pm_runtime_get failing (git-fixes). - define more Hyper-V related constants (bsc#1206453). - dma-buf/sw_sync: Avoid recursive lock during fence signal (git-fixes). - dma-buf/sync_file: Fix docs syntax (git-fixes). - dmaengine: idxd: Modify the dependence of attribute pasid_enabled (git-fixes). - dmaengine: mcf-edma: Fix a potential un-allocated memory access (git-fixes). - dmaengine: pl330: Return DMA_PAUSED when transaction is paused (git-fixes). - dmaengine: ste_dma40: Add missing IRQ check in d40_probe (git-fixes). - docs/process/howto: Replace C89 with C11 (bsc#1214756). - docs: kernel-parameters: Refer to the correct bitmap function (git-fixes). - docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx (git-fixes). - docs: printk-formats: Fix hex printing of signed values (git-fixes). - driver core: test_async: fix an error code (git-fixes). - drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init() (git-fixes). - drivers: usb: smsusb: fix error handling code in smsusb_init_device (git-fixes). - drm/amd/display: Apply 60us prefetch for DCFCLK <= 300Mhz (git-fixes). - drm/amd/display: Disable phantom OTG after enable for plane disable (git-fixes). - drm/amd/display: Do not set drr on pipe commit (git-fixes). - drm/amd/display: Enable dcn314 DPP RCO (git-fixes). - drm/amd/display: Ensure that planes are in the same order (git-fixes). - drm/amd/display: Implement workaround for writing to OTG_PIXEL_RATE_DIV register (git-fixes). - drm/amd/display: Retain phantom plane/stream if validation fails (git-fixes). - drm/amd/display: Skip DPP DTO update if root clock is gated (git-fixes). - drm/amd/display: Use update plane and stream routine for DCN32x (git-fixes). - drm/amd/display: check TG is non-null before checking if enabled (git-fixes). - drm/amd/display: check attr flag before set cursor degamma on DCN3+ (git-fixes). - drm/amd/display: disable RCO for DCN314 (git-fixes). - drm/amd/display: do not wait for mpc idle if tg is disabled (git-fixes). - drm/amd/display: fix access hdcp_workqueue assert (git-fixes). - drm/amd/display: fix the build when DRM_AMD_DC_DCN is not set (git-fixes). - drm/amd/display: limit DPIA link rate to HBR3 (git-fixes). - drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes). - drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes). - drm/amd/display: trigger timing sync only if TG is running (git-fixes). - drm/amd/pm/smu7: move variables to where they are used (git-fixes). - drm/amd/pm: avoid unintentional shutdown due to temperature momentary fluctuation (git-fixes). - drm/amd/pm: expose swctf threshold setting for legacy powerplay (git-fixes). - drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create() (git-fixes). - drm/amd/pm: fulfill powerplay peak profiling mode shader/memory clock settings (git-fixes). - drm/amd/pm: fulfill swsmu peak profiling mode shader/memory clock settings (git-fixes). - drm/amd/pm: skip the RLC stop when S0i3 suspend for SMU v13.0.4/11 (git-fixes). - drm/amd: Disable S/G for APUs when 64GB or more host memory (git-fixes). - drm/amd: flush any delayed gfxoff on suspend entry (git-fixes). - drm/amdgpu/pm: fix throttle_status for other than MP1 11.0.7 (git-fixes). - drm/amdgpu: Fix integer overflow in amdgpu_cs_pass1 (git-fixes). - drm/amdgpu: Fix potential fence use-after-free v2 (git-fixes). - drm/amdgpu: Remove unnecessary domain argument (git-fixes). - drm/amdgpu: Use RMW accessors for changing LNKCTL (git-fixes). - drm/amdgpu: add S/G display parameter (git-fixes). - drm/amdgpu: add vram reservation based on vram_usagebyfirmware_v2_2 (git-fixes). - drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() (git-fixes). - drm/amdgpu: fix calltrace warning in amddrm_buddy_fini (git-fixes). - drm/amdgpu: fix memory leak in mes self test (git-fixes). - drm/amdgpu: fix possible UAF in amdgpu_cs_pass1() (git-fixes). - drm/amdgpu: install stub fence into potential unused fence pointers (git-fixes). - drm/amdgpu: keep irq count in amdgpu_irq_disable_all (git-fixes). - drm/amdgpu: skip fence GFX interrupts disable/enable for S0ix (git-fixes). - drm/armada: Fix off-by-one error in armada_overlay_get_property() (git-fixes). - drm/ast: Fix DRAM init on AST2200 (git-fixes). - drm/atomic-helper: Update reference to drm_crtc_force_disable_all() (git-fixes). - drm/bridge: anx7625: Drop device lock before drm_helper_hpd_irq_event() (git-fixes). - drm/bridge: anx7625: Use common macros for DP power sequencing commands (git-fixes). - drm/bridge: anx7625: Use common macros for HDCP capabilities (git-fixes). - drm/bridge: fix -Wunused-const-variable= warning (git-fixes). - drm/bridge: tc358764: Fix debug print parameter order (git-fixes). - drm/etnaviv: fix dumping of active MMU context (git-fixes). - drm/gma500: Use drm_aperture_remove_conflicting_pci_framebuffers (git-fixes). - drm/i915/sdvo: fix panel_type initialization (git-fixes). - drm/i915: Fix premature release of request's reusable memory (git-fixes). - drm/mediatek: Fix dereference before null check (git-fixes). - drm/mediatek: Fix potential memory leak if vmap() fail (git-fixes). - drm/mediatek: Remove freeing not dynamic allocated memory (git-fixes). - drm/msm/a2xx: Call adreno_gpu_init() earlier (git-fixes). - drm/msm/dpu: fix the irq index in dpu_encoder_phys_wb_wait_for_commit_done (git-fixes). - drm/msm/mdp5: Do not leak some plane state (git-fixes). - drm/msm: Update dev core dump to not print backwards (git-fixes). - drm/mxsfb: Disable overlay plane in mxsfb_plane_overlay_atomic_disable() (git-fixes). - drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes (git-fixes). - drm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create (bsc#1214073). - drm/nouveau/gr: enable memory loads on helper invocation on all channels (git-fixes). - drm/nouveau/nvkm/dp: Add workaround to fix DP 1.3+ DPCD issues (git-fixes). - drm/panel: simple: Add missing connector type and pixel format for AUO T215HVN01 (git-fixes). - drm/panel: simple: Fix AUO G121EAN01 panel timings according to the docs (git-fixes). - drm/qxl: fix UAF on handle creation (git-fixes). - drm/radeon: Use RMW accessors for changing LNKCTL (git-fixes). - drm/repaper: Reduce temporary buffer size in repaper_fb_dirty() (git-fixes). - drm/rockchip: Do not spam logs in atomic check (git-fixes). - drm/shmem-helper: Reset vma->vm_ops before calling dma_buf_mmap() (git-fixes). - drm/stm: ltdc: fix late dereference check (git-fixes). - drm/tegra: dpaux: Fix incorrect return value of platform_get_irq (git-fixes). - drm/ttm: check null pointer before accessing when swapping (git-fixes). - drm/ttm: never consider pinned BOs for eviction&swap (git-fixes). - drm/vmwgfx: Fix shader stage validation (git-fixes). - drm: adv7511: Fix low refresh rate register for ADV7533/5 (git-fixes). - drm: rcar-du: remove R-Car H3 ES1.* workarounds (git-fixes). - drm: xlnx: zynqmp_dpsub: Add missing check for dma_set_mask (git-fixes). - dt-bindings: clock: xlnx,versal-clk: drop select:false (git-fixes). - dt-bindings: clocks: imx8mp: make sai4 a dummy clock (git-fixes). - dt-bindings: crypto: ti,sa2ul: make power-domains conditional (git-fixes). - e1000: Fix typos in comments (jsc#PED-5738). - e1000: Remove unnecessary use of kmap_atomic() (jsc#PED-5738). - e1000: switch to napi_build_skb() (jsc#PED-5738). - e1000: switch to napi_consume_skb() (jsc#PED-5738). - exfat: fix unexpected EOF while reading dir (bsc#1214000). - exfat: release s_lock before calling dir_emit() (bsc#1214000). - exfat_iterate(): do not open-code file_inode(file) (bsc#1214000). - fbdev/ep93xx-fb: Do not assign to struct fb_info.dev (git-fixes). - fbdev: Fix sys_imageblit() for arbitrary image widths (git-fixes). - fbdev: Improve performance of sys_imageblit() (git-fixes). - fbdev: Update fbdev source file paths (git-fixes). - fbdev: fix potential OOB read in fast_imageblit() (git-fixes). - fbdev: mmp: fix value check in mmphw_probe() (git-fixes). - file: reinstate f_pos locking optimization for regular files (bsc#1213759). - firmware: arm_scmi: Drop OF node reference in the transport channel setup (git-fixes). - firmware: cs_dsp: Fix new control name check (git-fixes). - firmware: meson_sm: fix to avoid potential NULL pointer dereference (git-fixes). - firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes). - fprobe: Release rethook after the ftrace_ops is unregistered (git-fixes). - fprobe: add unlock to match a succeeded ftrace_test_recursion_trylock (git-fixes). - fs/sysv: Null check to prevent null-ptr-deref bug (git-fixes). - fsi: aspeed: Reset master errors after CFAM reset (git-fixes). - fsi: master-ast-cf: Add MODULE_FIRMWARE macro (git-fixes). - ftrace: Fix possible warning on checking all pages used in ftrace_process_locs() (git-fixes). - gpio: mvebu: Make use of devm_pwmchip_add (git-fixes). - gpio: mvebu: fix irq domain leak (git-fixes). - gpio: tps68470: Make tps68470_gpio_output() always set the initial value (git-fixes). - hv_netvsc: Remove second mapping of send and recv buffers (bsc#1206453). - hwmon: (pmbus/bel-pfe) Enable PMBUS_SKIP_STATUS_CHECK for pfe1100 (git-fixes). - hwmon: (tmp513) Fix the channel number in tmp51x_is_visible() (git-fixes). - hwrng: iproc-rng200 - Implement suspend and resume calls (git-fixes). - hwrng: nomadik - keep clock enabled while hwrng is registered (git-fixes). - hwrng: pic32 - use devm_clk_get_enabled (git-fixes). - i2c: Delete error messages for failed memory allocations (git-fixes). - i2c: Improve size determinations (git-fixes). - i2c: bcm-iproc: Fix bcm_iproc_i2c_isr deadlock issue (git-fixes). - i2c: designware: Correct length byte validation logic (git-fixes). - i2c: designware: Handle invalid SMBus block data response length value (git-fixes). - i2c: hisi: Only handle the interrupt of the driver's transfer (git-fixes). - i2c: nomadik: Remove a useless call in the remove function (git-fixes). - i2c: nomadik: Remove unnecessary goto label (git-fixes). - i2c: nomadik: Use devm_clk_get_enabled() (git-fixes). - i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes). - iavf: fix potential races for FDIR filters (git-fixes). - ice: Fix RDMA VSI removal during queue rebuild (git-fixes). - ice: Fix crash by keep old cfg when update TCs more than queues (git-fixes). - ice: Fix max_rate check while configuring TX rate limits (git-fixes). - ice: Fix memory management in ice_ethtool_fdir.c (git-fixes). - iio: adc: ina2xx: avoid NULL pointer dereference on OF device match (git-fixes). - iio: adc: stx104: Implement and utilize register structures (git-fixes). - iio: adc: stx104: Utilize iomap interface (git-fixes). - iio: cros_ec: Fix the allocation size for cros_ec_command (git-fixes). - intel/e1000:fix repeated words in comments (jsc#PED-5738). - intel: remove unused macros (jsc#PED-5738). - iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423). - iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423). - iommu/amd: Add PCI segment support for ivrs_ commands (git-fixes). - iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423). - iommu/amd: Do not identity map v2 capable device when snp is enabled (git-fixes). - iommu/amd: Fix compile warning in init code (git-fixes). - iommu/amd: Fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (git-fixes). - iommu/amd: Fix ivrs_acpihid cmdline parsing code (git-fixes). - iommu/amd: Fix pci device refcount leak in ppr_notifier() (git-fixes). - iommu/amd: use full 64-bit value in build_completion_wait() (git-fixes). - iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT device to identity (git-fixes). - iommu/arm-smmu-v3: check return value after calling platform_get_resource() (git-fixes). - iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes). - iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (git-fixes). - iommu/dart: Initialize DART_STREAMS_ENABLE (git-fixes). - iommu/dma: Fix incorrect error return on iommu deferred attach (git-fixes). - iommu/dma: Fix iova map result check bug (git-fixes). - iommu/dma: return error code from iommu_dma_map_sg() (git-fixes). - iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe() (git-fixes). - iommu/io-pgtable-arm-v7s: Add a quirk to allow pgtable PA up to 35bit (git-fixes). - iommu/iova: Fix module config properly (git-fixes). - iommu/mediatek: Add error path for loop of mm_dts_parse (git-fixes). - iommu/mediatek: Add platform_device_put for recovering the device refcnt (git-fixes). - iommu/mediatek: Check return value after calling platform_get_resource() (git-fixes). - iommu/mediatek: Set dma_mask for PGTABLE_PA_35_EN (git-fixes). - iommu/mediatek: Use component_match_add (git-fixes). - iommu/mediatek: Validate number of phandles associated with 'mediatek,larbs' (git-fixes). - iommu/omap: Fix buffer overflow in debugfs (git-fixes). - iommu/rockchip: fix permission bits in page table entries v2 (git-fixes). - iommu/s390: Fix duplicate domain attachments (git-fixes). - iommu/sun50i: Consider all fault sources for reset (git-fixes). - iommu/sun50i: Fix R/W permission check (git-fixes). - iommu/sun50i: Fix flush size (git-fixes). - iommu/sun50i: Fix reset release (git-fixes). - iommu/sun50i: Implement .iotlb_sync_map (git-fixes). - iommu/sun50i: Remove IOMMU_DOMAIN_IDENTITY (git-fixes). - iommu/vt-d: Add RPLS to quirk list to skip TE disabling (git-fixes). - iommu/vt-d: Check correct capability for sagaw determination (git-fixes). - iommu/vt-d: Clean up si_domain in the init_dmars() error path (git-fixes). - iommu/vt-d: Correctly calculate sagaw value of IOMMU (git-fixes). - iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init() (git-fixes). - iommu/vt-d: Fix PCI device refcount leak in has_external_pci() (git-fixes). - iommu/vt-d: Fix kdump kernels boot failure with scalable mode (git-fixes). - iommu/vt-d: Preset Access bit for IOVA in FL non-leaf paging entries (git-fixes). - iommu/vt-d: Set SRE bit only when hardware has SRS cap (git-fixes). - ipmi:ssif: Add check for kstrdup (git-fixes). - ipmi:ssif: Fix a memory leak when scanning for an adapter (git-fixes). - ipmi_si: fix a memleak in try_smi_init() (git-fixes). - jffs2: correct logic when creating a hole in jffs2_write_begin (git-fixes). - kabi/severities: Ignore newly added SRSO mitigation functions - kabi: Allow extra bugsints (bsc#1213927). - kernel-binary: Common dependencies cleanup Common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there. - kernel-binary: Drop code for kerntypes support Kerntypes was a SUSE-specific feature dropped before SLE 12. - kunit: make kunit_test_timeout compatible with comment (git-fixes). - leds: Fix BUG_ON check for LED_COLOR_ID_MULTI that is always false (git-fixes). - leds: multicolor: Use rounded division when calculating color components (git-fixes). - leds: pwm: Fix error code in led_pwm_create_fwnode() (git-fixes). - leds: trigger: tty: Do not use LED_ON/OFF constants, use led_blink_set_oneshot instead (git-fixes). - leds: turris-omnia: Drop unnecessary mutex locking (git-fixes). - lib/test_meminit: allocate pages up to order MAX_ORDER (git-fixes). - lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test (git-fixes). - libbpf: Fix BTF-to-C converter's padding logic (bsc#1211220 jsc#PED-3924). - libbpf: Fix btf_dump's packed struct determination (bsc#1211220 jsc#PED-3924). - libbpf: Fix single-line struct definition output in btf_dump (bsc#1211220 jsc#PED-3924). - libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393). - md/raid0: Factor out helper for mapping and submitting a bio (bsc#1213916). - md/raid0: Fix performance regression for large sequential writes (bsc#1213916). - media: ad5820: Drop unsupported ad5823 from i2c_ and of_device_id tables (git-fixes). - media: cx24120: Add retval check for cx24120_message_send() (git-fixes). - media: dib7000p: Fix potential division by zero (git-fixes). - media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() (git-fixes). - media: go7007: Remove redundant if statement (git-fixes). - media: i2c: ccs: Check rules is non-NULL (git-fixes). - media: i2c: rdacm21: Fix uninitialized value (git-fixes). - media: i2c: tvp5150: check return value of devm_kasprintf() (git-fixes). - media: ov2680: Add ov2680_fill_format() helper function (git-fixes). - media: ov2680: Do not take the lock for try_fmt calls (git-fixes). - media: ov2680: Fix ov2680_bayer_order() (git-fixes). - media: ov2680: Fix ov2680_set_fmt() which == V4L2_SUBDEV_FORMAT_TRY not working (git-fixes). - media: ov2680: Fix regulators being left enabled on ov2680_power_on() errors (git-fixes). - media: ov2680: Fix vflip / hflip set functions (git-fixes). - media: ov2680: Remove VIDEO_V4L2_SUBDEV_API ifdef-s (git-fixes). - media: ov5640: Enable MIPI interface in ov5640_set_power_mipi() (git-fixes). - media: rkvdec: increase max supported height for H.264 (git-fixes). - media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link() (git-fixes). - media: v4l2-mem2mem: add lock to protect parameter num_rdy (git-fixes). - media: venus: hfi_venus: Only consider sys_idle_indicator on V1 (git-fixes). - media: venus: hfi_venus: Write to VIDC_CTRL_INIT after unmasking interrupts (git-fixes). - misc: rtsx: judge ASPM Mode to set PETXCFG Reg (git-fixes). - mkspec: Allow unsupported KMPs (bsc#1214386) - mlxsw: pci: Add shutdown method in PCI driver (git-fixes). - mmc: block: Fix in_flight[issue_type] value error (git-fixes). - mmc: moxart: read scr register without changing byte order (git-fixes). - mmc: wbsd: fix double mmc_free_host() in wbsd_init() (git-fixes). - module: avoid allocation if module is already present and ready (bsc#1213921). - module: extract patient module check into helper (bsc#1213921). - module: move check_modinfo() early to early_mod_check() (bsc#1213921). - module: move early sanity checks into a helper (bsc#1213921). - mtd: rawnand: brcmnand: Fix crash during the panic_write (git-fixes). - mtd: rawnand: brcmnand: Fix mtd oobsize (git-fixes). - mtd: rawnand: brcmnand: Fix potential false time out warning (git-fixes). - mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write (git-fixes). - mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op() (git-fixes). - mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() (git-fixes). - mtd: rawnand: omap_elm: Fix incorrect type in assignment (git-fixes). - mtd: rawnand: rockchip: Align hwecc vs. raw page helper layouts (git-fixes). - mtd: rawnand: rockchip: fix oobfree offset and description (git-fixes). - mtd: spi-nor: Check bus width while setting QE bit (git-fixes). - mtd: spinand: toshiba: Fix ecc_get_status (git-fixes). - n_tty: Rename tail to old_tail in n_tty_read() (git-fixes). - net: hns3: fix wrong bw weight of disabled tc issue (git-fixes). - net: ieee802154: at86rf230: Stop leaking skb's (git-fixes). - net: mana: Fix MANA VF unload when hardware is unresponsive (git-fixes). - net: phy: at803x: remove set/get wol callbacks for AR8032 (git-fixes). - net: phy: broadcom: stub c45 read/write for 54810 (git-fixes). - net: phy: fix IRQ-based wake-on-lan over hibernate / power off (git-fixes). - net: stmmac: tegra: Properly allocate clock bulk data (bsc#1213733) - net: usb: lan78xx: reorder cleanup operations to avoid UAF bugs (git-fixes). - net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb (git-fixes). - netfs: Fix lockdep warning from taking sb_writers whilst holding mmap_lock (bsc#1214742). - netfs: Fix missing xas_retry() calls in xarray iteration (bsc#1213946 bsc#1214404). - netfs: Fix missing xas_retry() calls in xarray iteration (bsc#1213946). - netfs: fix parameter of cleanup() (bsc#1214743). - nfsd: Remove incorrect check in nfsd4_validate_stateid (git-fixes). - nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse (git-fixes). - nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (git-fixes). - nvme-rdma: fix potential unbalanced freeze & unfreeze (bsc#1208902). - nvme-tcp: fix potential unbalanced freeze & unfreeze (bsc#1208902). - objtool/x86: Fix SRSO mess (git-fixes). - objtool/x86: Fixup frame-pointer vs rethunk (git-fixes). - objtool: Union instruction::{call_dest,jump_table} (git-fixes). - old-flavors: Drop 2.6 kernels. 2.6 based kernels are EOL, upgrading from them is no longer suported. - pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() (git-fixes). - phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write (git-fixes). - phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate (git-fixes). - phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 (git-fixes). - phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend (git-fixes). - phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes). - phy: qcom-snps: Use dev_err_probe() to simplify code (git-fixes). - phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc (git-fixes). - pinctrl: amd: Mask wake bits on probe again (git-fixes). - pinctrl: amd: Revert 'pinctrl: amd: disable and mask interrupts on probe' (git-fixes). - pinctrl: cherryview: fix address_space_handler() argument (git-fixes). - pinctrl: mcp23s08: check return value of devm_kasprintf() (git-fixes). - pinctrl: renesas: rza2: Add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function} (git-fixes). - platform/x86: dell-sysman: Fix reference leak (git-fixes). - powerpc/64e: Fix kexec build error (bsc#1212091 ltc#199106). - powerpc/iommu: Fix iommu_table_in_use for a small default DMA window case (bsc#1212091 ltc#199106). - powerpc/iommu: Incorrect DDW Table is referenced for SR-IOV device (bsc#1212091 ltc#199106). - powerpc/iommu: TCEs are incorrectly manipulated with DLPAR add/remove of memory (bsc#1212091 ltc#199106). - powerpc/iommu: do not set failed sg dma_address to DMA_MAPPING_ERROR (bsc#1212091 ltc#199106). - powerpc/iommu: return error code from .map_sg() ops (bsc#1212091 ltc#199106). - powerpc/kernel/iommu: Add new iommu_table_in_use() helper (bsc#1212091 ltc#199106). - powerpc/kexec: Fix build failure from uninitialised variable (bsc#1212091 ltc#199106). - powerpc/mm/altmap: Fix altmap boundary check (bsc#1120059 git-fixes). - powerpc/pseries/ddw: Do not try direct mapping with persistent memory and one window (bsc#1212091 ltc#199106). - powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Add ddw_list_new_entry() helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Add ddw_property_create() and refactor enable_ddw() (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Add iommu_pseries_alloc_table() helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Add of_node_put() before break (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Allow DDW windows starting at 0x00 (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Check if the default window in use before removing it (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Create huge DMA window if no MMIO32 is present (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Find existing DDW with given property name (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Make use of DDW for indirect mapping (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Print ibm,query-pe-dma-windows parameters (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Rename 'direct window' to 'dma window' (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Reorganize iommu_table_setparms*() with new helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Replace hard-coded page shift (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Update remove_dma_window() to accept property name (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Use correct vfree for it_map (bsc#1212091 ltc#199106). - powerpc/pseries: Add __init attribute to eligible functions (bsc#1212091 ltc#199106). - powerpc/pseries: Honour current SMT state when DLPAR onlining CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - powerpc/pseries: Initialise CPU hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - powerpc/rtas: block error injection when locked down (bsc#1023051). - powerpc/rtas: enture rtas_call is called with MMU enabled (bsc#1023051). - powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051). - powerpc/rtas_flash: allow user copy to flash block cache objects (bsc#1194869). - powerpc/security: Fix Speculation_Store_Bypass reporting on Power10 (bsc#1188885 ltc#193722 git-fixes). - powerpc: Add HOTPLUG_SMT support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). Update config files. - powerpc: Move DMA64_PROPNAME define to a header (bsc#1214297 ltc#197503). - powerpc: fix typos in comments (bsc#1212091 ltc#199106). - pseries/iommu/ddw: Fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503). - pstore/ram: Check start of empty przs during init (git-fixes). - pwm: Add a stub for devm_pwmchip_add() (git-fixes). - pwm: meson: Simplify duplicated per-channel tracking (git-fixes). - pwm: meson: fix handling of period/duty if greater than UINT_MAX (git-fixes). - qed: Fix scheduling in a tasklet while getting stats (git-fixes). - regmap: rbtree: Use alloc_flags for memory allocations (git-fixes). - ring-buffer: Do not swap cpu_buffer during resize process (git-fixes). - ring-buffer: Fix deadloop issue on reading trace_pipe (git-fixes). - ring-buffer: Fix wrong stat of cpu_buffer->read (git-fixes). - rpm/mkspec-dtb: support for nested subdirs - rpmsg: glink: Add check for kstrdup (git-fixes). - s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976). - s390/purgatory: disable branch profiling (git-fixes bsc#1214372). - s390/zcrypt: fix reply buffer calculations for CCA replies (bsc#1213949). - sched/fair: Fix inaccurate tally of ttwu_move_affine (git fixes). - sched/fair: Use recent_used_cpu to test p->cpus_ptr (git fixes). - sched/psi: use kernfs polling functions for PSI trigger polling (bsc#1209799). - scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes). - scsi: 53c700: Check that command slot is not NULL (git-fixes). - scsi: RDMA/srp: Fix residual handling (git-fixes) - scsi: bsg: Increase number of devices (bsc#1210048). - scsi: core: Do not wait for quiesce in scsi_device_block() (bsc#1209284). - scsi: core: Do not wait for quiesce in scsi_stop_queue() (bsc#1209284). - scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes). - scsi: core: Fix possible memory leak if device_add() fails (git-fixes). - scsi: core: Improve warning message in scsi_device_block() (bsc#1209284). - scsi: core: Merge scsi_internal_device_block() and device_block() (bsc#1209284). - scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes). - scsi: qedf: Fix NULL dereference in error handling (git-fixes). - scsi: qedf: Fix firmware halt over suspend and resume (git-fixes). - scsi: qedi: Fix firmware halt over suspend and resume (git-fixes). - scsi: scsi_debug: Remove dead code (git-fixes). - scsi: sg: Increase number of devices (bsc#1210048). - scsi: snic: Fix double free in snic_tgt_create() (git-fixes). - scsi: snic: Fix possible memory leak if device_add() fails (git-fixes). - scsi: storvsc: Always set no_report_opcodes (git-fixes). - scsi: storvsc: Fix handling of virtual Fibre Channel timeouts (git-fixes). - scsi: storvsc: Handle SRB status value 0x30 (git-fixes). - scsi: storvsc: Limit max_sectors for virtual Fibre Channel devices (git-fixes). - scsi: zfcp: Defer fc_rport blocking until after ADISC response (git-fixes bsc#1214371). - selftests/bpf: Test btf dump for struct with padding only fields (bsc#1211220 jsc#PED-3924). - selftests/futex: Order calls to futex_lock_pi (git-fixes). - selftests/harness: Actually report SKIP for signal tests (git-fixes). - selftests/resctrl: Close perf value read fd on errors (git-fixes). - selftests/resctrl: Do not leak buffer in fill_cache() (git-fixes). - selftests/resctrl: Unmount resctrl FS if child fails to run benchmark (git-fixes). - selftests/rseq: check if libc rseq support is registered (git-fixes). - selftests: forwarding: Add a helper to skip test when using veth pairs (git-fixes). - selftests: forwarding: Skip test when no interfaces are specified (git-fixes). - selftests: forwarding: Switch off timeout (git-fixes). - selftests: forwarding: ethtool: Skip when using veth pairs (git-fixes). - selftests: forwarding: ethtool_extended_state: Skip when using veth pairs (git-fixes). - selftests: forwarding: tc_actions: Use ncat instead of nc (git-fixes). - selftests: forwarding: tc_actions: cleanup temporary files when test is aborted (git-fixes). - selftests: forwarding: tc_flower: Relax success criterion (git-fixes). - selftests: mirror_gre_changes: Tighten up the TTL test match (git-fixes). - serial: sc16is7xx: fix broken port 0 uart init (git-fixes). - serial: sc16is7xx: fix bug when first setting GPIO direction (git-fixes). - serial: sprd: Assign sprd_port after initialized to avoid wrong access (git-fixes). - serial: sprd: Fix DMA buffer leak issue (git-fixes). - serial: tegra: handle clk prepare error in tegra_uart_hw_init() (git-fixes). - sfc: fix crash when reading stats while NIC is resetting (git-fixes). - smb3: do not set NTLMSSP_VERSION flag for negotiate not auth request (bsc#1193629). - smb: client: Fix -Wstringop-overflow issues (bsc#1193629). - smb: client: fix dfs link mount against w2k8 (bsc#1212142). - smb: client: fix null auth (git-fixes). - soc: aspeed: socinfo: Add kfree for kstrdup (git-fixes). - soundwire: bus: pm_runtime_request_resume on peripheral attachment (git-fixes). - soundwire: fix enumeration completion (git-fixes). - spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (git-fixes). - supported.conf: fix typos for -!optional markers - swiotlb: Remove bounce buffer remapping for Hyper-V (bsc#1206453). - target: compare and write backend driver sense handling (bsc#1177719 bsc#1213026). - target_core_rbd: fix leak and reduce kmalloc calls (bsc#1212873). - target_core_rbd: fix rbd_img_request.snap_id assignment (bsc#1212857). - target_core_rbd: remove snapshot existence validation code (bsc#1212857). - thunderbolt: Read retimer NVM authentication status prior tb_retimer_set_inbound_sbtx() (git-fixes). - timers: Add shutdown mechanism to the internal functions (bsc#1213970). - timers: Provide timer_shutdown[_sync]() (bsc#1213970). - timers: Rename del_timer() to timer_delete() (bsc#1213970). - timers: Rename del_timer_sync() to timer_delete_sync() (bsc#1213970). - timers: Replace BUG_ON()s (bsc#1213970). - timers: Silently ignore timers with a NULL function (bsc#1213970). - timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970). - timers: Update kernel-doc for various functions (bsc#1213970). - timers: Use del_timer_sync() even on UP (bsc#1213970). - tracing/histograms: Add histograms to hist_vars if they have referenced variables (git-fixes). - tracing/histograms: Return an error if we fail to add histogram to hist_vars list (git-fixes). - tracing/probes: Fix not to count error code to total length (git-fixes). - tracing/probes: Fix to avoid double count of the string length on the array (git-fixes). - tracing/probes: Fix to record 0-length data_loc in fetch_store_string*() if fails (git-fixes). - tracing/probes: Fix to update dynamic data counter if fetcharg uses it (git-fixes). - tracing: Fix cpu buffers unavailable due to 'record_disabled' missed (git-fixes). - tracing: Fix memleak due to race between current_tracer and trace (git-fixes). - tracing: Fix memory leak of iter->temp when reading trace_pipe (git-fixes). - tracing: Fix null pointer dereference in tracing_err_log_open() (git-fixes). - tracing: Fix warning in trace_buffered_event_disable() (git-fixes). - tty: fix hang on tty device with no_room set (git-fixes). - tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux (git-fixes). - tty: serial: fsl_lpuart: Add i.MXRT1050 support (git-fixes). - tty: serial: fsl_lpuart: Clear the error flags by writing 1 for lpuart32 platforms (git-fixes). - tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms (git-fixes). - tty: serial: fsl_lpuart: reduce RX watermark to 0 on LS1028A (git-fixes). - ubifs: Fix memleak when insert_old_idx() failed (git-fixes). - usb-storage: alauda: Fix uninit-value in alauda_check_media() (git-fixes). - usb: chipidea: imx: add missing USB PHY DPDM wakeup setting (git-fixes). - usb: chipidea: imx: do not request QoS for imx8ulp (git-fixes). - usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 (git-fixes). - usb: common: usb-conn-gpio: Prevent bailing out if initial role is none (git-fixes). - usb: dwc3: Fix typos in gadget.c (git-fixes). - usb: dwc3: Properly handle processing of pending events (git-fixes). - usb: dwc3: meson-g12a: do post init to fix broken usb after resumption (git-fixes). - usb: gadget: Fix the memory leak in raw_gadget driver (git-fixes). - usb: gadget: f_mass_storage: Fix unused variable warning (git-fixes). - usb: gadget: u_serial: Avoid spinlock recursion in __gs_console_push (git-fixes). - usb: ohci-at91: Fix the unhandle interrupt when resume (git-fixes). - usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (git-fixes). - usb: quirks: add quirk for Focusrite Scarlett (git-fixes). - usb: serial: option: add Quectel EC200A module support (git-fixes). - usb: serial: option: support Quectel EM060K_128 (git-fixes). - usb: serial: simple: add Kaufmann RKS+CAN VCP (git-fixes). - usb: serial: simple: sort driver entries (git-fixes). - usb: typec: altmodes/displayport: Signal hpd when configuring pin assignment (git-fixes). - usb: typec: tcpm: Fix response to vsafe0V event (git-fixes). - usb: typec: tcpm: set initial svdm version based on pd revision (git-fixes). - usb: zaurus: Add ID for A-300/B-500/C-700 (git-fixes). - watchdog: sp5100_tco: support Hygon FCH/SCH (Server Controller Hub) (git-fixes). - wifi: ath10k: Use RMW accessors for changing LNKCTL (git-fixes). - wifi: ath11k: Use RMW accessors for changing LNKCTL (git-fixes). - wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx (git-fixes). - wifi: ath9k: protect WMI command response buffer replacement with a lock (git-fixes). - wifi: ath9k: use IS_ERR() with debugfs_create_dir() (git-fixes). - wifi: cfg80211: Fix return value in scan logic (git-fixes). - wifi: cfg80211: fix sband iftype data lookup for AP_VLAN (git-fixes). - wifi: mt76: mt7615: do not advertise 5 GHz on first phy of MT7615D (DBDC) (git-fixes). - wifi: mt76: mt7915: fix power-limits while chan_switch (git-fixes). - wifi: mt76: mt7921: do not support one stream on secondary antenna only (git-fixes). - wifi: mt76: mt7921: fix non-PSC channel scan fail (git-fixes). - wifi: mt76: testmode: add nla_policy for MT76_TM_ATTR_TX_LENGTH (git-fixes). - wifi: mwifiex: Fix OOB and integer underflow when rx packets (git-fixes). - wifi: mwifiex: Fix missed return in oob checks failed path (git-fixes). - wifi: mwifiex: avoid possible NULL skb pointer dereference (git-fixes). - wifi: mwifiex: fix error recovery in PCIE buffer descriptor management (git-fixes). - wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (git-fixes). - wifi: nl80211/cfg80211: add forgotten nla_policy for BSS color attribute (git-fixes). - wifi: radiotap: fix kernel-doc notation warnings (git-fixes). - wifi: rtw89: debug: Fix error handling in rtw89_debug_priv_btc_manual_set() (git-fixes). - x86/CPU/AMD: Disable XSAVES on AMD family 0x17 (git-fixes). - x86/alternative: Make custom return thunk unconditional (git-fixes). - x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes). - x86/cpu: Clean up SRSO return thunk mess (git-fixes). - x86/cpu: Cleanup the untrain mess (git-fixes). - x86/cpu: Fix __x86_return_thunk symbol type (git-fixes). - x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (git-fixes). - x86/cpu: Rename original retbleed methods (git-fixes). - x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (git-fixes). - x86/hyperv: Add an interface to do nested hypercalls (bsc#1206453). - x86/hyperv: Add support for detecting nested hypervisor (bsc#1206453). - x86/hyperv: Change vTOM handling to use standard coco mechanisms (bsc#1206453). - x86/hyperv: Remove BUG_ON() for kmap_local_page() (bsc#1206453). - x86/hyperv: Reorder code to facilitate future work (bsc#1206453). - x86/hyperv: Replace kmap() with kmap_local_page() (bsc#1206453). - x86/ioremap: Add hypervisor callback for private MMIO mapping in coco (bsc#1206453). - x86/mce: Make sure logged MCEs are processed after sysfs update (git-fixes). - x86/mm: Handle decryption/re-encryption of bss_decrypted consistently (bsc#1206453). - x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (git-fixes). - x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (git-fixes). - x86/retpoline: Do not clobber RFLAGS during srso_safe_ret() (git-fixes). - x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635). - x86/speculation: Add cpu_show_gds() prototype (git-fixes). - x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes). - x86/srso: Correct the mitigation status when SMT is disabled (git-fixes). - x86/srso: Disable the mitigation on unaffected configurations (git-fixes). - x86/srso: Explain the untraining sequences a bit more (git-fixes). - x86/srso: Fix build breakage with the LLVM linker (git-fixes). - x86/srso: Fix return thunks in generated code (git-fixes). - x86/static_call: Fix __static_call_fixup() (git-fixes). - x86/tdx: Add more registers to struct tdx_hypercall_args (bsc#1206453). - x86/tdx: Do not corrupt frame-pointer in __tdx_hypercall() (bsc#1206453). - x86/tdx: Expand __tdx_hypercall() to handle more arguments (bsc#1206453). - x86/tdx: Fix typo in comment in __tdx_hypercall() (bsc#1206453). - x86/tdx: Refactor __tdx_hypercall() to allow pass down more arguments (bsc#1206453). - xfs: fix sb write verify for lazysbcount (bsc#1214661). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3973-1 Released: Thu Oct 5 10:14:49 2023 Summary: Recommended update for zypper Type: recommended Severity: moderate References: 1213854,1214292,1214395,1215007 This update for zypper fixes the following issues: - Fix name of the bash completion script (bsc#1215007) - Update notes about failing signature checks (bsc#1214395) - Improve the SIGINT handler to be signal safe (bsc#1214292) - Update to version 1.14.64 - Changed location of bash completion script (bsc#1213854). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3978-1 Released: Thu Oct 5 11:45:05 2023 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1157881,1200710,1209859,1212594 This update for nfs-utils fixes the following issues: - SLE15-SP5 and earlier don't use /usr/lib/modprobe.d (bsc#1200710) - Avoid unhelpful warnings (bsc#1157881) - Fix rpc.nfsd man pages (bsc#1209859) - Cope better with duplicate entries in /etc/exports (bsc#1212594) - Allow scope to be set in sysconfig: NFSD_SCOPE ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3985-1 Released: Thu Oct 5 14:05:51 2023 Summary: Recommended update for suse-module-tools Type: recommended Severity: important References: 1201066,1212957,1213428,1213822 This update for suse-module-tools fixes the following issues: - Update to version 15.5.2: * rpm-script: update bootloader after creating initramfs (bsc#1213822) * rpm-script: generate initrd when INITRD_IN_POSTTRANS is set (bsc#1212957) * cert-script: skip cert handling if efivarfs is not writable (bsc#1213428, bsc#1201066) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4003-1 Released: Mon Oct 9 08:29:33 2023 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1215596 This update for apparmor fixes the following issues: - Handle pam-config errors in pam_apparmor %post and %postun scripts (bsc#1215596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4046-1 Released: Wed Oct 11 09:26:03 2023 Summary: Security update for samba Type: security Severity: important References: 1215904,1215905,1215906,1215907,1215908,CVE-2023-3961,CVE-2023-4091,CVE-2023-4154,CVE-2023-42669,CVE-2023-42670 This update for samba fixes the following issues: - CVE-2023-4091: Fixed a bug where a client can truncate file with read-only permissions. (bsc#1215904) - CVE-2023-42669: Fixed a bug in 'rpcecho' development server which allows Denial of Service via sleep() call on AD DC. (bsc#1215905) - CVE-2023-42670: Fixed the procedure number which was out of range when starting Active Directory Users and Computers. (bsc#1215906) - CVE-2023-3961: Fixed an unsanitized client pipe name passed to local_np_connect(). (bsc#1215907) - CVE-2023-4154: Fixed a bug in dirsync which allows SYSTEM access with only 'GUID_DRS_GET_CHANGES' right. (bsc#1215908) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4054-1 Released: Thu Oct 12 09:49:39 2023 Summary: Security update for xen Type: security Severity: important References: 1215744,1215746,1215747,1215748,CVE-2023-34323,CVE-2023-34325,CVE-2023-34326,CVE-2023-34327,CVE-2023-34328 This update for xen fixes the following issues: - CVE-2023-34323: A transaction conflict can crash C Xenstored (XSA-440, bsc#1215744) - CVE-2023-34326: Missing IOMMU TLB flushing (XSA-442, bsc#1215746) - CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling (XSA-443, bsc#1215747) - CVE-2023-34327: Debug Mask handling (XSA-444, bsc#1215748) - CVE-2023-34328: Debug Mask handling (XSA-444, bsc#1215748) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4071-1 Released: Fri Oct 13 10:29:55 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1152472,1202845,1206453,1213808,1214928,1214942,1214943,1214944,1214950,1214951,1214954,1214957,1214986,1214988,1214992,1214993,1215322,1215877,1215894,1215895,1215896,1215911,1215915,1215916,CVE-2023-1192,CVE-2023-1206,CVE-2023-1859,CVE-2023-2177,CVE-2023-39192,CVE-2023-39193,CVE-2023-39194,CVE-2023-4155,CVE-2023-42753,CVE-2023-42754,CVE-2023-4389,CVE-2023-4622,CVE-2023-4623,CVE-2023-4881,CVE-2023-4921,CVE-2023-5345 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-39194: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215861) - CVE-2023-39193: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215860) - CVE-2023-39192: Fixed a flaw in the u32_match_it function which could allow a local attackers to disclose sensitive information. (bsc#1215858) - CVE-2023-42754: Fixed a null pointer dereference in ipv4_link_failure which could lead an authenticated attacker to trigger a DoS. (bsc#1215467) - CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215899) - CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages. (bsc#1214022) - CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351). - CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150). - CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703). - CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275). - CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117). - CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). - CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169). - CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). - CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system (bsc#1210643). - CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995). The following non-security bugs were fixed: - ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs (git-fixes). - ALSA: hda/realtek: Splitting the UX3402 into two separate models (git-fixes). - ARM: pxa: remove use of symbol_get() (git-fixes). - arm64: csum: Fix OoB access in IP checksum code for negative lengths (git-fixes). - arm64: module-plts: inline linux/moduleloader.h (git-fixes) - arm64: module: Use module_init_layout_section() to spot init sections (git-fixes) - arm64: sdei: abort running SDEI handlers during crash (git-fixes) - arm64: tegra: Update AHUB clock parent and rate (git-fixes) - arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git-fixes) - arm64/hyperv: Use CPUHP_AP_HYPERV_ONLINE state to fix CPU online sequencing (bsc#1206453). - ASoC: amd: yc: Fix non-functional mic on Lenovo 82QF and 82UG (git-fixes). - ASoC: hdaudio.c: Add missing check for devm_kstrdup (git-fixes). - ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes). - ASoC: meson: spdifin: start hw on dai probe (git-fixes). - ASoC: rt5640: Fix IRQ not being free-ed for HDA jack detect mode (git-fixes). - ASoC: rt5640: Fix sleep in atomic context (git-fixes). - ASoC: rt5640: Revert 'Fix sleep in atomic context' (git-fixes). - ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes). - ASoC: SOF: core: Only call sof_ops_free() on remove if the probe was successful (git-fixes). - ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes). - ata: libata: disallow dev-initiated LPM transitions to unsupported states (git-fixes). - ata: pata_falcon: fix IO base selection for Q40 (git-fixes). - ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes). - ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes). - backlight: gpio_backlight: Drop output GPIO direction check for initial power state (git-fixes). - blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986). - blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992). - block/mq-deadline: use correct way to throttling write requests (bsc#1214993). - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (git-fixes). - bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322). - bpf: Clear the probe_addr for uprobe (git-fixes). - btrfs: do not hold CPU for too long when defragging a file (bsc#1214988). - clocksource: hyper-v: Mark hyperv tsc page unencrypted in sev-snp enlightened guest (bsc#1206453). - drivers: hv: Mark percpu hvcall input arg page unencrypted in SEV-SNP enlightened guest (bsc#1206453). - Drivers: hv: vmbus: Bring the post_msg_page back for TDX VMs with the paravisor (bsc#1206453). - Drivers: hv: vmbus: Support >64 VPs for a fully enlightened TDX/SNP VM (bsc#1206453). - Drivers: hv: vmbus: Support fully enlightened TDX guests (bsc#1206453). - drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (git-fixes). - drm/amd/display: Add smu write msg id fail retry process (git-fixes). - drm/amd/display: enable cursor degamma for DCN3+ DRM legacy gamma (git-fixes). - drm/amd/display: fix the white screen issue when >= 64GB DRAM (git-fixes). - drm/amd/display: prevent potential division by zero errors (git-fixes). - drm/amd/display: register edp_backlight_control() for DCN301 (git-fixes). - drm/amd/display: Remove wait while locked (git-fixes). - drm/ast: Add BMC virtual connector (bsc#1152472) Backporting changes: * rename ast_device to ast_private - drm/ast: report connection status on Display Port. (bsc#1152472) Backporting changes: * rename ast_device to ast_private * context changes - drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808). - drm/i915: mark requests for GuC virtual engines to avoid use-after-free (git-fixes). - drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (git-fixes). - drm/i915/gvt: Put the page reference obtained by KVM's gfn_to_pfn() (git-fixes). - drm/i915/gvt: Verify pfn is 'valid' before dereferencing 'struct page' (git-fixes). - drm/meson: fix memory leak on ->hpd_notify callback (git-fixes). - drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes). - drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes). - ext4: avoid potential data overflow in next_linear_group (bsc#1214951). - ext4: correct inline offset when handling xattrs in inode body (bsc#1214950). - ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954). - ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943). - ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944). - ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942). - ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941). - ext4: Remove ext4 locking of moved directory (bsc#1214957). - ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940). - fs: do not update freeing inode i_io_list (bsc#1214813). - fs: Establish locking order for unrelated directories (bsc#1214958). - fs: Lock moved directories (bsc#1214959). - fs: lockd: avoid possible wrong NULL parameter (git-fixes). - fs: no need to check source (bsc#1215752). - fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE (bsc#1214813). - fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581). - gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479). - gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479). - gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479). - gve: Changes to add new TX queues (bsc#1214479). - gve: Control path for DQO-QPL (bsc#1214479). - gve: fix frag_list chaining (bsc#1214479). - gve: Fix gve interrupt names (bsc#1214479). - gve: RX path for DQO-QPL (bsc#1214479). - gve: trivial spell fix Recive to Receive (bsc#1214479). - gve: Tx path for DQO-QPL (bsc#1214479). - gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479). - gve: use vmalloc_array and vcalloc (bsc#1214479). - gve: XDP support GQI-QPL: helper function changes (bsc#1214479). - hwrng: virtio - add an internal buffer (git-fixes). - hwrng: virtio - always add a pending request (git-fixes). - hwrng: virtio - do not wait on cleanup (git-fixes). - hwrng: virtio - do not waste entropy (git-fixes). - hwrng: virtio - Fix race on data_avail and actual data (git-fixes). - i2c: aspeed: Reset the i2c controller when timeout occurs (git-fixes). - i3c: master: svc: fix probe failure when no i3c device exist (git-fixes). - i915/pmu: Move execlist stats initialization to execlist specific setup (git-fixes). - idr: fix param name in idr_alloc_cyclic() doc (git-fixes). - Input: tca6416-keypad - fix interrupt enable disbalance (git-fixes). - iommu/virtio: Detach domain on endpoint release (git-fixes). - iommu/virtio: Return size mapped for a detached domain (git-fixes). - jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953). - jbd2: correct the end of the journal recovery scan range (bsc#1214955). - jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949). - jbd2: fix checkpoint cleanup performance regression (bsc#1214952). - jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948). - jbd2: recheck chechpointing non-dirty buffer (bsc#1214945). - jbd2: remove journal_clean_one_cp_list() (bsc#1214947). - jbd2: remove t_checkpoint_io_list (bsc#1214946). - jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946). - kabi: hide changes in enum ipl_type and struct sclp_info (jsc#PED-2023 jsc#PED-2025). - kabi/severities: ignore mlx4 internal symbols - kconfig: fix possible buffer overflow (git-fixes). - kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template. - kernel-binary: python3 is needed for build At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar scripts may exist. - kselftest/runner.sh: Propagate SIGTERM to runner child (git-fixes). - KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915). - KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896). - KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916). - KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894). - KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895). - KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911). - KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-fixes). - KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes). - KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes). - KVM: x86/mmu: Include mmu.h in spte.h (git-fixes). - loop: Fix use-after-free issues (bsc#1214991). - loop: loop_set_status_from_info() check before assignment (bsc#1214990). - mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (bsc#1187236). - mlx4: Connect the ethernet part to the auxiliary bus (bsc#1187236). - mlx4: Connect the infiniband part to the auxiliary bus (bsc#1187236). - mlx4: Delete custom device management logic (bsc#1187236). - mlx4: Get rid of the mlx4_interface.activate callback (bsc#1187236). - mlx4: Get rid of the mlx4_interface.get_dev callback (bsc#1187236). - mlx4: Move the bond work to the core driver (bsc#1187236). - mlx4: Register mlx4 devices to an auxiliary virtual bus (bsc#1187236). - mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236). - mlx4: Replace the mlx4_interface.event callback with a notifier (bsc#1187236). - mlx4: Use 'void *' as the event param of mlx4_dispatch_event() (bsc#1187236). - module: Expose module_init_layout_section() (git-fixes) - net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes). - net: mana: Add page pool for RX buffers (bsc#1214040). - net: mana: Configure hwc timeout from hardware (bsc#1214037). - net: phy: micrel: Correct bit assignments for phy_device flags (git-fixes). - net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes). - net/mlx4: Remove many unnecessary NULL values (bsc#1187236). - NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git-fixes). - NFS/blocklayout: Use the passed in gfp flags (git-fixes). - NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes). - NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes). - NFSD: fix change_info in NFSv4 RENAME replies (git-fixes). - NFSD: Fix race to FREE_STATEID and cl_revoked (git-fixes). - NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes). - NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes). - NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes). - NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes). - NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes). - ntb: Clean up tx tail index on link down (git-fixes). - ntb: Drop packets when qp link is down (git-fixes). - ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes). - nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543). - nvme-tcp: add recovery_delay to sysfs (bsc#1201284). - nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284). - nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284). - nvme-tcp: make 'err_work' a delayed work (bsc#1201284). - PCI: Free released resource after coalescing (git-fixes). - platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (git-fixes). - platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (git-fixes). - platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes). - platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors (git-fixes). - platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git-fixes). - platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes). - platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes). - platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes). - pNFS: Fix assignment of xprtdata.cred (git-fixes). - powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582). - powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729). - powerpc/xics: Remove unnecessary endian conversion (bsc#1065729). - printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875). - pwm: lpc32xx: Remove handling of PWM channels (git-fixes). - quota: add new helper dquot_active() (bsc#1214998). - quota: factor out dquot_write_dquot() (bsc#1214995). - quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963). - quota: fix warning in dqgrab() (bsc#1214962). - quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961). - quota: rename dquot_active() to inode_quota_active() (bsc#1214997). - RDMA/siw: Fabricate a GID on tun and loopback devices (git-fixes) - s390/dasd: fix command reject error on ESE devices (LTC#203630 bsc#1215123 git-fixes). - s390/dasd: fix hanging device after request requeue (git-fixes LTC#203629 bsc#1215124). - s390/ipl: add DEFINE_GENERIC_LOADPARM() (jsc#PED-2023). - s390/ipl: add eckd dump support (jsc#PED-2025). - s390/ipl: add eckd support (jsc#PED-2023). - s390/ipl: add loadparm parameter to eckd ipl/reipl data (jsc#PED-2023). - s390/ipl: use octal values instead of S_* macros (jsc#PED-2023). - s390/qeth: Do not call dev_close/dev_open (DOWN/UP) (bsc#1214873 git-fixes). - s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215148). - scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes). - scsi: 53c700: Check that command slot is not NULL (git-fixes). - scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes). - scsi: core: Fix possible memory leak if device_add() fails (git-fixes). - scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes). - scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE (git-fixes). - scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes). - scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes). - scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (git-fixes). - scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes). - scsi: lpfc: Remove reftag check in DIF paths (git-fixes). - scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658). - scsi: qedf: Fix firmware halt over suspend and resume (git-fixes). - scsi: qedf: Fix NULL dereference in error handling (git-fixes). - scsi: qedi: Fix firmware halt over suspend and resume (git-fixes). - scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928). - scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928). - scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928). - scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928). - scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes). - scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928). - scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928). - scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928). - scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928). - scsi: qla2xxx: Remove unused declarations (bsc#1214928). - scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928). - scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928). - scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes). - scsi: scsi_debug: Remove dead code (git-fixes). - scsi: snic: Fix double free in snic_tgt_create() (git-fixes). - scsi: snic: Fix possible memory leak if device_add() fails (git-fixes). - scsi: storvsc: Handle additional SRB status values (git-fixes). - scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941). - selftests: mlxsw: Fix test failure on Spectrum-4 (jsc#PED-1549). - selftests: tracing: Fix to unmount tracefs for recovering environment (git-fixes). - spi: Add TPM HW flow flag (bsc#1213534) - spi: tegra210-quad: Enable TPM wait polling (bsc#1213534) - spi: tegra210-quad: set half duplex flag (bsc#1213534) - SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes). - tcpm: Avoid soft reset when partner does not support get_status (git-fixes). - tpm_tis_spi: Add hardware wait polling (bsc#1213534) - tracing: Fix race issue between cpu buffer write and swap (git-fixes). - tracing: Remove extra space at the end of hwlat_detector/mode (git-fixes). - tracing: Remove unnecessary copying of tr->current_trace (git-fixes). - uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes). - udf: Fix extension of the last extent in the file (bsc#1214964). - udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965). - udf: Fix off-by-one error when discarding preallocation (bsc#1214966). - udf: Fix uninitialized array access for some pathnames (bsc#1214967). - Update metadata - uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes). - usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes). - usb: ehci: move new member has_ci_pec_bug into hole (git-fixes). - usb: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes). - usb: serial: option: add Quectel EM05G variant (0x030e) (git-fixes). - usb: typec: tcpci: clear the fault status bit (git-fixes). - usb: typec: tcpci: move tcpci.h to include/linux/usb/ (git-fixes). - vhost_vdpa: fix the crash in unmap a large memory (git-fixes). - vhost-scsi: unbreak any layout for response (git-fixes). - vhost: allow batching hint without size (git-fixes). - vhost: allow batching hint without size (git-fixes). - vhost: fix hung thread due to erroneous iotlb entries (git-fixes). - vhost: handle error while adding split ranges to iotlb (git-fixes). - virtio_net: add checking sq is full inside xdp xmit (git-fixes). - virtio_net: Fix probe failed when modprobe virtio_net (git-fixes). - virtio_net: reorder some funcs (git-fixes). - virtio_net: separate the logic of checking whether sq is full (git-fixes). - virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes). - virtio-blk: set req->state to MQ_RQ_COMPLETE after polling I/O is finished (git-fixes). - virtio-mmio: do not break lifecycle of vm_dev (git-fixes). - virtio-net: fix race between set queues and probe (git-fixes). - virtio-net: set queues after driver_ok (git-fixes). - virtio-rng: make device ready before making request (git-fixes). - virtio: acknowledge all features before access (git-fixes). - vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582). - watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (git-fixes). - word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729). - x86/alternative: Fix race in try_get_desc() (git-fixes). - x86/boot/e820: Fix typo in e820.c comment (git-fixes). - x86/bugs: Reset speculation control settings on init (git-fixes). - x86/coco: Allow CPU online/offline for a TDX VM with the paravisor on Hyper-V (bsc#1206453). - x86/coco: Export cc_vendor (bsc#1206453). - x86/cpu: Add Lunar Lake M (git-fixes). - x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes). - x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git-fixes). - x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git-fixes). - x86/hyperv: Add hv_isolation_type_tdx() to detect TDX guests (bsc#1206453). - x86/hyperv: Add hv_write_efer() for a TDX VM with the paravisor (bsc#1206453). - x86/hyperv: Add hyperv-specific handling for VMMCALL under SEV-ES (bsc#1206453). - x86/hyperv: Add missing 'inline' to hv_snp_boot_ap() stub (bsc#1206453). - x86/hyperv: Add sev-snp enlightened guest static key (bsc#1206453) - x86/hyperv: Add smp support for SEV-SNP guest (bsc#1206453). - x86/hyperv: Add VTL specific structs and hypercalls (bsc#1206453). - x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline (bsc#1206453). - x86/hyperv: Fix serial console interrupts for fully enlightened TDX guests (bsc#1206453). - x86/hyperv: Fix undefined reference to isolation_type_en_snp without CONFIG_HYPERV (bsc#1206453). - x86/hyperv: Introduce a global variable hyperv_paravisor_present (bsc#1206453). - x86/hyperv: Mark hv_ghcb_terminate() as noreturn (bsc#1206453). - x86/hyperv: Mark Hyper-V vp assist page unencrypted in SEV-SNP enlightened guest (bsc#1206453). - x86/hyperv: Move the code in ivm.c around to avoid unnecessary ifdef's (bsc#1206453). - x86/hyperv: Remove hv_isolation_type_en_snp (bsc#1206453). - x86/hyperv: Set Virtual Trust Level in VMBus init message (bsc#1206453). - x86/hyperv: Support hypercalls for fully enlightened TDX guests (bsc#1206453). - x86/hyperv: Use TDX GHCI to access some MSRs in a TDX VM with the paravisor (bsc#1206453). - x86/hyperv: Use vmmcall to implement Hyper-V hypercall in sev-snp enlightened guest (bsc#1206453). - x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes). - x86/ioapic: Do not return 0 from arch_dynirq_lower_bound() (git-fixes). - x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes). - x86/mce: Retrieve poison range from hardware (git-fixes). - x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes). - x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes). - x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes). - x86/purgatory: remove PGO flags (git-fixes). - x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git-fixes). - x86/reboot: Disable virtualization in an emergency if SVM is supported (git-fixes). - x86/resctl: fix scheduler confusion with 'current' (git-fixes). - x86/resctrl: Fix task CLOSID/RMID update race (git-fixes). - x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes). - x86/rtc: Remove __init for runtime functions (git-fixes). - x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635). - x86/sgx: Reduce delay and interference of enclave release (git-fixes). - x86/srso: Do not probe microcode in a guest (git-fixes). - x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes). - x86/srso: Fix srso_show_state() side effect (git-fixes). - x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes). - x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes). - xen: remove a confusing comment on auto-translated guest I/O (git-fixes). - xprtrdma: Remap Receive buffers after a reconnect (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) The following package changes have been done: - apparmor-abstractions-3.0.4-150500.11.9.1 updated - apparmor-parser-3.0.4-150500.11.9.1 updated - bind-utils-9.16.44-150500.8.12.2 updated - containerd-ctr-1.6.21-150000.95.1 updated - containerd-1.6.21-150000.95.1 updated - curl-8.0.1-150400.5.32.1 updated - dracut-055+suse.371.g5237e44a-150500.3.12.1 updated - glibc-locale-base-2.31-150300.58.1 updated - glibc-locale-2.31-150300.58.1 updated - glibc-2.31-150300.58.1 updated - kernel-default-5.14.21-150500.55.31.1 updated - libapparmor1-3.0.4-150500.11.9.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - libeconf0-0.5.2-150400.3.6.1 updated - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libhidapi-hidraw0-0.10.1-150300.3.2.1 updated - libnghttp2-14-1.40.0-150200.9.1 updated - libpython3_6m1_0-3.6.15-150300.10.51.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - libxml2-2-2.10.3-150500.5.8.1 updated - login_defs-4.8.1-150400.10.12.1 updated - nfs-client-2.1.1-150500.22.3.1 updated - perl-Bootloader-0.945-150400.3.9.1 updated - python3-base-3.6.15-150300.10.51.1 updated - python3-bind-9.16.44-150500.8.12.2 updated - python3-ply-3.10-150000.3.5.1 updated - python3-3.6.15-150300.10.51.1 updated - rpm-ndb-4.14.3-150400.59.3.1 updated - runc-1.1.8-150000.49.1 updated - samba-client-libs-4.17.9+git.421.abde31ca5c2-150500.3.11.1 updated - shadow-4.8.1-150400.10.12.1 updated - supportutils-3.1.26-150300.7.35.21.1 updated - suse-build-key-12.0-150000.8.34.1 updated - suse-module-tools-15.5.2-150500.3.3.1 updated - xen-libs-4.17.2_06-150500.3.12.1 updated - xen-tools-domU-4.17.2_06-150500.3.12.1 updated - zypper-1.14.64-150400.3.32.1 updated - sysfsutils-2.1.0-3.3.1 removed From sle-updates at lists.suse.com Mon Oct 16 09:12:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Oct 2023 11:12:33 +0200 (CEST) Subject: SUSE-IU-2023:733-1: Security update of sles-15-sp5-chost-byos-v20231013-arm64 Message-ID: <20231016091233.A25D0F78C@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp5-chost-byos-v20231013-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:733-1 Image Tags : sles-15-sp5-chost-byos-v20231013-arm64:20231013 Image Release : Severity : important Type : security References : 1023051 1120059 1152472 1157881 1177719 1181477 1188885 1193629 1194869 1196933 1200710 1201066 1202845 1203329 1203330 1204942 1205462 1205533 1206402 1206453 1206453 1206608 1207543 1207598 1208902 1208928 1208949 1209233 1209284 1209799 1209859 1209979 1210015 1210048 1210448 1210950 1211078 1211220 1211598 1211599 1211829 1212091 1212142 1212423 1212475 1212475 1212526 1212594 1212819 1212857 1212873 1212910 1212957 1213026 1213123 1213127 1213428 1213546 1213580 1213601 1213666 1213733 1213757 1213759 1213762 1213808 1213822 1213854 1213916 1213921 1213927 1213946 1213949 1213968 1213970 1213971 1213993 1214000 1214019 1214052 1214073 1214120 1214149 1214180 1214233 1214238 1214285 1214292 1214297 1214299 1214305 1214350 1214368 1214370 1214371 1214372 1214380 1214386 1214392 1214393 1214395 1214397 1214404 1214428 1214451 1214458 1214535 1214635 1214659 1214661 1214692 1214727 1214729 1214742 1214743 1214756 1214768 1214806 1214928 1214942 1214943 1214944 1214950 1214951 1214954 1214957 1214976 1214986 1214988 1214992 1214993 1215007 1215026 1215064 1215145 1215322 1215472 1215474 1215522 1215523 1215552 1215553 1215578 1215596 1215713 1215744 1215746 1215747 1215748 1215877 1215888 1215889 1215894 1215895 1215896 1215904 1215905 1215906 1215907 1215908 1215911 1215915 1215916 CVE-2022-38457 CVE-2022-40133 CVE-2022-45154 CVE-2023-1192 CVE-2023-1206 CVE-2023-1859 CVE-2023-2007 CVE-2023-20588 CVE-2023-20588 CVE-2023-2177 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 CVE-2023-3341 CVE-2023-34319 CVE-2023-34322 CVE-2023-34323 CVE-2023-34325 CVE-2023-34326 CVE-2023-34327 CVE-2023-34328 CVE-2023-35945 CVE-2023-3610 CVE-2023-37453 CVE-2023-3772 CVE-2023-38039 CVE-2023-38545 CVE-2023-38546 CVE-2023-3863 CVE-2023-39192 CVE-2023-39193 CVE-2023-39194 CVE-2023-3961 CVE-2023-39615 CVE-2023-40217 CVE-2023-40283 CVE-2023-4039 CVE-2023-4091 CVE-2023-4128 CVE-2023-4133 CVE-2023-4134 CVE-2023-4147 CVE-2023-4154 CVE-2023-4155 CVE-2023-4194 CVE-2023-42669 CVE-2023-42670 CVE-2023-4273 CVE-2023-42753 CVE-2023-42754 CVE-2023-4387 CVE-2023-4389 CVE-2023-4459 CVE-2023-4563 CVE-2023-4569 CVE-2023-4622 CVE-2023-4623 CVE-2023-4641 CVE-2023-4881 CVE-2023-4921 CVE-2023-5345 ----------------------------------------------------------------- The container sles-15-sp5-chost-byos-v20231013-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3663-1 Released: Mon Sep 18 21:49:09 2023 Summary: Recommended update for perl-Bootloader Type: recommended Severity: important References: 1215064 This update for perl-Bootloader fixes the following issues: - bootloader_entry script can have an optional 'force-default' argument (bsc#1215064) - skip warning about unsupported options when in compat mode ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3666-1 Released: Mon Sep 18 21:52:18 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3716-1 Released: Thu Sep 21 06:51:25 2023 Summary: Recommended update for libnvme, nvme-cli Type: recommended Severity: moderate References: 1213762,1213993 This update for libnvme, nvme-cli fixes the following issues: - Update to version 1.4+29.ga3cf0a - Fix segfault in nvme_scan_subsystem() (bsc#1213993) - Fix segfault converting NULL to JSON string (bsc#1213762) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3717-1 Released: Thu Sep 21 06:51:51 2023 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1214458 This update for apparmor fixes the following issues: - Update zgrep profile to allow egrep helper use (bsc#1214458) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3780-1 Released: Tue Sep 26 10:58:21 2023 Summary: Recommended update hidapi Type: recommended Severity: moderate References: 1214535 This update for hidapi ships the missing libhidapi-raw0 library to SLE and Leap Micro 5.3 and 5.4. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3814-1 Released: Wed Sep 27 18:08:17 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1211829,1212819,1212910 This update for glibc fixes the following issues: - nscd: Fix netlink cache invalidation if epoll is used (bsc#1212910, BZ #29415) - Restore lookup of IPv4 mapped addresses in files database (bsc#1212819, BZ #25457) - elf: Remove excessive p_align check on PT_LOAD segments (bsc#1211829, BZ #28688) - elf: Properly align PT_LOAD segments (bsc#1211829, BZ #28676) - ld.so: Always use MAP_COPY to map the first segment (BZ #30452) - add GB18030-2022 charmap (jsc#PED-4908, BZ #30243) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3817-1 Released: Wed Sep 27 18:31:14 2023 Summary: Security update for containerd Type: security Severity: important References: 1212475 This update of containerd fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3821-1 Released: Wed Sep 27 18:38:33 2023 Summary: Security update for bind Type: security Severity: important References: 1215472,CVE-2023-3341 This update for bind fixes the following issues: Update to release 9.16.44: - CVE-2023-3341: Fixed stack exhaustion flaw in control channel code may cause named to terminate unexpectedly (bsc#1215472). Update to release 9.16.43 * Processing already-queued queries received over TCP could cause an assertion failure, when the server was reconfigured at the same time or the cache was being flushed. This has been fixed. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3822-1 Released: Wed Sep 27 18:40:14 2023 Summary: Security update for supportutils Type: security Severity: moderate References: 1181477,1196933,1204942,1205533,1206402,1206608,1207543,1207598,1208928,1209979,1210015,1210950,1211598,1211599,1213127,CVE-2022-45154 This update for supportutils fixes the following issues: Security fixes: - CVE-2022-45154: Removed iSCSI passwords (bsc#1207598). Other Fixes: - Changes in version 3.1.26 + powerpc plugin to collect the slots and active memory (bsc#1210950) + A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154 + supportconfig: collect BPF information (pr#154) + Added additional iscsi information (pr#155) - Added run time detection (bsc#1213127) - Changes for supportutils version 3.1.25 + Removed iSCSI passwords CVE-2022-45154 (bsc#1207598) + powerpc: Collect lsslot,amsstat, and opal elogs (pr#149) + powerpc: collect invscout logs (pr#150) + powerpc: collect RMC status logs (pr#151) + Added missing nvme nbft commands (bsc#1211599) + Fixed invalid nvme commands (bsc#1211598) + Added missing podman information (PED-1703, bsc#1181477) + Removed dependency on sysfstools + Check for systool use (bsc#1210015) + Added selinux checking (bsc#1209979) + Updated SLES_VER matrix - Fixed missing status detail for apparmor (bsc#1196933) - Corrected invalid argument list in docker.txt (bsc#1206608) - Applies limit equally to sar data and text files (bsc#1207543) - Collects hwinfo hardware logs (bsc#1208928) - Collects lparnumascore logs (issue#148) - Add dependency to `numactl` on ppc64le and `s390x`, this enforces that `numactl --hardware` data is provided in supportconfigs - Changes to supportconfig.rc version 3.1.11-35 + Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402) - Changes to supportconfig version 3.1.11-46.4 + Added plymouth_info - Changes to getappcore version 1.53.02 + The location of chkbin was updated earlier. This documents that change (bsc#1205533, bsc#1204942) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3823-1 Released: Wed Sep 27 18:42:38 2023 Summary: Security update for curl Type: security Severity: important References: 1215026,CVE-2023-38039 This update for curl fixes the following issues: - CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. (bsc#1215026) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3828-1 Released: Wed Sep 27 19:07:38 2023 Summary: Security update for python3 Type: security Severity: important References: 1214692,CVE-2023-40217 This update for python3 fixes the following issues: - CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3831-1 Released: Wed Sep 27 19:15:23 2023 Summary: Security update for xen Type: security Severity: important References: 1215145,1215474,CVE-2023-20588,CVE-2023-34322 This update for xen fixes the following issues: - CVE-2023-20588: Fixed AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474). - CVE-2023-34322: Fixed top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3843-1 Released: Wed Sep 27 20:18:06 2023 Summary: Recommended update for suse-build-key Type: recommended Severity: important References: This update for suse-build-key fixes the following issues: This update adds and runs a import-suse-build-key script. It is run after installation with libzypp based installers. (jsc#PED-2777) It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3951-1 Released: Tue Oct 3 19:37:46 2023 Summary: Recommended update for python3-jmespath, python3-ply Type: recommended Severity: moderate References: 1209233 This update for python3-jmespath and python3-ply fixes the following issue: - the packages are required as dependencies for python3-salt, and were missing on aarch64 based SLE Micro flavors so far. There are no functional changes. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3952-1 Released: Tue Oct 3 20:06:23 2023 Summary: Security update for runc Type: security Severity: important References: 1212475 This update of runc fixes the following issues: - Update to runc v1.1.8. Upstream changelog is available from . - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3970-1 Released: Wed Oct 4 14:17:12 2023 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1215578 This update for dracut fixes the following issues: - Honor nvme-cli's /etc/nvme/config.json in NVMe/TCP (bsc#1215578) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3971-1 Released: Wed Oct 4 14:36:01 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1023051,1120059,1177719,1188885,1193629,1194869,1203329,1203330,1205462,1206453,1208902,1208949,1209284,1209799,1210048,1210448,1211220,1212091,1212142,1212423,1212526,1212857,1212873,1213026,1213123,1213546,1213580,1213601,1213666,1213733,1213757,1213759,1213916,1213921,1213927,1213946,1213949,1213968,1213970,1213971,1214000,1214019,1214073,1214120,1214149,1214180,1214233,1214238,1214285,1214297,1214299,1214305,1214350,1214368,1214370,1214371,1214372,1214380,1214386,1214392,1214393,1214397,1214404,1214428,1214451,1214635,1214659,1214661,1214727,1214729,1214742,1214743,1214756,1214976,1215522,1215523,1215552,1215553,CVE-2022-38457,CVE-2022-40133,CVE-2023-2007,CVE-2023-20588,CVE-2023-34319,CVE-2023-3610,CVE-2023-37453,CVE-2023-3772,CVE-2023-3863,CVE-2023-40283,CVE-2023-4128,CVE-2023-4133,CVE-2023-4134,CVE-2023-4147,CVE-2023-4194,CVE-2023-4273,CVE-2023-4387,CVE-2023-4459,CVE-2023-4563,CVE-2023-4569 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-38457: Fixed a use-after-free vulnerability in vmwgfx driver that allowed a local attacker to cause a denial of service (bsc#1203330). - CVE-2022-40133: Fixed a use-after-free vulnerability in vmwgfx driver that allowed a local attacker to cause a denial of service (bsc#1203329). - CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448). - CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927). - CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546). - CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580). - CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123). - CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666). - CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). - CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233). - CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149). - CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970). - CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971). - CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968). - CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019). - CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120). - CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350). - CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451). - CVE-2023-4563: Fixed use-after-free in nft_verdict_dump due to a race between set GC and transaction (bsc#1214727). - CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c (bsc#1214729). The following non-security bugs were fixed: - ACPI/IORT: Update SMMUv3 DeviceID support (bsc#1214305). - ACPI: processor: perflib: Avoid updating frequency QoS unnecessarily (git-fixes). - ACPI: processor: perflib: Use the 'no limit' frequency QoS (git-fixes). - ACPI: x86: s2idle: Fix a logic error parsing AMD constraints table (git-fixes). - ALSA: ac97: Fix possible error value of *rac97 (git-fixes). - ALSA: hda/cs8409: Support new Dell Dolphin Variants (git-fixes). - ALSA: hda/realtek - Remodified 3k pull low procedure (git-fixes). - ALSA: hda/realtek: Add quirk for HP Victus 16-d1xxx to enable mute LED (git-fixes). - ALSA: hda/realtek: Add quirk for mute LEDs on HP ENVY x360 15-eu0xxx (git-fixes). - ALSA: hda/realtek: Add quirks for HP G11 Laptops (git-fixes). - ALSA: hda/realtek: Switch Dell Oasis models to use SPI (git-fixes). - ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl (git-fixes). - ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces (git-fixes). - ALSA: usb-audio: Fix init call orders for UAC1 (git-fixes). - ALSA: ymfpci: Fix the missing snd_card_free() call at probe error (git-fixes). - ARM: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix USB related warnings (git-fixes). - ARM: dts: imx6sll: fixup of operating points (git-fixes). - ARM: spear: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - ASoC: SOF: Intel: fix SoundWire/HDaudio mutual exclusion (git-fixes). - ASoC: amd: yc: Fix a non-functional mic on Lenovo 82SJ (git-fixes). - ASoC: lower 'no backend DAIs enabled for ... Port' log severity (git-fixes). - ASoC: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes). - ASoC: rt5665: add missed regulator_bulk_disable (git-fixes). - ASoC: stac9766: fix build errors with REGMAP_AC97 (git-fixes). - ASoC: tegra: Fix SFC conversion for few rates (git-fixes). - Bluetooth: Fix potential use-after-free when clear keys (git-fixes). - Bluetooth: L2CAP: Fix use-after-free (git-fixes). - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (git-fixes). - Bluetooth: Remove unused declaration amp_read_loc_info() (git-fixes). - Bluetooth: btusb: Add MT7922 bluetooth ID for the Asus Ally (git-fixes). - Bluetooth: btusb: Do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git-fixes). - CONFIG_NVME_VERBOSE_ERRORS=y gone with a82baa8083b - CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13 gone with 7e152d55123 - Created new preempt kernel flavor Configs are cloned from the respective $arch/default configs. All changed configs appart from CONFIG_PREEMPT->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. TREE_RCU has been also changed to PREEMPT_RCU which is the default implementation for PREEMPT kernel. - Documentation: devices.txt: Fix minors for ttyCPM* (git-fixes). - Documentation: devices.txt: Remove ttyIOC* (git-fixes). - Documentation: devices.txt: Remove ttySIOC* (git-fixes). - Drivers: hv: Do not remap addresses that are above shared_gpa_boundary (bsc#1206453). - Drivers: hv: Enable vmbus driver for nested root partition (bsc#1206453). - Drivers: hv: Explicitly request decrypted in vmap_pfn() calls (bsc#1206453). - Drivers: hv: Setup synic registers in case of nested root partition (bsc#1206453). - Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (bsc#1206453). - Drivers: hv: vmbus: Remove second mapping of VMBus monitor pages (bsc#1206453). - Drivers: hv: vmbus: Remove second way of mapping ring buffers (bsc#1206453). - Drivers: hv: vmbus: Remove the per-CPU post_msg_page (bsc#1206453). - Drop amdgpu patch causing spamming (bsc#1215523) - Drop cfg80211 lock fix patches that caused a regression (bsc#1213757) - Drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428) - Enable Analog Devices Industrial Ethernet PHY driver (jsc#PED-4759) - HID: add quirk for 03f0:464a HP Elite Presenter Mouse (git-fixes). - HID: logitech-dj: Fix error handling in logi_dj_recv_switch_to_dj_mode() (git-fixes). - HID: logitech-hidpp: Add USB and Bluetooth IDs for the Logitech G915 TKL Keyboard (git-fixes). - HID: multitouch: Correct devm device reference for hidinput input_dev name (git-fixes). - HID: wacom: remove the battery when the EKR is off (git-fixes). - HWPOISON: offline support: fix spelling in Documentation/ABI/ (git-fixes). - IB/hfi1: Fix possible panic during hotplug remove (git-fixes) - IB/uverbs: Fix an potential error pointer dereference (git-fixes) - Input: exc3000 - properly stop timer on shutdown (git-fixes). - KVM: s390: fix sthyi error handling (git-fixes bsc#1214370). - Kbuild: add -Wno-shift-negative-value where -Wextra is used (bsc#1214756). - Kbuild: move to -std=gnu11 (bsc#1214756). - PCI/ASPM: Avoid link retraining race (git-fixes). - PCI/ASPM: Factor out pcie_wait_for_retrain() (git-fixes). - PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link() (git-fixes). - PCI: Mark NVIDIA T4 GPUs to avoid bus reset (git-fixes). - PCI: acpiphp: Reassign resources on bridge if necessary (git-fixes). - PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus (git-fixes). - PCI: hv: Enable PCI pass-thru devices in Confidential VMs (bsc#1206453). - PCI: hv: Replace retarget_msi_interrupt_params with (bsc#1206453). - PCI: meson: Remove cast between incompatible function type (git-fixes). - PCI: microchip: Correct the DED and SEC interrupt bit offsets (git-fixes). - PCI: microchip: Remove cast between incompatible function type (git-fixes). - PCI: pciehp: Use RMW accessors for changing LNKCTL (git-fixes). - PCI: rockchip: Remove writes to unused registers (git-fixes). - PCI: s390: Fix use-after-free of PCI resources with per-function hotplug (git-fixes). - PCI: tegra194: Fix possible array out of bounds access (git-fixes). - PM / devfreq: Fix leak in devfreq_dev_release() (git-fixes). - RDMA/bnxt_re: Fix error handling in probe failure path (git-fixes) - RDMA/bnxt_re: Fix max_qp count for virtual functions (git-fixes) - RDMA/efa: Fix wrong resources deallocation order (git-fixes) - RDMA/hns: Fix CQ and QP cache affinity (git-fixes) - RDMA/hns: Fix incorrect post-send with direct wqe of wr-list (git-fixes) - RDMA/hns: Fix port active speed (git-fixes) - RDMA/irdma: Prevent zero-length STAG registration (git-fixes) - RDMA/irdma: Replace one-element array with flexible-array member (git-fixes) - RDMA/mlx5: Return the firmware result upon destroying QP/RQ (git-fixes) - RDMA/qedr: Remove a duplicate assignment in irdma_query_ah() (git-fixes) - RDMA/siw: Balance the reference of cep->kref in the error path (git-fixes) - RDMA/siw: Correct wrong debug message (git-fixes) - RDMA/umem: Set iova in ODP flow (git-fixes) - README.BRANCH: Add Miroslav Franc as a SLE15-SP4 co-maintainer. - Revert 'IB/isert: Fix incorrect release of isert connection' (git-fixes) - Revert 'tracing: Add '(fault)' name injection to kernel probes' (git-fixes). - SMB3: Do not send lease break acknowledgment if all file handles have been closed (git-fixes). - Update patches.suse/cpufreq-intel_pstate-Fix-cpu-pstate.turbo_freq-initi.patch (git-fixes bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). - amba: bus: fix refcount leak (git-fixes). - arm64: dts: imx8mn-var-som: add missing pull-up for onboard PHY reset pinmux (git-fixes). - arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (git-fixes). - arm64: dts: rockchip: Disable HS400 for eMMC on ROCK Pi 4 (git-fixes). - audit: fix possible soft lockup in __audit_inode_child() (git-fixes). - backlight/bd6107: Compare against struct fb_info.device (git-fixes). - backlight/gpio_backlight: Compare against struct fb_info.device (git-fixes). - backlight/lv5207lp: Compare against struct fb_info.device (git-fixes). - batman-adv: Do not get eth header before batadv_check_management_packet (git-fixes). - batman-adv: Do not increase MTU when set by user (git-fixes). - batman-adv: Fix TT global entry leak when client roamed back (git-fixes). - batman-adv: Fix batadv_v_ogm_aggr_send memory leak (git-fixes). - batman-adv: Hold rtnl lock during MTU update via netlink (git-fixes). - batman-adv: Trigger events for auto adjusted MTU (git-fixes). - bnx2x: fix page fault following EEH recovery (bsc#1214299). - bpf: Disable preemption in bpf_event_output (git-fixes). - bpftool: Print newline before '}' for struct with padding only fields (bsc#1211220 jsc#PED-3924). - bus: mhi: host: Skip MHI reset if device is in RDDM (git-fixes). - bus: ti-sysc: Fix build warning for 64-bit build (git-fixes). - bus: ti-sysc: Fix cast to enum warning (git-fixes). - bus: ti-sysc: Flush posted write on enable before reset (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM (git-fixes). - ceph: defer stopping mdsc delayed_work (bsc#1214392). - ceph: do not check for quotas on MDS stray dirs (bsc#1214238). - ceph: never send metrics if disable_send_metrics is set (bsc#1214180). - check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380). gcc7 on SLE 15 does not support this while later gcc does. - cifs: add missing return value check for cifs_sb_tlink (bsc#1193629). - cifs: allow dumping keys for directories too (bsc#1193629). - cifs: fix mid leak during reconnection after timeout threshold (git-fixes). - cifs: if deferred close is disabled then close files immediately (git-fixes). - cifs: is_network_name_deleted should return a bool (bsc#1193629). - cifs: update internal module version number for cifs.ko (bsc#1193629). - clk: Fix slab-out-of-bounds error in devm_clk_release() (git-fixes). - clk: Fix undefined reference to `clk_rate_exclusive_{get,put}' (git-fixes). - clk: imx8mp: fix sai4 clock (git-fixes). - clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op (git-fixes). - clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz (git-fixes). - clk: qcom: camcc-sc7180: fix async resume during probe (git-fixes). - clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (git-fixes). - clk: qcom: gcc-sc7180: Fix up gcc_sdcc2_apps_clk_src (git-fixes). - clk: qcom: gcc-sm8250: Fix gcc_sdcc2_apps_clk_src (git-fixes). - clk: sunxi-ng: Modify mismatched function name (git-fixes). - clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - clocksource/drivers/hyper-v: Rework clocksource and sched clock setup (bsc#1206453). - clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - clocksource: hyper-v: Add TSC page support for root partition (bsc#1206453). - clocksource: hyper-v: Introduce TSC PFN getter (bsc#1206453). - clocksource: hyper-v: Introduce a pointer to TSC page (bsc#1206453). - clocksource: hyper-v: Use TSC PFN getter to map vvar page (bsc#1206453). - clocksource: hyper-v: make sure Invariant-TSC is used if it is (bsc#1206453). - cpu/SMT: Allow enabling partial SMT states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/SMT: Create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/SMT: Move SMT prototypes into cpu_smt.h (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/SMT: Move smt/control simple exit cases earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/SMT: Remove topology_smt_supported() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/SMT: Store the current/max number of threads (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpufreq: Fix the race condition while updating the transition_task of policy (git-fixes). - cpufreq: intel_pstate: Adjust balance_performance EPP for Sapphire Rapids (bsc#1214659). - cpufreq: intel_pstate: Enable HWP IO boost for all servers (bsc#1208949 jsc#PED-6003 jsc#PED-6004). - cpufreq: intel_pstate: Fix scaling for hybrid-capable systems with disabled E-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). - cpufreq: intel_pstate: Read all MSRs on the target CPU (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). - cpufreq: intel_pstate: hybrid: Rework HWP calibration (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). - cpufreq: intel_pstate: hybrid: Use known scaling factor for P-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). - crypto: caam - fix unchecked return value error (git-fixes). - crypto: stm32 - Properly handle pm_runtime_get failing (git-fixes). - define more Hyper-V related constants (bsc#1206453). - dma-buf/sw_sync: Avoid recursive lock during fence signal (git-fixes). - dma-buf/sync_file: Fix docs syntax (git-fixes). - dmaengine: idxd: Modify the dependence of attribute pasid_enabled (git-fixes). - dmaengine: mcf-edma: Fix a potential un-allocated memory access (git-fixes). - dmaengine: pl330: Return DMA_PAUSED when transaction is paused (git-fixes). - dmaengine: ste_dma40: Add missing IRQ check in d40_probe (git-fixes). - docs/process/howto: Replace C89 with C11 (bsc#1214756). - docs: kernel-parameters: Refer to the correct bitmap function (git-fixes). - docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx (git-fixes). - docs: printk-formats: Fix hex printing of signed values (git-fixes). - driver core: test_async: fix an error code (git-fixes). - drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init() (git-fixes). - drivers: usb: smsusb: fix error handling code in smsusb_init_device (git-fixes). - drm/amd/display: Apply 60us prefetch for DCFCLK <= 300Mhz (git-fixes). - drm/amd/display: Disable phantom OTG after enable for plane disable (git-fixes). - drm/amd/display: Do not set drr on pipe commit (git-fixes). - drm/amd/display: Enable dcn314 DPP RCO (git-fixes). - drm/amd/display: Ensure that planes are in the same order (git-fixes). - drm/amd/display: Implement workaround for writing to OTG_PIXEL_RATE_DIV register (git-fixes). - drm/amd/display: Retain phantom plane/stream if validation fails (git-fixes). - drm/amd/display: Skip DPP DTO update if root clock is gated (git-fixes). - drm/amd/display: Use update plane and stream routine for DCN32x (git-fixes). - drm/amd/display: check TG is non-null before checking if enabled (git-fixes). - drm/amd/display: check attr flag before set cursor degamma on DCN3+ (git-fixes). - drm/amd/display: disable RCO for DCN314 (git-fixes). - drm/amd/display: do not wait for mpc idle if tg is disabled (git-fixes). - drm/amd/display: fix access hdcp_workqueue assert (git-fixes). - drm/amd/display: fix the build when DRM_AMD_DC_DCN is not set (git-fixes). - drm/amd/display: limit DPIA link rate to HBR3 (git-fixes). - drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes). - drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes). - drm/amd/display: trigger timing sync only if TG is running (git-fixes). - drm/amd/pm/smu7: move variables to where they are used (git-fixes). - drm/amd/pm: avoid unintentional shutdown due to temperature momentary fluctuation (git-fixes). - drm/amd/pm: expose swctf threshold setting for legacy powerplay (git-fixes). - drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create() (git-fixes). - drm/amd/pm: fulfill powerplay peak profiling mode shader/memory clock settings (git-fixes). - drm/amd/pm: fulfill swsmu peak profiling mode shader/memory clock settings (git-fixes). - drm/amd/pm: skip the RLC stop when S0i3 suspend for SMU v13.0.4/11 (git-fixes). - drm/amd: Disable S/G for APUs when 64GB or more host memory (git-fixes). - drm/amd: flush any delayed gfxoff on suspend entry (git-fixes). - drm/amdgpu/pm: fix throttle_status for other than MP1 11.0.7 (git-fixes). - drm/amdgpu: Fix integer overflow in amdgpu_cs_pass1 (git-fixes). - drm/amdgpu: Fix potential fence use-after-free v2 (git-fixes). - drm/amdgpu: Remove unnecessary domain argument (git-fixes). - drm/amdgpu: Use RMW accessors for changing LNKCTL (git-fixes). - drm/amdgpu: add S/G display parameter (git-fixes). - drm/amdgpu: add vram reservation based on vram_usagebyfirmware_v2_2 (git-fixes). - drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() (git-fixes). - drm/amdgpu: fix calltrace warning in amddrm_buddy_fini (git-fixes). - drm/amdgpu: fix memory leak in mes self test (git-fixes). - drm/amdgpu: fix possible UAF in amdgpu_cs_pass1() (git-fixes). - drm/amdgpu: install stub fence into potential unused fence pointers (git-fixes). - drm/amdgpu: keep irq count in amdgpu_irq_disable_all (git-fixes). - drm/amdgpu: skip fence GFX interrupts disable/enable for S0ix (git-fixes). - drm/armada: Fix off-by-one error in armada_overlay_get_property() (git-fixes). - drm/ast: Fix DRAM init on AST2200 (git-fixes). - drm/atomic-helper: Update reference to drm_crtc_force_disable_all() (git-fixes). - drm/bridge: anx7625: Drop device lock before drm_helper_hpd_irq_event() (git-fixes). - drm/bridge: anx7625: Use common macros for DP power sequencing commands (git-fixes). - drm/bridge: anx7625: Use common macros for HDCP capabilities (git-fixes). - drm/bridge: fix -Wunused-const-variable= warning (git-fixes). - drm/bridge: tc358764: Fix debug print parameter order (git-fixes). - drm/etnaviv: fix dumping of active MMU context (git-fixes). - drm/gma500: Use drm_aperture_remove_conflicting_pci_framebuffers (git-fixes). - drm/i915/sdvo: fix panel_type initialization (git-fixes). - drm/i915: Fix premature release of request's reusable memory (git-fixes). - drm/mediatek: Fix dereference before null check (git-fixes). - drm/mediatek: Fix potential memory leak if vmap() fail (git-fixes). - drm/mediatek: Remove freeing not dynamic allocated memory (git-fixes). - drm/msm/a2xx: Call adreno_gpu_init() earlier (git-fixes). - drm/msm/dpu: fix the irq index in dpu_encoder_phys_wb_wait_for_commit_done (git-fixes). - drm/msm/mdp5: Do not leak some plane state (git-fixes). - drm/msm: Update dev core dump to not print backwards (git-fixes). - drm/mxsfb: Disable overlay plane in mxsfb_plane_overlay_atomic_disable() (git-fixes). - drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes (git-fixes). - drm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create (bsc#1214073). - drm/nouveau/gr: enable memory loads on helper invocation on all channels (git-fixes). - drm/nouveau/nvkm/dp: Add workaround to fix DP 1.3+ DPCD issues (git-fixes). - drm/panel: simple: Add missing connector type and pixel format for AUO T215HVN01 (git-fixes). - drm/panel: simple: Fix AUO G121EAN01 panel timings according to the docs (git-fixes). - drm/qxl: fix UAF on handle creation (git-fixes). - drm/radeon: Use RMW accessors for changing LNKCTL (git-fixes). - drm/repaper: Reduce temporary buffer size in repaper_fb_dirty() (git-fixes). - drm/rockchip: Do not spam logs in atomic check (git-fixes). - drm/shmem-helper: Reset vma->vm_ops before calling dma_buf_mmap() (git-fixes). - drm/stm: ltdc: fix late dereference check (git-fixes). - drm/tegra: dpaux: Fix incorrect return value of platform_get_irq (git-fixes). - drm/ttm: check null pointer before accessing when swapping (git-fixes). - drm/ttm: never consider pinned BOs for eviction&swap (git-fixes). - drm/vmwgfx: Fix shader stage validation (git-fixes). - drm: adv7511: Fix low refresh rate register for ADV7533/5 (git-fixes). - drm: rcar-du: remove R-Car H3 ES1.* workarounds (git-fixes). - drm: xlnx: zynqmp_dpsub: Add missing check for dma_set_mask (git-fixes). - dt-bindings: clock: xlnx,versal-clk: drop select:false (git-fixes). - dt-bindings: clocks: imx8mp: make sai4 a dummy clock (git-fixes). - dt-bindings: crypto: ti,sa2ul: make power-domains conditional (git-fixes). - e1000: Fix typos in comments (jsc#PED-5738). - e1000: Remove unnecessary use of kmap_atomic() (jsc#PED-5738). - e1000: switch to napi_build_skb() (jsc#PED-5738). - e1000: switch to napi_consume_skb() (jsc#PED-5738). - exfat: fix unexpected EOF while reading dir (bsc#1214000). - exfat: release s_lock before calling dir_emit() (bsc#1214000). - exfat_iterate(): do not open-code file_inode(file) (bsc#1214000). - fbdev/ep93xx-fb: Do not assign to struct fb_info.dev (git-fixes). - fbdev: Fix sys_imageblit() for arbitrary image widths (git-fixes). - fbdev: Improve performance of sys_imageblit() (git-fixes). - fbdev: Update fbdev source file paths (git-fixes). - fbdev: fix potential OOB read in fast_imageblit() (git-fixes). - fbdev: mmp: fix value check in mmphw_probe() (git-fixes). - file: reinstate f_pos locking optimization for regular files (bsc#1213759). - firmware: arm_scmi: Drop OF node reference in the transport channel setup (git-fixes). - firmware: cs_dsp: Fix new control name check (git-fixes). - firmware: meson_sm: fix to avoid potential NULL pointer dereference (git-fixes). - firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes). - fprobe: Release rethook after the ftrace_ops is unregistered (git-fixes). - fprobe: add unlock to match a succeeded ftrace_test_recursion_trylock (git-fixes). - fs/sysv: Null check to prevent null-ptr-deref bug (git-fixes). - fsi: aspeed: Reset master errors after CFAM reset (git-fixes). - fsi: master-ast-cf: Add MODULE_FIRMWARE macro (git-fixes). - ftrace: Fix possible warning on checking all pages used in ftrace_process_locs() (git-fixes). - gpio: mvebu: Make use of devm_pwmchip_add (git-fixes). - gpio: mvebu: fix irq domain leak (git-fixes). - gpio: tps68470: Make tps68470_gpio_output() always set the initial value (git-fixes). - hv_netvsc: Remove second mapping of send and recv buffers (bsc#1206453). - hwmon: (pmbus/bel-pfe) Enable PMBUS_SKIP_STATUS_CHECK for pfe1100 (git-fixes). - hwmon: (tmp513) Fix the channel number in tmp51x_is_visible() (git-fixes). - hwrng: iproc-rng200 - Implement suspend and resume calls (git-fixes). - hwrng: nomadik - keep clock enabled while hwrng is registered (git-fixes). - hwrng: pic32 - use devm_clk_get_enabled (git-fixes). - i2c: Delete error messages for failed memory allocations (git-fixes). - i2c: Improve size determinations (git-fixes). - i2c: bcm-iproc: Fix bcm_iproc_i2c_isr deadlock issue (git-fixes). - i2c: designware: Correct length byte validation logic (git-fixes). - i2c: designware: Handle invalid SMBus block data response length value (git-fixes). - i2c: hisi: Only handle the interrupt of the driver's transfer (git-fixes). - i2c: nomadik: Remove a useless call in the remove function (git-fixes). - i2c: nomadik: Remove unnecessary goto label (git-fixes). - i2c: nomadik: Use devm_clk_get_enabled() (git-fixes). - i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes). - iavf: fix potential races for FDIR filters (git-fixes). - ice: Fix RDMA VSI removal during queue rebuild (git-fixes). - ice: Fix crash by keep old cfg when update TCs more than queues (git-fixes). - ice: Fix max_rate check while configuring TX rate limits (git-fixes). - ice: Fix memory management in ice_ethtool_fdir.c (git-fixes). - iio: adc: ina2xx: avoid NULL pointer dereference on OF device match (git-fixes). - iio: adc: stx104: Implement and utilize register structures (git-fixes). - iio: adc: stx104: Utilize iomap interface (git-fixes). - iio: cros_ec: Fix the allocation size for cros_ec_command (git-fixes). - intel/e1000:fix repeated words in comments (jsc#PED-5738). - intel: remove unused macros (jsc#PED-5738). - iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423). - iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423). - iommu/amd: Add PCI segment support for ivrs_ commands (git-fixes). - iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423). - iommu/amd: Do not identity map v2 capable device when snp is enabled (git-fixes). - iommu/amd: Fix compile warning in init code (git-fixes). - iommu/amd: Fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (git-fixes). - iommu/amd: Fix ivrs_acpihid cmdline parsing code (git-fixes). - iommu/amd: Fix pci device refcount leak in ppr_notifier() (git-fixes). - iommu/amd: use full 64-bit value in build_completion_wait() (git-fixes). - iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT device to identity (git-fixes). - iommu/arm-smmu-v3: check return value after calling platform_get_resource() (git-fixes). - iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes). - iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (git-fixes). - iommu/dart: Initialize DART_STREAMS_ENABLE (git-fixes). - iommu/dma: Fix incorrect error return on iommu deferred attach (git-fixes). - iommu/dma: Fix iova map result check bug (git-fixes). - iommu/dma: return error code from iommu_dma_map_sg() (git-fixes). - iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe() (git-fixes). - iommu/io-pgtable-arm-v7s: Add a quirk to allow pgtable PA up to 35bit (git-fixes). - iommu/iova: Fix module config properly (git-fixes). - iommu/mediatek: Add error path for loop of mm_dts_parse (git-fixes). - iommu/mediatek: Add platform_device_put for recovering the device refcnt (git-fixes). - iommu/mediatek: Check return value after calling platform_get_resource() (git-fixes). - iommu/mediatek: Set dma_mask for PGTABLE_PA_35_EN (git-fixes). - iommu/mediatek: Use component_match_add (git-fixes). - iommu/mediatek: Validate number of phandles associated with 'mediatek,larbs' (git-fixes). - iommu/omap: Fix buffer overflow in debugfs (git-fixes). - iommu/rockchip: fix permission bits in page table entries v2 (git-fixes). - iommu/s390: Fix duplicate domain attachments (git-fixes). - iommu/sun50i: Consider all fault sources for reset (git-fixes). - iommu/sun50i: Fix R/W permission check (git-fixes). - iommu/sun50i: Fix flush size (git-fixes). - iommu/sun50i: Fix reset release (git-fixes). - iommu/sun50i: Implement .iotlb_sync_map (git-fixes). - iommu/sun50i: Remove IOMMU_DOMAIN_IDENTITY (git-fixes). - iommu/vt-d: Add RPLS to quirk list to skip TE disabling (git-fixes). - iommu/vt-d: Check correct capability for sagaw determination (git-fixes). - iommu/vt-d: Clean up si_domain in the init_dmars() error path (git-fixes). - iommu/vt-d: Correctly calculate sagaw value of IOMMU (git-fixes). - iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init() (git-fixes). - iommu/vt-d: Fix PCI device refcount leak in has_external_pci() (git-fixes). - iommu/vt-d: Fix kdump kernels boot failure with scalable mode (git-fixes). - iommu/vt-d: Preset Access bit for IOVA in FL non-leaf paging entries (git-fixes). - iommu/vt-d: Set SRE bit only when hardware has SRS cap (git-fixes). - ipmi:ssif: Add check for kstrdup (git-fixes). - ipmi:ssif: Fix a memory leak when scanning for an adapter (git-fixes). - ipmi_si: fix a memleak in try_smi_init() (git-fixes). - jffs2: correct logic when creating a hole in jffs2_write_begin (git-fixes). - kabi/severities: Ignore newly added SRSO mitigation functions - kabi: Allow extra bugsints (bsc#1213927). - kernel-binary: Common dependencies cleanup Common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there. - kernel-binary: Drop code for kerntypes support Kerntypes was a SUSE-specific feature dropped before SLE 12. - kunit: make kunit_test_timeout compatible with comment (git-fixes). - leds: Fix BUG_ON check for LED_COLOR_ID_MULTI that is always false (git-fixes). - leds: multicolor: Use rounded division when calculating color components (git-fixes). - leds: pwm: Fix error code in led_pwm_create_fwnode() (git-fixes). - leds: trigger: tty: Do not use LED_ON/OFF constants, use led_blink_set_oneshot instead (git-fixes). - leds: turris-omnia: Drop unnecessary mutex locking (git-fixes). - lib/test_meminit: allocate pages up to order MAX_ORDER (git-fixes). - lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test (git-fixes). - libbpf: Fix BTF-to-C converter's padding logic (bsc#1211220 jsc#PED-3924). - libbpf: Fix btf_dump's packed struct determination (bsc#1211220 jsc#PED-3924). - libbpf: Fix single-line struct definition output in btf_dump (bsc#1211220 jsc#PED-3924). - libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393). - md/raid0: Factor out helper for mapping and submitting a bio (bsc#1213916). - md/raid0: Fix performance regression for large sequential writes (bsc#1213916). - media: ad5820: Drop unsupported ad5823 from i2c_ and of_device_id tables (git-fixes). - media: cx24120: Add retval check for cx24120_message_send() (git-fixes). - media: dib7000p: Fix potential division by zero (git-fixes). - media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() (git-fixes). - media: go7007: Remove redundant if statement (git-fixes). - media: i2c: ccs: Check rules is non-NULL (git-fixes). - media: i2c: rdacm21: Fix uninitialized value (git-fixes). - media: i2c: tvp5150: check return value of devm_kasprintf() (git-fixes). - media: ov2680: Add ov2680_fill_format() helper function (git-fixes). - media: ov2680: Do not take the lock for try_fmt calls (git-fixes). - media: ov2680: Fix ov2680_bayer_order() (git-fixes). - media: ov2680: Fix ov2680_set_fmt() which == V4L2_SUBDEV_FORMAT_TRY not working (git-fixes). - media: ov2680: Fix regulators being left enabled on ov2680_power_on() errors (git-fixes). - media: ov2680: Fix vflip / hflip set functions (git-fixes). - media: ov2680: Remove VIDEO_V4L2_SUBDEV_API ifdef-s (git-fixes). - media: ov5640: Enable MIPI interface in ov5640_set_power_mipi() (git-fixes). - media: rkvdec: increase max supported height for H.264 (git-fixes). - media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link() (git-fixes). - media: v4l2-mem2mem: add lock to protect parameter num_rdy (git-fixes). - media: venus: hfi_venus: Only consider sys_idle_indicator on V1 (git-fixes). - media: venus: hfi_venus: Write to VIDC_CTRL_INIT after unmasking interrupts (git-fixes). - misc: rtsx: judge ASPM Mode to set PETXCFG Reg (git-fixes). - mkspec: Allow unsupported KMPs (bsc#1214386) - mlxsw: pci: Add shutdown method in PCI driver (git-fixes). - mmc: block: Fix in_flight[issue_type] value error (git-fixes). - mmc: moxart: read scr register without changing byte order (git-fixes). - mmc: wbsd: fix double mmc_free_host() in wbsd_init() (git-fixes). - module: avoid allocation if module is already present and ready (bsc#1213921). - module: extract patient module check into helper (bsc#1213921). - module: move check_modinfo() early to early_mod_check() (bsc#1213921). - module: move early sanity checks into a helper (bsc#1213921). - mtd: rawnand: brcmnand: Fix crash during the panic_write (git-fixes). - mtd: rawnand: brcmnand: Fix mtd oobsize (git-fixes). - mtd: rawnand: brcmnand: Fix potential false time out warning (git-fixes). - mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write (git-fixes). - mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op() (git-fixes). - mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() (git-fixes). - mtd: rawnand: omap_elm: Fix incorrect type in assignment (git-fixes). - mtd: rawnand: rockchip: Align hwecc vs. raw page helper layouts (git-fixes). - mtd: rawnand: rockchip: fix oobfree offset and description (git-fixes). - mtd: spi-nor: Check bus width while setting QE bit (git-fixes). - mtd: spinand: toshiba: Fix ecc_get_status (git-fixes). - n_tty: Rename tail to old_tail in n_tty_read() (git-fixes). - net: hns3: fix wrong bw weight of disabled tc issue (git-fixes). - net: ieee802154: at86rf230: Stop leaking skb's (git-fixes). - net: mana: Fix MANA VF unload when hardware is unresponsive (git-fixes). - net: phy: at803x: remove set/get wol callbacks for AR8032 (git-fixes). - net: phy: broadcom: stub c45 read/write for 54810 (git-fixes). - net: phy: fix IRQ-based wake-on-lan over hibernate / power off (git-fixes). - net: stmmac: tegra: Properly allocate clock bulk data (bsc#1213733) - net: usb: lan78xx: reorder cleanup operations to avoid UAF bugs (git-fixes). - net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb (git-fixes). - netfs: Fix lockdep warning from taking sb_writers whilst holding mmap_lock (bsc#1214742). - netfs: Fix missing xas_retry() calls in xarray iteration (bsc#1213946 bsc#1214404). - netfs: Fix missing xas_retry() calls in xarray iteration (bsc#1213946). - netfs: fix parameter of cleanup() (bsc#1214743). - nfsd: Remove incorrect check in nfsd4_validate_stateid (git-fixes). - nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse (git-fixes). - nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (git-fixes). - nvme-rdma: fix potential unbalanced freeze & unfreeze (bsc#1208902). - nvme-tcp: fix potential unbalanced freeze & unfreeze (bsc#1208902). - objtool/x86: Fix SRSO mess (git-fixes). - objtool/x86: Fixup frame-pointer vs rethunk (git-fixes). - objtool: Union instruction::{call_dest,jump_table} (git-fixes). - old-flavors: Drop 2.6 kernels. 2.6 based kernels are EOL, upgrading from them is no longer suported. - pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() (git-fixes). - phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write (git-fixes). - phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate (git-fixes). - phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 (git-fixes). - phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend (git-fixes). - phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes). - phy: qcom-snps: Use dev_err_probe() to simplify code (git-fixes). - phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc (git-fixes). - pinctrl: amd: Mask wake bits on probe again (git-fixes). - pinctrl: amd: Revert 'pinctrl: amd: disable and mask interrupts on probe' (git-fixes). - pinctrl: cherryview: fix address_space_handler() argument (git-fixes). - pinctrl: mcp23s08: check return value of devm_kasprintf() (git-fixes). - pinctrl: renesas: rza2: Add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function} (git-fixes). - platform/x86: dell-sysman: Fix reference leak (git-fixes). - powerpc/64e: Fix kexec build error (bsc#1212091 ltc#199106). - powerpc/iommu: Fix iommu_table_in_use for a small default DMA window case (bsc#1212091 ltc#199106). - powerpc/iommu: Incorrect DDW Table is referenced for SR-IOV device (bsc#1212091 ltc#199106). - powerpc/iommu: TCEs are incorrectly manipulated with DLPAR add/remove of memory (bsc#1212091 ltc#199106). - powerpc/iommu: do not set failed sg dma_address to DMA_MAPPING_ERROR (bsc#1212091 ltc#199106). - powerpc/iommu: return error code from .map_sg() ops (bsc#1212091 ltc#199106). - powerpc/kernel/iommu: Add new iommu_table_in_use() helper (bsc#1212091 ltc#199106). - powerpc/kexec: Fix build failure from uninitialised variable (bsc#1212091 ltc#199106). - powerpc/mm/altmap: Fix altmap boundary check (bsc#1120059 git-fixes). - powerpc/pseries/ddw: Do not try direct mapping with persistent memory and one window (bsc#1212091 ltc#199106). - powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Add ddw_list_new_entry() helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Add ddw_property_create() and refactor enable_ddw() (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Add iommu_pseries_alloc_table() helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Add of_node_put() before break (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Allow DDW windows starting at 0x00 (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Check if the default window in use before removing it (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Create huge DMA window if no MMIO32 is present (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Find existing DDW with given property name (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Make use of DDW for indirect mapping (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Print ibm,query-pe-dma-windows parameters (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Rename 'direct window' to 'dma window' (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Reorganize iommu_table_setparms*() with new helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Replace hard-coded page shift (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Update remove_dma_window() to accept property name (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Use correct vfree for it_map (bsc#1212091 ltc#199106). - powerpc/pseries: Add __init attribute to eligible functions (bsc#1212091 ltc#199106). - powerpc/pseries: Honour current SMT state when DLPAR onlining CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - powerpc/pseries: Initialise CPU hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - powerpc/rtas: block error injection when locked down (bsc#1023051). - powerpc/rtas: enture rtas_call is called with MMU enabled (bsc#1023051). - powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051). - powerpc/rtas_flash: allow user copy to flash block cache objects (bsc#1194869). - powerpc/security: Fix Speculation_Store_Bypass reporting on Power10 (bsc#1188885 ltc#193722 git-fixes). - powerpc: Add HOTPLUG_SMT support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). Update config files. - powerpc: Move DMA64_PROPNAME define to a header (bsc#1214297 ltc#197503). - powerpc: fix typos in comments (bsc#1212091 ltc#199106). - pseries/iommu/ddw: Fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503). - pstore/ram: Check start of empty przs during init (git-fixes). - pwm: Add a stub for devm_pwmchip_add() (git-fixes). - pwm: meson: Simplify duplicated per-channel tracking (git-fixes). - pwm: meson: fix handling of period/duty if greater than UINT_MAX (git-fixes). - qed: Fix scheduling in a tasklet while getting stats (git-fixes). - regmap: rbtree: Use alloc_flags for memory allocations (git-fixes). - ring-buffer: Do not swap cpu_buffer during resize process (git-fixes). - ring-buffer: Fix deadloop issue on reading trace_pipe (git-fixes). - ring-buffer: Fix wrong stat of cpu_buffer->read (git-fixes). - rpm/mkspec-dtb: support for nested subdirs - rpmsg: glink: Add check for kstrdup (git-fixes). - s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976). - s390/purgatory: disable branch profiling (git-fixes bsc#1214372). - s390/zcrypt: fix reply buffer calculations for CCA replies (bsc#1213949). - sched/fair: Fix inaccurate tally of ttwu_move_affine (git fixes). - sched/fair: Use recent_used_cpu to test p->cpus_ptr (git fixes). - sched/psi: use kernfs polling functions for PSI trigger polling (bsc#1209799). - scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes). - scsi: 53c700: Check that command slot is not NULL (git-fixes). - scsi: RDMA/srp: Fix residual handling (git-fixes) - scsi: bsg: Increase number of devices (bsc#1210048). - scsi: core: Do not wait for quiesce in scsi_device_block() (bsc#1209284). - scsi: core: Do not wait for quiesce in scsi_stop_queue() (bsc#1209284). - scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes). - scsi: core: Fix possible memory leak if device_add() fails (git-fixes). - scsi: core: Improve warning message in scsi_device_block() (bsc#1209284). - scsi: core: Merge scsi_internal_device_block() and device_block() (bsc#1209284). - scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes). - scsi: qedf: Fix NULL dereference in error handling (git-fixes). - scsi: qedf: Fix firmware halt over suspend and resume (git-fixes). - scsi: qedi: Fix firmware halt over suspend and resume (git-fixes). - scsi: scsi_debug: Remove dead code (git-fixes). - scsi: sg: Increase number of devices (bsc#1210048). - scsi: snic: Fix double free in snic_tgt_create() (git-fixes). - scsi: snic: Fix possible memory leak if device_add() fails (git-fixes). - scsi: storvsc: Always set no_report_opcodes (git-fixes). - scsi: storvsc: Fix handling of virtual Fibre Channel timeouts (git-fixes). - scsi: storvsc: Handle SRB status value 0x30 (git-fixes). - scsi: storvsc: Limit max_sectors for virtual Fibre Channel devices (git-fixes). - scsi: zfcp: Defer fc_rport blocking until after ADISC response (git-fixes bsc#1214371). - selftests/bpf: Test btf dump for struct with padding only fields (bsc#1211220 jsc#PED-3924). - selftests/futex: Order calls to futex_lock_pi (git-fixes). - selftests/harness: Actually report SKIP for signal tests (git-fixes). - selftests/resctrl: Close perf value read fd on errors (git-fixes). - selftests/resctrl: Do not leak buffer in fill_cache() (git-fixes). - selftests/resctrl: Unmount resctrl FS if child fails to run benchmark (git-fixes). - selftests/rseq: check if libc rseq support is registered (git-fixes). - selftests: forwarding: Add a helper to skip test when using veth pairs (git-fixes). - selftests: forwarding: Skip test when no interfaces are specified (git-fixes). - selftests: forwarding: Switch off timeout (git-fixes). - selftests: forwarding: ethtool: Skip when using veth pairs (git-fixes). - selftests: forwarding: ethtool_extended_state: Skip when using veth pairs (git-fixes). - selftests: forwarding: tc_actions: Use ncat instead of nc (git-fixes). - selftests: forwarding: tc_actions: cleanup temporary files when test is aborted (git-fixes). - selftests: forwarding: tc_flower: Relax success criterion (git-fixes). - selftests: mirror_gre_changes: Tighten up the TTL test match (git-fixes). - serial: sc16is7xx: fix broken port 0 uart init (git-fixes). - serial: sc16is7xx: fix bug when first setting GPIO direction (git-fixes). - serial: sprd: Assign sprd_port after initialized to avoid wrong access (git-fixes). - serial: sprd: Fix DMA buffer leak issue (git-fixes). - serial: tegra: handle clk prepare error in tegra_uart_hw_init() (git-fixes). - sfc: fix crash when reading stats while NIC is resetting (git-fixes). - smb3: do not set NTLMSSP_VERSION flag for negotiate not auth request (bsc#1193629). - smb: client: Fix -Wstringop-overflow issues (bsc#1193629). - smb: client: fix dfs link mount against w2k8 (bsc#1212142). - smb: client: fix null auth (git-fixes). - soc: aspeed: socinfo: Add kfree for kstrdup (git-fixes). - soundwire: bus: pm_runtime_request_resume on peripheral attachment (git-fixes). - soundwire: fix enumeration completion (git-fixes). - spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (git-fixes). - supported.conf: fix typos for -!optional markers - swiotlb: Remove bounce buffer remapping for Hyper-V (bsc#1206453). - target: compare and write backend driver sense handling (bsc#1177719 bsc#1213026). - target_core_rbd: fix leak and reduce kmalloc calls (bsc#1212873). - target_core_rbd: fix rbd_img_request.snap_id assignment (bsc#1212857). - target_core_rbd: remove snapshot existence validation code (bsc#1212857). - thunderbolt: Read retimer NVM authentication status prior tb_retimer_set_inbound_sbtx() (git-fixes). - timers: Add shutdown mechanism to the internal functions (bsc#1213970). - timers: Provide timer_shutdown[_sync]() (bsc#1213970). - timers: Rename del_timer() to timer_delete() (bsc#1213970). - timers: Rename del_timer_sync() to timer_delete_sync() (bsc#1213970). - timers: Replace BUG_ON()s (bsc#1213970). - timers: Silently ignore timers with a NULL function (bsc#1213970). - timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970). - timers: Update kernel-doc for various functions (bsc#1213970). - timers: Use del_timer_sync() even on UP (bsc#1213970). - tracing/histograms: Add histograms to hist_vars if they have referenced variables (git-fixes). - tracing/histograms: Return an error if we fail to add histogram to hist_vars list (git-fixes). - tracing/probes: Fix not to count error code to total length (git-fixes). - tracing/probes: Fix to avoid double count of the string length on the array (git-fixes). - tracing/probes: Fix to record 0-length data_loc in fetch_store_string*() if fails (git-fixes). - tracing/probes: Fix to update dynamic data counter if fetcharg uses it (git-fixes). - tracing: Fix cpu buffers unavailable due to 'record_disabled' missed (git-fixes). - tracing: Fix memleak due to race between current_tracer and trace (git-fixes). - tracing: Fix memory leak of iter->temp when reading trace_pipe (git-fixes). - tracing: Fix null pointer dereference in tracing_err_log_open() (git-fixes). - tracing: Fix warning in trace_buffered_event_disable() (git-fixes). - tty: fix hang on tty device with no_room set (git-fixes). - tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux (git-fixes). - tty: serial: fsl_lpuart: Add i.MXRT1050 support (git-fixes). - tty: serial: fsl_lpuart: Clear the error flags by writing 1 for lpuart32 platforms (git-fixes). - tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms (git-fixes). - tty: serial: fsl_lpuart: reduce RX watermark to 0 on LS1028A (git-fixes). - ubifs: Fix memleak when insert_old_idx() failed (git-fixes). - usb-storage: alauda: Fix uninit-value in alauda_check_media() (git-fixes). - usb: chipidea: imx: add missing USB PHY DPDM wakeup setting (git-fixes). - usb: chipidea: imx: do not request QoS for imx8ulp (git-fixes). - usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 (git-fixes). - usb: common: usb-conn-gpio: Prevent bailing out if initial role is none (git-fixes). - usb: dwc3: Fix typos in gadget.c (git-fixes). - usb: dwc3: Properly handle processing of pending events (git-fixes). - usb: dwc3: meson-g12a: do post init to fix broken usb after resumption (git-fixes). - usb: gadget: Fix the memory leak in raw_gadget driver (git-fixes). - usb: gadget: f_mass_storage: Fix unused variable warning (git-fixes). - usb: gadget: u_serial: Avoid spinlock recursion in __gs_console_push (git-fixes). - usb: ohci-at91: Fix the unhandle interrupt when resume (git-fixes). - usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (git-fixes). - usb: quirks: add quirk for Focusrite Scarlett (git-fixes). - usb: serial: option: add Quectel EC200A module support (git-fixes). - usb: serial: option: support Quectel EM060K_128 (git-fixes). - usb: serial: simple: add Kaufmann RKS+CAN VCP (git-fixes). - usb: serial: simple: sort driver entries (git-fixes). - usb: typec: altmodes/displayport: Signal hpd when configuring pin assignment (git-fixes). - usb: typec: tcpm: Fix response to vsafe0V event (git-fixes). - usb: typec: tcpm: set initial svdm version based on pd revision (git-fixes). - usb: zaurus: Add ID for A-300/B-500/C-700 (git-fixes). - watchdog: sp5100_tco: support Hygon FCH/SCH (Server Controller Hub) (git-fixes). - wifi: ath10k: Use RMW accessors for changing LNKCTL (git-fixes). - wifi: ath11k: Use RMW accessors for changing LNKCTL (git-fixes). - wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx (git-fixes). - wifi: ath9k: protect WMI command response buffer replacement with a lock (git-fixes). - wifi: ath9k: use IS_ERR() with debugfs_create_dir() (git-fixes). - wifi: cfg80211: Fix return value in scan logic (git-fixes). - wifi: cfg80211: fix sband iftype data lookup for AP_VLAN (git-fixes). - wifi: mt76: mt7615: do not advertise 5 GHz on first phy of MT7615D (DBDC) (git-fixes). - wifi: mt76: mt7915: fix power-limits while chan_switch (git-fixes). - wifi: mt76: mt7921: do not support one stream on secondary antenna only (git-fixes). - wifi: mt76: mt7921: fix non-PSC channel scan fail (git-fixes). - wifi: mt76: testmode: add nla_policy for MT76_TM_ATTR_TX_LENGTH (git-fixes). - wifi: mwifiex: Fix OOB and integer underflow when rx packets (git-fixes). - wifi: mwifiex: Fix missed return in oob checks failed path (git-fixes). - wifi: mwifiex: avoid possible NULL skb pointer dereference (git-fixes). - wifi: mwifiex: fix error recovery in PCIE buffer descriptor management (git-fixes). - wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (git-fixes). - wifi: nl80211/cfg80211: add forgotten nla_policy for BSS color attribute (git-fixes). - wifi: radiotap: fix kernel-doc notation warnings (git-fixes). - wifi: rtw89: debug: Fix error handling in rtw89_debug_priv_btc_manual_set() (git-fixes). - x86/CPU/AMD: Disable XSAVES on AMD family 0x17 (git-fixes). - x86/alternative: Make custom return thunk unconditional (git-fixes). - x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes). - x86/cpu: Clean up SRSO return thunk mess (git-fixes). - x86/cpu: Cleanup the untrain mess (git-fixes). - x86/cpu: Fix __x86_return_thunk symbol type (git-fixes). - x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (git-fixes). - x86/cpu: Rename original retbleed methods (git-fixes). - x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (git-fixes). - x86/hyperv: Add an interface to do nested hypercalls (bsc#1206453). - x86/hyperv: Add support for detecting nested hypervisor (bsc#1206453). - x86/hyperv: Change vTOM handling to use standard coco mechanisms (bsc#1206453). - x86/hyperv: Remove BUG_ON() for kmap_local_page() (bsc#1206453). - x86/hyperv: Reorder code to facilitate future work (bsc#1206453). - x86/hyperv: Replace kmap() with kmap_local_page() (bsc#1206453). - x86/ioremap: Add hypervisor callback for private MMIO mapping in coco (bsc#1206453). - x86/mce: Make sure logged MCEs are processed after sysfs update (git-fixes). - x86/mm: Handle decryption/re-encryption of bss_decrypted consistently (bsc#1206453). - x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (git-fixes). - x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (git-fixes). - x86/retpoline: Do not clobber RFLAGS during srso_safe_ret() (git-fixes). - x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635). - x86/speculation: Add cpu_show_gds() prototype (git-fixes). - x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes). - x86/srso: Correct the mitigation status when SMT is disabled (git-fixes). - x86/srso: Disable the mitigation on unaffected configurations (git-fixes). - x86/srso: Explain the untraining sequences a bit more (git-fixes). - x86/srso: Fix build breakage with the LLVM linker (git-fixes). - x86/srso: Fix return thunks in generated code (git-fixes). - x86/static_call: Fix __static_call_fixup() (git-fixes). - x86/tdx: Add more registers to struct tdx_hypercall_args (bsc#1206453). - x86/tdx: Do not corrupt frame-pointer in __tdx_hypercall() (bsc#1206453). - x86/tdx: Expand __tdx_hypercall() to handle more arguments (bsc#1206453). - x86/tdx: Fix typo in comment in __tdx_hypercall() (bsc#1206453). - x86/tdx: Refactor __tdx_hypercall() to allow pass down more arguments (bsc#1206453). - xfs: fix sb write verify for lazysbcount (bsc#1214661). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3973-1 Released: Thu Oct 5 10:14:49 2023 Summary: Recommended update for zypper Type: recommended Severity: moderate References: 1213854,1214292,1214395,1215007 This update for zypper fixes the following issues: - Fix name of the bash completion script (bsc#1215007) - Update notes about failing signature checks (bsc#1214395) - Improve the SIGINT handler to be signal safe (bsc#1214292) - Update to version 1.14.64 - Changed location of bash completion script (bsc#1213854). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3978-1 Released: Thu Oct 5 11:45:05 2023 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1157881,1200710,1209859,1212594 This update for nfs-utils fixes the following issues: - SLE15-SP5 and earlier don't use /usr/lib/modprobe.d (bsc#1200710) - Avoid unhelpful warnings (bsc#1157881) - Fix rpc.nfsd man pages (bsc#1209859) - Cope better with duplicate entries in /etc/exports (bsc#1212594) - Allow scope to be set in sysconfig: NFSD_SCOPE ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3985-1 Released: Thu Oct 5 14:05:51 2023 Summary: Recommended update for suse-module-tools Type: recommended Severity: important References: 1201066,1212957,1213428,1213822 This update for suse-module-tools fixes the following issues: - Update to version 15.5.2: * rpm-script: update bootloader after creating initramfs (bsc#1213822) * rpm-script: generate initrd when INITRD_IN_POSTTRANS is set (bsc#1212957) * cert-script: skip cert handling if efivarfs is not writable (bsc#1213428, bsc#1201066) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4003-1 Released: Mon Oct 9 08:29:33 2023 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1215596 This update for apparmor fixes the following issues: - Handle pam-config errors in pam_apparmor %post and %postun scripts (bsc#1215596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4046-1 Released: Wed Oct 11 09:26:03 2023 Summary: Security update for samba Type: security Severity: important References: 1215904,1215905,1215906,1215907,1215908,CVE-2023-3961,CVE-2023-4091,CVE-2023-4154,CVE-2023-42669,CVE-2023-42670 This update for samba fixes the following issues: - CVE-2023-4091: Fixed a bug where a client can truncate file with read-only permissions. (bsc#1215904) - CVE-2023-42669: Fixed a bug in 'rpcecho' development server which allows Denial of Service via sleep() call on AD DC. (bsc#1215905) - CVE-2023-42670: Fixed the procedure number which was out of range when starting Active Directory Users and Computers. (bsc#1215906) - CVE-2023-3961: Fixed an unsanitized client pipe name passed to local_np_connect(). (bsc#1215907) - CVE-2023-4154: Fixed a bug in dirsync which allows SYSTEM access with only 'GUID_DRS_GET_CHANGES' right. (bsc#1215908) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4054-1 Released: Thu Oct 12 09:49:39 2023 Summary: Security update for xen Type: security Severity: important References: 1215744,1215746,1215747,1215748,CVE-2023-34323,CVE-2023-34325,CVE-2023-34326,CVE-2023-34327,CVE-2023-34328 This update for xen fixes the following issues: - CVE-2023-34323: A transaction conflict can crash C Xenstored (XSA-440, bsc#1215744) - CVE-2023-34326: Missing IOMMU TLB flushing (XSA-442, bsc#1215746) - CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling (XSA-443, bsc#1215747) - CVE-2023-34327: Debug Mask handling (XSA-444, bsc#1215748) - CVE-2023-34328: Debug Mask handling (XSA-444, bsc#1215748) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4071-1 Released: Fri Oct 13 10:29:55 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1152472,1202845,1206453,1213808,1214928,1214942,1214943,1214944,1214950,1214951,1214954,1214957,1214986,1214988,1214992,1214993,1215322,1215877,1215894,1215895,1215896,1215911,1215915,1215916,CVE-2023-1192,CVE-2023-1206,CVE-2023-1859,CVE-2023-2177,CVE-2023-39192,CVE-2023-39193,CVE-2023-39194,CVE-2023-4155,CVE-2023-42753,CVE-2023-42754,CVE-2023-4389,CVE-2023-4622,CVE-2023-4623,CVE-2023-4881,CVE-2023-4921,CVE-2023-5345 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-39194: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215861) - CVE-2023-39193: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215860) - CVE-2023-39192: Fixed a flaw in the u32_match_it function which could allow a local attackers to disclose sensitive information. (bsc#1215858) - CVE-2023-42754: Fixed a null pointer dereference in ipv4_link_failure which could lead an authenticated attacker to trigger a DoS. (bsc#1215467) - CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215899) - CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages. (bsc#1214022) - CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351). - CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150). - CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703). - CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275). - CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117). - CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). - CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169). - CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). - CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system (bsc#1210643). - CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995). The following non-security bugs were fixed: - ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs (git-fixes). - ALSA: hda/realtek: Splitting the UX3402 into two separate models (git-fixes). - ARM: pxa: remove use of symbol_get() (git-fixes). - arm64: csum: Fix OoB access in IP checksum code for negative lengths (git-fixes). - arm64: module-plts: inline linux/moduleloader.h (git-fixes) - arm64: module: Use module_init_layout_section() to spot init sections (git-fixes) - arm64: sdei: abort running SDEI handlers during crash (git-fixes) - arm64: tegra: Update AHUB clock parent and rate (git-fixes) - arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git-fixes) - arm64/hyperv: Use CPUHP_AP_HYPERV_ONLINE state to fix CPU online sequencing (bsc#1206453). - ASoC: amd: yc: Fix non-functional mic on Lenovo 82QF and 82UG (git-fixes). - ASoC: hdaudio.c: Add missing check for devm_kstrdup (git-fixes). - ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes). - ASoC: meson: spdifin: start hw on dai probe (git-fixes). - ASoC: rt5640: Fix IRQ not being free-ed for HDA jack detect mode (git-fixes). - ASoC: rt5640: Fix sleep in atomic context (git-fixes). - ASoC: rt5640: Revert 'Fix sleep in atomic context' (git-fixes). - ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes). - ASoC: SOF: core: Only call sof_ops_free() on remove if the probe was successful (git-fixes). - ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes). - ata: libata: disallow dev-initiated LPM transitions to unsupported states (git-fixes). - ata: pata_falcon: fix IO base selection for Q40 (git-fixes). - ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes). - ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes). - backlight: gpio_backlight: Drop output GPIO direction check for initial power state (git-fixes). - blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986). - blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992). - block/mq-deadline: use correct way to throttling write requests (bsc#1214993). - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (git-fixes). - bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322). - bpf: Clear the probe_addr for uprobe (git-fixes). - btrfs: do not hold CPU for too long when defragging a file (bsc#1214988). - clocksource: hyper-v: Mark hyperv tsc page unencrypted in sev-snp enlightened guest (bsc#1206453). - drivers: hv: Mark percpu hvcall input arg page unencrypted in SEV-SNP enlightened guest (bsc#1206453). - Drivers: hv: vmbus: Bring the post_msg_page back for TDX VMs with the paravisor (bsc#1206453). - Drivers: hv: vmbus: Support >64 VPs for a fully enlightened TDX/SNP VM (bsc#1206453). - Drivers: hv: vmbus: Support fully enlightened TDX guests (bsc#1206453). - drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (git-fixes). - drm/amd/display: Add smu write msg id fail retry process (git-fixes). - drm/amd/display: enable cursor degamma for DCN3+ DRM legacy gamma (git-fixes). - drm/amd/display: fix the white screen issue when >= 64GB DRAM (git-fixes). - drm/amd/display: prevent potential division by zero errors (git-fixes). - drm/amd/display: register edp_backlight_control() for DCN301 (git-fixes). - drm/amd/display: Remove wait while locked (git-fixes). - drm/ast: Add BMC virtual connector (bsc#1152472) Backporting changes: * rename ast_device to ast_private - drm/ast: report connection status on Display Port. (bsc#1152472) Backporting changes: * rename ast_device to ast_private * context changes - drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808). - drm/i915: mark requests for GuC virtual engines to avoid use-after-free (git-fixes). - drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (git-fixes). - drm/i915/gvt: Put the page reference obtained by KVM's gfn_to_pfn() (git-fixes). - drm/i915/gvt: Verify pfn is 'valid' before dereferencing 'struct page' (git-fixes). - drm/meson: fix memory leak on ->hpd_notify callback (git-fixes). - drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes). - drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes). - ext4: avoid potential data overflow in next_linear_group (bsc#1214951). - ext4: correct inline offset when handling xattrs in inode body (bsc#1214950). - ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954). - ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943). - ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944). - ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942). - ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941). - ext4: Remove ext4 locking of moved directory (bsc#1214957). - ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940). - fs: do not update freeing inode i_io_list (bsc#1214813). - fs: Establish locking order for unrelated directories (bsc#1214958). - fs: Lock moved directories (bsc#1214959). - fs: lockd: avoid possible wrong NULL parameter (git-fixes). - fs: no need to check source (bsc#1215752). - fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE (bsc#1214813). - fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581). - gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479). - gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479). - gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479). - gve: Changes to add new TX queues (bsc#1214479). - gve: Control path for DQO-QPL (bsc#1214479). - gve: fix frag_list chaining (bsc#1214479). - gve: Fix gve interrupt names (bsc#1214479). - gve: RX path for DQO-QPL (bsc#1214479). - gve: trivial spell fix Recive to Receive (bsc#1214479). - gve: Tx path for DQO-QPL (bsc#1214479). - gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479). - gve: use vmalloc_array and vcalloc (bsc#1214479). - gve: XDP support GQI-QPL: helper function changes (bsc#1214479). - hwrng: virtio - add an internal buffer (git-fixes). - hwrng: virtio - always add a pending request (git-fixes). - hwrng: virtio - do not wait on cleanup (git-fixes). - hwrng: virtio - do not waste entropy (git-fixes). - hwrng: virtio - Fix race on data_avail and actual data (git-fixes). - i2c: aspeed: Reset the i2c controller when timeout occurs (git-fixes). - i3c: master: svc: fix probe failure when no i3c device exist (git-fixes). - i915/pmu: Move execlist stats initialization to execlist specific setup (git-fixes). - idr: fix param name in idr_alloc_cyclic() doc (git-fixes). - Input: tca6416-keypad - fix interrupt enable disbalance (git-fixes). - iommu/virtio: Detach domain on endpoint release (git-fixes). - iommu/virtio: Return size mapped for a detached domain (git-fixes). - jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953). - jbd2: correct the end of the journal recovery scan range (bsc#1214955). - jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949). - jbd2: fix checkpoint cleanup performance regression (bsc#1214952). - jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948). - jbd2: recheck chechpointing non-dirty buffer (bsc#1214945). - jbd2: remove journal_clean_one_cp_list() (bsc#1214947). - jbd2: remove t_checkpoint_io_list (bsc#1214946). - jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946). - kabi: hide changes in enum ipl_type and struct sclp_info (jsc#PED-2023 jsc#PED-2025). - kabi/severities: ignore mlx4 internal symbols - kconfig: fix possible buffer overflow (git-fixes). - kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template. - kernel-binary: python3 is needed for build At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar scripts may exist. - kselftest/runner.sh: Propagate SIGTERM to runner child (git-fixes). - KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915). - KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896). - KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916). - KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894). - KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895). - KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911). - KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-fixes). - KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes). - KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes). - KVM: x86/mmu: Include mmu.h in spte.h (git-fixes). - loop: Fix use-after-free issues (bsc#1214991). - loop: loop_set_status_from_info() check before assignment (bsc#1214990). - mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (bsc#1187236). - mlx4: Connect the ethernet part to the auxiliary bus (bsc#1187236). - mlx4: Connect the infiniband part to the auxiliary bus (bsc#1187236). - mlx4: Delete custom device management logic (bsc#1187236). - mlx4: Get rid of the mlx4_interface.activate callback (bsc#1187236). - mlx4: Get rid of the mlx4_interface.get_dev callback (bsc#1187236). - mlx4: Move the bond work to the core driver (bsc#1187236). - mlx4: Register mlx4 devices to an auxiliary virtual bus (bsc#1187236). - mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236). - mlx4: Replace the mlx4_interface.event callback with a notifier (bsc#1187236). - mlx4: Use 'void *' as the event param of mlx4_dispatch_event() (bsc#1187236). - module: Expose module_init_layout_section() (git-fixes) - net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes). - net: mana: Add page pool for RX buffers (bsc#1214040). - net: mana: Configure hwc timeout from hardware (bsc#1214037). - net: phy: micrel: Correct bit assignments for phy_device flags (git-fixes). - net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes). - net/mlx4: Remove many unnecessary NULL values (bsc#1187236). - NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git-fixes). - NFS/blocklayout: Use the passed in gfp flags (git-fixes). - NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes). - NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes). - NFSD: fix change_info in NFSv4 RENAME replies (git-fixes). - NFSD: Fix race to FREE_STATEID and cl_revoked (git-fixes). - NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes). - NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes). - NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes). - NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes). - NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes). - ntb: Clean up tx tail index on link down (git-fixes). - ntb: Drop packets when qp link is down (git-fixes). - ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes). - nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543). - nvme-tcp: add recovery_delay to sysfs (bsc#1201284). - nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284). - nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284). - nvme-tcp: make 'err_work' a delayed work (bsc#1201284). - PCI: Free released resource after coalescing (git-fixes). - platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (git-fixes). - platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (git-fixes). - platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes). - platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors (git-fixes). - platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git-fixes). - platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes). - platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes). - platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes). - pNFS: Fix assignment of xprtdata.cred (git-fixes). - powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582). - powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729). - powerpc/xics: Remove unnecessary endian conversion (bsc#1065729). - printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875). - pwm: lpc32xx: Remove handling of PWM channels (git-fixes). - quota: add new helper dquot_active() (bsc#1214998). - quota: factor out dquot_write_dquot() (bsc#1214995). - quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963). - quota: fix warning in dqgrab() (bsc#1214962). - quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961). - quota: rename dquot_active() to inode_quota_active() (bsc#1214997). - RDMA/siw: Fabricate a GID on tun and loopback devices (git-fixes) - s390/dasd: fix command reject error on ESE devices (LTC#203630 bsc#1215123 git-fixes). - s390/dasd: fix hanging device after request requeue (git-fixes LTC#203629 bsc#1215124). - s390/ipl: add DEFINE_GENERIC_LOADPARM() (jsc#PED-2023). - s390/ipl: add eckd dump support (jsc#PED-2025). - s390/ipl: add eckd support (jsc#PED-2023). - s390/ipl: add loadparm parameter to eckd ipl/reipl data (jsc#PED-2023). - s390/ipl: use octal values instead of S_* macros (jsc#PED-2023). - s390/qeth: Do not call dev_close/dev_open (DOWN/UP) (bsc#1214873 git-fixes). - s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215148). - scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes). - scsi: 53c700: Check that command slot is not NULL (git-fixes). - scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes). - scsi: core: Fix possible memory leak if device_add() fails (git-fixes). - scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes). - scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE (git-fixes). - scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes). - scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes). - scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (git-fixes). - scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes). - scsi: lpfc: Remove reftag check in DIF paths (git-fixes). - scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658). - scsi: qedf: Fix firmware halt over suspend and resume (git-fixes). - scsi: qedf: Fix NULL dereference in error handling (git-fixes). - scsi: qedi: Fix firmware halt over suspend and resume (git-fixes). - scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928). - scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928). - scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928). - scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928). - scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes). - scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928). - scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928). - scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928). - scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928). - scsi: qla2xxx: Remove unused declarations (bsc#1214928). - scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928). - scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928). - scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes). - scsi: scsi_debug: Remove dead code (git-fixes). - scsi: snic: Fix double free in snic_tgt_create() (git-fixes). - scsi: snic: Fix possible memory leak if device_add() fails (git-fixes). - scsi: storvsc: Handle additional SRB status values (git-fixes). - scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941). - selftests: mlxsw: Fix test failure on Spectrum-4 (jsc#PED-1549). - selftests: tracing: Fix to unmount tracefs for recovering environment (git-fixes). - spi: Add TPM HW flow flag (bsc#1213534) - spi: tegra210-quad: Enable TPM wait polling (bsc#1213534) - spi: tegra210-quad: set half duplex flag (bsc#1213534) - SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes). - tcpm: Avoid soft reset when partner does not support get_status (git-fixes). - tpm_tis_spi: Add hardware wait polling (bsc#1213534) - tracing: Fix race issue between cpu buffer write and swap (git-fixes). - tracing: Remove extra space at the end of hwlat_detector/mode (git-fixes). - tracing: Remove unnecessary copying of tr->current_trace (git-fixes). - uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes). - udf: Fix extension of the last extent in the file (bsc#1214964). - udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965). - udf: Fix off-by-one error when discarding preallocation (bsc#1214966). - udf: Fix uninitialized array access for some pathnames (bsc#1214967). - Update metadata - uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes). - usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes). - usb: ehci: move new member has_ci_pec_bug into hole (git-fixes). - usb: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes). - usb: serial: option: add Quectel EM05G variant (0x030e) (git-fixes). - usb: typec: tcpci: clear the fault status bit (git-fixes). - usb: typec: tcpci: move tcpci.h to include/linux/usb/ (git-fixes). - vhost_vdpa: fix the crash in unmap a large memory (git-fixes). - vhost-scsi: unbreak any layout for response (git-fixes). - vhost: allow batching hint without size (git-fixes). - vhost: allow batching hint without size (git-fixes). - vhost: fix hung thread due to erroneous iotlb entries (git-fixes). - vhost: handle error while adding split ranges to iotlb (git-fixes). - virtio_net: add checking sq is full inside xdp xmit (git-fixes). - virtio_net: Fix probe failed when modprobe virtio_net (git-fixes). - virtio_net: reorder some funcs (git-fixes). - virtio_net: separate the logic of checking whether sq is full (git-fixes). - virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes). - virtio-blk: set req->state to MQ_RQ_COMPLETE after polling I/O is finished (git-fixes). - virtio-mmio: do not break lifecycle of vm_dev (git-fixes). - virtio-net: fix race between set queues and probe (git-fixes). - virtio-net: set queues after driver_ok (git-fixes). - virtio-rng: make device ready before making request (git-fixes). - virtio: acknowledge all features before access (git-fixes). - vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582). - watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (git-fixes). - word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729). - x86/alternative: Fix race in try_get_desc() (git-fixes). - x86/boot/e820: Fix typo in e820.c comment (git-fixes). - x86/bugs: Reset speculation control settings on init (git-fixes). - x86/coco: Allow CPU online/offline for a TDX VM with the paravisor on Hyper-V (bsc#1206453). - x86/coco: Export cc_vendor (bsc#1206453). - x86/cpu: Add Lunar Lake M (git-fixes). - x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes). - x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git-fixes). - x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git-fixes). - x86/hyperv: Add hv_isolation_type_tdx() to detect TDX guests (bsc#1206453). - x86/hyperv: Add hv_write_efer() for a TDX VM with the paravisor (bsc#1206453). - x86/hyperv: Add hyperv-specific handling for VMMCALL under SEV-ES (bsc#1206453). - x86/hyperv: Add missing 'inline' to hv_snp_boot_ap() stub (bsc#1206453). - x86/hyperv: Add sev-snp enlightened guest static key (bsc#1206453) - x86/hyperv: Add smp support for SEV-SNP guest (bsc#1206453). - x86/hyperv: Add VTL specific structs and hypercalls (bsc#1206453). - x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline (bsc#1206453). - x86/hyperv: Fix serial console interrupts for fully enlightened TDX guests (bsc#1206453). - x86/hyperv: Fix undefined reference to isolation_type_en_snp without CONFIG_HYPERV (bsc#1206453). - x86/hyperv: Introduce a global variable hyperv_paravisor_present (bsc#1206453). - x86/hyperv: Mark hv_ghcb_terminate() as noreturn (bsc#1206453). - x86/hyperv: Mark Hyper-V vp assist page unencrypted in SEV-SNP enlightened guest (bsc#1206453). - x86/hyperv: Move the code in ivm.c around to avoid unnecessary ifdef's (bsc#1206453). - x86/hyperv: Remove hv_isolation_type_en_snp (bsc#1206453). - x86/hyperv: Set Virtual Trust Level in VMBus init message (bsc#1206453). - x86/hyperv: Support hypercalls for fully enlightened TDX guests (bsc#1206453). - x86/hyperv: Use TDX GHCI to access some MSRs in a TDX VM with the paravisor (bsc#1206453). - x86/hyperv: Use vmmcall to implement Hyper-V hypercall in sev-snp enlightened guest (bsc#1206453). - x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes). - x86/ioapic: Do not return 0 from arch_dynirq_lower_bound() (git-fixes). - x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes). - x86/mce: Retrieve poison range from hardware (git-fixes). - x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes). - x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes). - x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes). - x86/purgatory: remove PGO flags (git-fixes). - x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git-fixes). - x86/reboot: Disable virtualization in an emergency if SVM is supported (git-fixes). - x86/resctl: fix scheduler confusion with 'current' (git-fixes). - x86/resctrl: Fix task CLOSID/RMID update race (git-fixes). - x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes). - x86/rtc: Remove __init for runtime functions (git-fixes). - x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635). - x86/sgx: Reduce delay and interference of enclave release (git-fixes). - x86/srso: Do not probe microcode in a guest (git-fixes). - x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes). - x86/srso: Fix srso_show_state() side effect (git-fixes). - x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes). - x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes). - xen: remove a confusing comment on auto-translated guest I/O (git-fixes). - xprtrdma: Remap Receive buffers after a reconnect (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) The following package changes have been done: - apparmor-abstractions-3.0.4-150500.11.9.1 updated - apparmor-parser-3.0.4-150500.11.9.1 updated - bind-utils-9.16.44-150500.8.12.2 updated - containerd-ctr-1.6.21-150000.95.1 updated - containerd-1.6.21-150000.95.1 updated - curl-8.0.1-150400.5.32.1 updated - dracut-055+suse.371.g5237e44a-150500.3.12.1 updated - glibc-locale-base-2.31-150300.58.1 updated - glibc-locale-2.31-150300.58.1 updated - glibc-2.31-150300.58.1 updated - kernel-default-5.14.21-150500.55.31.1 updated - libapparmor1-3.0.4-150500.11.9.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - libeconf0-0.5.2-150400.3.6.1 updated - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libhidapi-hidraw0-0.10.1-150300.3.2.1 updated - libnghttp2-14-1.40.0-150200.9.1 updated - libnvme-mi1-1.4+29.ga3cf0a-150500.4.9.1 updated - libnvme1-1.4+29.ga3cf0a-150500.4.9.1 updated - libpython3_6m1_0-3.6.15-150300.10.51.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - libxml2-2-2.10.3-150500.5.8.1 updated - login_defs-4.8.1-150400.10.12.1 updated - nfs-client-2.1.1-150500.22.3.1 updated - nvme-cli-2.4+25.g367eb9-150500.4.9.1 updated - perl-Bootloader-0.945-150400.3.9.1 updated - python3-base-3.6.15-150300.10.51.1 updated - python3-bind-9.16.44-150500.8.12.2 updated - python3-ply-3.10-150000.3.5.1 updated - python3-3.6.15-150300.10.51.1 updated - rpm-ndb-4.14.3-150400.59.3.1 updated - runc-1.1.8-150000.49.1 updated - samba-client-libs-4.17.9+git.421.abde31ca5c2-150500.3.11.1 updated - shadow-4.8.1-150400.10.12.1 updated - supportutils-3.1.26-150300.7.35.21.1 updated - suse-build-key-12.0-150000.8.34.1 updated - suse-module-tools-15.5.2-150500.3.3.1 updated - xen-libs-4.17.2_06-150500.3.12.1 updated - zypper-1.14.64-150400.3.32.1 updated - sysfsutils-2.1.0-3.3.1 removed From sle-updates at lists.suse.com Mon Oct 16 12:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Oct 2023 12:30:01 -0000 Subject: SUSE-SU-2023:4089-1: important: Security update for opensc Message-ID: <169745940159.17181.8178000437550610619@smelt2.prg2.suse.org> # Security update for opensc Announcement ID: SUSE-SU-2023:4089-1 Rating: important References: * #1215761 * #1215762 Cross-References: * CVE-2023-40660 * CVE-2023-40661 CVSS scores: * CVE-2023-40660 ( SUSE ): 7.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2023-40661 ( SUSE ): 5.4 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for opensc fixes the following issues: * CVE-2023-40660: Fixed a PIN bypass that could be triggered when cards tracked their own login state (bsc#1215762). * CVE-2023-40661: Fixed several memory safety issues that could happen during the card enrollment process using pkcs15-init (bsc#1215761). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4089=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4089=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4089=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4089=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4089=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4089=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4089=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * opensc-0.22.0-150400.3.6.1 * opensc-debuginfo-0.22.0-150400.3.6.1 * opensc-debugsource-0.22.0-150400.3.6.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * opensc-0.22.0-150400.3.6.1 * opensc-debuginfo-0.22.0-150400.3.6.1 * opensc-debugsource-0.22.0-150400.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * opensc-0.22.0-150400.3.6.1 * opensc-debuginfo-0.22.0-150400.3.6.1 * opensc-debugsource-0.22.0-150400.3.6.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * opensc-0.22.0-150400.3.6.1 * opensc-debuginfo-0.22.0-150400.3.6.1 * opensc-debugsource-0.22.0-150400.3.6.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * opensc-0.22.0-150400.3.6.1 * opensc-debuginfo-0.22.0-150400.3.6.1 * opensc-debugsource-0.22.0-150400.3.6.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * opensc-0.22.0-150400.3.6.1 * opensc-debuginfo-0.22.0-150400.3.6.1 * opensc-debugsource-0.22.0-150400.3.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * opensc-0.22.0-150400.3.6.1 * opensc-debuginfo-0.22.0-150400.3.6.1 * opensc-debugsource-0.22.0-150400.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40660.html * https://www.suse.com/security/cve/CVE-2023-40661.html * https://bugzilla.suse.com/show_bug.cgi?id=1215761 * https://bugzilla.suse.com/show_bug.cgi?id=1215762 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 16 12:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Oct 2023 12:30:03 -0000 Subject: SUSE-RU-2023:4088-1: moderate: Recommended update for libguestfs Message-ID: <169745940384.17181.13067980776974479726@smelt2.prg2.suse.org> # Recommended update for libguestfs Announcement ID: SUSE-RU-2023:4088-1 Rating: moderate References: * #1212972 * #1215461 * #1215543 * #1215586 * #1215664 Affected Products: * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has five fixes can now be installed. ## Description: This update for libguestfs fixes the following issues: * Unable to determine guest architecture (bsc#1215543, bsc#1215461) * Non-functional network due to missing sysconfig-netconfig (bsc#1215586) * Cannot find any suitable libguestfs supermin (bsc#1212972, bsc#1215664) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4088=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4088=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * libguestfs0-1.48.6-150500.3.8.1 * libguestfs0-debuginfo-1.48.6-150500.3.8.1 * libguestfs-debuginfo-1.48.6-150500.3.8.1 * libguestfs-debugsource-1.48.6-150500.3.8.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * ocaml-libguestfs-1.48.6-150500.3.8.1 * python3-libguestfs-1.48.6-150500.3.8.1 * lua-libguestfs-1.48.6-150500.3.8.1 * libguestfs-debugsource-1.48.6-150500.3.8.1 * libguestfs-rsync-1.48.6-150500.3.8.1 * perl-Sys-Guestfs-1.48.6-150500.3.8.1 * libguestfsd-1.48.6-150500.3.8.1 * rubygem-libguestfs-debuginfo-1.48.6-150500.3.8.1 * libguestfs-winsupport-1.48.6-150500.3.8.1 * libguestfs-1.48.6-150500.3.8.1 * lua-libguestfs-debuginfo-1.48.6-150500.3.8.1 * perl-Sys-Guestfs-debuginfo-1.48.6-150500.3.8.1 * libguestfs-devel-1.48.6-150500.3.8.1 * libguestfs-xfs-1.48.6-150500.3.8.1 * ocaml-libguestfs-devel-1.48.6-150500.3.8.1 * libguestfs-gobject-devel-1.48.6-150500.3.8.1 * libguestfs-rescue-debuginfo-1.48.6-150500.3.8.1 * libguestfs-typelib-Guestfs-1_0-1.48.6-150500.3.8.1 * ocaml-libguestfs-debuginfo-1.48.6-150500.3.8.1 * rubygem-libguestfs-1.48.6-150500.3.8.1 * libguestfs-debuginfo-1.48.6-150500.3.8.1 * libguestfs0-1.48.6-150500.3.8.1 * libguestfs-appliance-1.48.6-150500.3.8.1 * libguestfsd-debuginfo-1.48.6-150500.3.8.1 * libguestfs-gobject-1_0-1.48.6-150500.3.8.1 * libguestfs0-debuginfo-1.48.6-150500.3.8.1 * python3-libguestfs-debuginfo-1.48.6-150500.3.8.1 * libguestfs-gobject-1_0-debuginfo-1.48.6-150500.3.8.1 * libguestfs-rescue-1.48.6-150500.3.8.1 * Server Applications Module 15-SP5 (noarch) * libguestfs-man-pages-ja-1.48.6-150500.3.8.1 * libguestfs-man-pages-uk-1.48.6-150500.3.8.1 * libguestfs-bash-completion-1.48.6-150500.3.8.1 * libguestfs-inspect-icons-1.48.6-150500.3.8.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212972 * https://bugzilla.suse.com/show_bug.cgi?id=1215461 * https://bugzilla.suse.com/show_bug.cgi?id=1215543 * https://bugzilla.suse.com/show_bug.cgi?id=1215586 * https://bugzilla.suse.com/show_bug.cgi?id=1215664 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 16 12:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Oct 2023 12:30:06 -0000 Subject: SUSE-RU-2023:4087-1: important: Recommended update for s390-tools Message-ID: <169745940610.17181.10337720063134268391@smelt2.prg2.suse.org> # Recommended update for s390-tools Announcement ID: SUSE-RU-2023:4087-1 Rating: important References: * #1205528 Affected Products: * Basesystem Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for s390-tools fixes the following issues: * zgetdump: Trying to seek past file end "/dev/crash" (bsc#1205528) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4087=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4087=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4087=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4087=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4087=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (s390x) * libekmfweb1-2.19.0-150400.7.24.1 * s390-tools-debugsource-2.19.0-150400.7.24.1 * libkmipclient1-2.19.0-150400.7.24.1 * s390-tools-2.19.0-150400.7.24.1 * s390-tools-debuginfo-2.19.0-150400.7.24.1 * libekmfweb1-debuginfo-2.19.0-150400.7.24.1 * libkmipclient1-debuginfo-2.19.0-150400.7.24.1 * SUSE Linux Enterprise Micro 5.3 (s390x) * libekmfweb1-2.19.0-150400.7.24.1 * s390-tools-debugsource-2.19.0-150400.7.24.1 * libkmipclient1-2.19.0-150400.7.24.1 * s390-tools-2.19.0-150400.7.24.1 * s390-tools-debuginfo-2.19.0-150400.7.24.1 * libekmfweb1-debuginfo-2.19.0-150400.7.24.1 * libkmipclient1-debuginfo-2.19.0-150400.7.24.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (s390x) * libekmfweb1-2.19.0-150400.7.24.1 * s390-tools-debugsource-2.19.0-150400.7.24.1 * libkmipclient1-2.19.0-150400.7.24.1 * s390-tools-2.19.0-150400.7.24.1 * s390-tools-debuginfo-2.19.0-150400.7.24.1 * libekmfweb1-debuginfo-2.19.0-150400.7.24.1 * libkmipclient1-debuginfo-2.19.0-150400.7.24.1 * SUSE Linux Enterprise Micro 5.4 (s390x) * libekmfweb1-2.19.0-150400.7.24.1 * s390-tools-debugsource-2.19.0-150400.7.24.1 * libkmipclient1-2.19.0-150400.7.24.1 * s390-tools-2.19.0-150400.7.24.1 * s390-tools-debuginfo-2.19.0-150400.7.24.1 * libekmfweb1-debuginfo-2.19.0-150400.7.24.1 * libkmipclient1-debuginfo-2.19.0-150400.7.24.1 * Basesystem Module 15-SP4 (s390x) * s390-tools-hmcdrvfs-2.19.0-150400.7.24.1 * libekmfweb1-2.19.0-150400.7.24.1 * s390-tools-chreipl-fcp-mpath-2.19.0-150400.7.24.1 * s390-tools-debugsource-2.19.0-150400.7.24.1 * s390-tools-zdsfs-2.19.0-150400.7.24.1 * libkmipclient1-2.19.0-150400.7.24.1 * s390-tools-2.19.0-150400.7.24.1 * s390-tools-hmcdrvfs-debuginfo-2.19.0-150400.7.24.1 * osasnmpd-2.19.0-150400.7.24.1 * s390-tools-debuginfo-2.19.0-150400.7.24.1 * libekmfweb1-debuginfo-2.19.0-150400.7.24.1 * s390-tools-zdsfs-debuginfo-2.19.0-150400.7.24.1 * libkmipclient1-debuginfo-2.19.0-150400.7.24.1 * osasnmpd-debuginfo-2.19.0-150400.7.24.1 * libekmfweb1-devel-2.19.0-150400.7.24.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1205528 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 16 12:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Oct 2023 12:30:07 -0000 Subject: SUSE-RU-2023:4086-1: moderate: Recommended update for python310 Message-ID: <169745940731.17181.1217262401874586532@smelt2.prg2.suse.org> # Recommended update for python310 Announcement ID: SUSE-RU-2023:4086-1 Rating: moderate References: Affected Products: * Python 3 Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: This update for python310 fixes the following issues: * Python documentation uses deprecated Sphinx index entries (https://github.com/python/cpython/issues/97950) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Python 3 Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Python3-15-SP4-2023-4086=1 ## Package List: * Python 3 Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python310-tools-3.10.13-150400.4.36.1 * python310-debugsource-3.10.13-150400.4.36.1 * libpython3_10-1_0-debuginfo-3.10.13-150400.4.36.1 * python310-3.10.13-150400.4.36.1 * python310-curses-debuginfo-3.10.13-150400.4.36.1 * libpython3_10-1_0-3.10.13-150400.4.36.1 * python310-dbm-debuginfo-3.10.13-150400.4.36.1 * python310-tk-debuginfo-3.10.13-150400.4.36.1 * python310-curses-3.10.13-150400.4.36.1 * python310-dbm-3.10.13-150400.4.36.1 * python310-devel-3.10.13-150400.4.36.1 * python310-base-3.10.13-150400.4.36.1 * python310-idle-3.10.13-150400.4.36.1 * python310-base-debuginfo-3.10.13-150400.4.36.1 * python310-tk-3.10.13-150400.4.36.1 * python310-debuginfo-3.10.13-150400.4.36.1 * python310-core-debugsource-3.10.13-150400.4.36.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 16 12:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Oct 2023 12:30:08 -0000 Subject: SUSE-SU-2023:4085-1: important: Security update for grub2 Message-ID: <169745940899.17181.13994061091559278101@smelt2.prg2.suse.org> # Security update for grub2 Announcement ID: SUSE-SU-2023:4085-1 Rating: important References: * #1204563 * #1215382 * #1215935 * #1215936 Cross-References: * CVE-2023-4692 * CVE-2023-4693 CVSS scores: * CVE-2023-4692 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4693 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities and has two security fixes can now be installed. ## Description: This update for grub2 fixes the following issues: Security fixes: \- CVE-2023-4692: Fixed an out-of-bounds write at fs/ntfs.c which may lead to unsigned code execution. (bsc#1215935) \- CVE-2023-4693: Fixed an out-of-bounds read at fs/ntfs.c which may lead to leak sensitive information. (bsc#1215936) Other fixes: \- Fix 'command not found' error of grub2-once (bsc#1204563, bsc#1215382) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4085=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4085=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4085=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * grub2-debuginfo-2.02-169.1 * grub2-2.02-169.1 * grub2-debugsource-2.02-169.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64) * grub2-arm64-efi-2.02-169.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * grub2-systemd-sleep-plugin-2.02-169.1 * grub2-snapper-plugin-2.02-169.1 * grub2-x86_64-xen-2.02-169.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * grub2-x86_64-efi-2.02-169.1 * grub2-i386-pc-2.02-169.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * grub2-debuginfo-2.02-169.1 * grub2-2.02-169.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64) * grub2-arm64-efi-2.02-169.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 s390x x86_64) * grub2-debugsource-2.02-169.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * grub2-systemd-sleep-plugin-2.02-169.1 * grub2-snapper-plugin-2.02-169.1 * grub2-x86_64-xen-2.02-169.1 * SUSE Linux Enterprise Server 12 SP5 (ppc64le) * grub2-powerpc-ieee1275-2.02-169.1 * SUSE Linux Enterprise Server 12 SP5 (s390x) * grub2-s390x-emu-2.02-169.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * grub2-x86_64-efi-2.02-169.1 * grub2-i386-pc-2.02-169.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * grub2-debuginfo-2.02-169.1 * grub2-2.02-169.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le) * grub2-powerpc-ieee1275-2.02-169.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * grub2-systemd-sleep-plugin-2.02-169.1 * grub2-snapper-plugin-2.02-169.1 * grub2-x86_64-xen-2.02-169.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * grub2-x86_64-efi-2.02-169.1 * grub2-debugsource-2.02-169.1 * grub2-i386-pc-2.02-169.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4692.html * https://www.suse.com/security/cve/CVE-2023-4693.html * https://bugzilla.suse.com/show_bug.cgi?id=1204563 * https://bugzilla.suse.com/show_bug.cgi?id=1215382 * https://bugzilla.suse.com/show_bug.cgi?id=1215935 * https://bugzilla.suse.com/show_bug.cgi?id=1215936 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 16 12:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Oct 2023 12:30:10 -0000 Subject: SUSE-SU-2023:4084-1: important: Security update for netatalk Message-ID: <169745941086.17181.12284072625557360932@smelt2.prg2.suse.org> # Security update for netatalk Announcement ID: SUSE-SU-2023:4084-1 Rating: important References: * #1197576 Cross-References: * CVE-2022-22995 CVSS scores: * CVE-2022-22995 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2022-22995 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for netatalk fixes the following issues: * CVE-2022-22995: Fixed a flaw where combining primitives offered by SMB and AFP in their default configuration may allow an attacker to achieve arbitrary code execution. (bsc#1197576) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4084=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-4084=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libatalk12-3.1.0-3.22.1 * netatalk-devel-3.1.0-3.22.1 * netatalk-debugsource-3.1.0-3.22.1 * netatalk-3.1.0-3.22.1 * libatalk12-debuginfo-3.1.0-3.22.1 * netatalk-debuginfo-3.1.0-3.22.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * libatalk12-3.1.0-3.22.1 * netatalk-debugsource-3.1.0-3.22.1 * netatalk-3.1.0-3.22.1 * libatalk12-debuginfo-3.1.0-3.22.1 * netatalk-debuginfo-3.1.0-3.22.1 ## References: * https://www.suse.com/security/cve/CVE-2022-22995.html * https://bugzilla.suse.com/show_bug.cgi?id=1197576 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 16 12:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Oct 2023 12:30:12 -0000 Subject: SUSE-SU-2023:4083-1: low: Security update for wireshark Message-ID: <169745941270.17181.9669839151948160847@smelt2.prg2.suse.org> # Security update for wireshark Announcement ID: SUSE-SU-2023:4083-1 Rating: low References: * #1215959 Cross-References: * CVE-2023-5371 CVSS scores: * CVE-2023-5371 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-5371 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for wireshark fixes the following issues: Updated to version 3.6.17: * CVE-2023-5371: Fixed a memory leak issue in the RTPS dissector (bsc#1215959). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4083=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4083=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4083=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4083=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4083=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4083=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4083=1 ## Package List: * SUSE Manager Proxy 4.2 (x86_64) * wireshark-3.6.17-150000.3.103.1 * libwsutil13-3.6.17-150000.3.103.1 * libwiretap12-3.6.17-150000.3.103.1 * libwiretap12-debuginfo-3.6.17-150000.3.103.1 * wireshark-debuginfo-3.6.17-150000.3.103.1 * libwsutil13-debuginfo-3.6.17-150000.3.103.1 * libwireshark15-3.6.17-150000.3.103.1 * wireshark-debugsource-3.6.17-150000.3.103.1 * libwireshark15-debuginfo-3.6.17-150000.3.103.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * wireshark-3.6.17-150000.3.103.1 * libwsutil13-3.6.17-150000.3.103.1 * libwiretap12-3.6.17-150000.3.103.1 * libwiretap12-debuginfo-3.6.17-150000.3.103.1 * wireshark-debuginfo-3.6.17-150000.3.103.1 * libwsutil13-debuginfo-3.6.17-150000.3.103.1 * libwireshark15-3.6.17-150000.3.103.1 * wireshark-debugsource-3.6.17-150000.3.103.1 * libwireshark15-debuginfo-3.6.17-150000.3.103.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * wireshark-3.6.17-150000.3.103.1 * libwsutil13-3.6.17-150000.3.103.1 * libwiretap12-3.6.17-150000.3.103.1 * libwiretap12-debuginfo-3.6.17-150000.3.103.1 * wireshark-debuginfo-3.6.17-150000.3.103.1 * libwsutil13-debuginfo-3.6.17-150000.3.103.1 * libwireshark15-3.6.17-150000.3.103.1 * wireshark-debugsource-3.6.17-150000.3.103.1 * libwireshark15-debuginfo-3.6.17-150000.3.103.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * wireshark-3.6.17-150000.3.103.1 * libwsutil13-3.6.17-150000.3.103.1 * libwiretap12-3.6.17-150000.3.103.1 * libwiretap12-debuginfo-3.6.17-150000.3.103.1 * wireshark-debuginfo-3.6.17-150000.3.103.1 * libwsutil13-debuginfo-3.6.17-150000.3.103.1 * libwireshark15-3.6.17-150000.3.103.1 * wireshark-debugsource-3.6.17-150000.3.103.1 * libwireshark15-debuginfo-3.6.17-150000.3.103.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * wireshark-3.6.17-150000.3.103.1 * libwsutil13-3.6.17-150000.3.103.1 * libwiretap12-3.6.17-150000.3.103.1 * libwiretap12-debuginfo-3.6.17-150000.3.103.1 * wireshark-debuginfo-3.6.17-150000.3.103.1 * libwsutil13-debuginfo-3.6.17-150000.3.103.1 * libwireshark15-3.6.17-150000.3.103.1 * wireshark-debugsource-3.6.17-150000.3.103.1 * libwireshark15-debuginfo-3.6.17-150000.3.103.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * wireshark-ui-qt-3.6.17-150000.3.103.1 * wireshark-ui-qt-debuginfo-3.6.17-150000.3.103.1 * wireshark-debuginfo-3.6.17-150000.3.103.1 * wireshark-debugsource-3.6.17-150000.3.103.1 * wireshark-devel-3.6.17-150000.3.103.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * wireshark-ui-qt-3.6.17-150000.3.103.1 * wireshark-ui-qt-debuginfo-3.6.17-150000.3.103.1 * wireshark-debuginfo-3.6.17-150000.3.103.1 * wireshark-debugsource-3.6.17-150000.3.103.1 * wireshark-devel-3.6.17-150000.3.103.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5371.html * https://bugzilla.suse.com/show_bug.cgi?id=1215959 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 16 12:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Oct 2023 12:30:14 -0000 Subject: SUSE-RU-2023:4082-1: moderate: Recommended update for patterns-sap Message-ID: <169745941440.17181.7557231085306693851@smelt2.prg2.suse.org> # Recommended update for patterns-sap Announcement ID: SUSE-RU-2023:4082-1 Rating: moderate References: Affected Products: * SAP Business One Module 15-SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that can now be installed. ## Description: This update for patterns-sap fixes the following issues: * Providing two pattern names does not work. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SAP Business One Module 15-SP4 zypper in -t patch SUSE-SLE-Module-SAP-Business-One-15-SP4-2023-4082=1 ## Package List: * SAP Business One Module 15-SP4 (x86_64) * patterns-sap-hana-15.4-150400.3.5.1 * patterns-sap-bone-15.4-150400.3.5.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 16 12:30:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Oct 2023 12:30:17 -0000 Subject: SUSE-RU-2023:4080-1: moderate: Recommended update for yast2-sap-ha Message-ID: <169745941728.17181.5097164496881514522@smelt2.prg2.suse.org> # Recommended update for yast2-sap-ha Announcement ID: SUSE-RU-2023:4080-1 Rating: moderate References: * #1202112 * #1209204 Affected Products: * SAP Applications Module 15-SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that has two fixes can now be installed. ## Description: This update for yast2-sap-ha fixes the following issues: * yast2-sap-ha for Cost-Opt scenario is not up-to-date with SR takeover in best practice guide (bsc#1209204) * yast2-sap-ha: csync2 configuration not enabled (bsc#1202112) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SAP Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2023-4080=1 ## Package List: * SAP Applications Module 15-SP4 (noarch) * yast2-sap-ha-4.4.5-150400.13.7.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1202112 * https://bugzilla.suse.com/show_bug.cgi?id=1209204 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 16 12:30:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Oct 2023 12:30:19 -0000 Subject: SUSE-RU-2023:4078-1: moderate: Recommended update for mcelog Message-ID: <169745941923.17181.14106193672712614743@smelt2.prg2.suse.org> # Recommended update for mcelog Announcement ID: SUSE-RU-2023:4078-1 Rating: moderate References: * PED-4218 * PED-4480 * PED-6021 * PED-6050 * PED-6102 * PED-6122 Affected Products: * Basesystem Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that contains six features can now be installed. ## Description: This update for mcelog fixes the following issue: * Update to version 195 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4078=1 ## Package List: * Basesystem Module 15-SP5 (x86_64) * mcelog-195-150500.3.3.1 * mcelog-debugsource-195-150500.3.3.1 * mcelog-debuginfo-195-150500.3.3.1 ## References: * https://jira.suse.com/browse/PED-4218 * https://jira.suse.com/browse/PED-4480 * https://jira.suse.com/browse/PED-6021 * https://jira.suse.com/browse/PED-6050 * https://jira.suse.com/browse/PED-6102 * https://jira.suse.com/browse/PED-6122 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 16 12:30:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Oct 2023 12:30:15 -0000 Subject: SUSE-RU-2023:4081-1: moderate: Recommended update for sap-installation-wizard Message-ID: <169745941573.17181.1515809974273313901@smelt2.prg2.suse.org> # Recommended update for sap-installation-wizard Announcement ID: SUSE-RU-2023:4081-1 Rating: moderate References: * #1214161 * #1215107 Affected Products: * SAP Business One Module 15-SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that has two fixes can now be installed. ## Description: This update for sap-installation-wizard fixes the following issues: * Fixes an issue when SAP Installation Wizard stops after HANA installation due to wrong pattern name. (bsc#1214161) * Adjust HANA password policies to meet requirements of the changed SAP Business One password policies (bsc#1215107) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SAP Business One Module 15-SP4 zypper in -t patch SUSE-SLE-Module-SAP-Business-One-15-SP4-2023-4081=1 ## Package List: * SAP Business One Module 15-SP4 (x86_64) * sap-installation-wizard-4.4.11-150400.3.5.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214161 * https://bugzilla.suse.com/show_bug.cgi?id=1215107 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 16 20:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Oct 2023 20:30:03 -0000 Subject: SUSE-RU-2023:3978-2: moderate: Recommended update for nfs-utils Message-ID: <169748820372.19248.14150303051230694147@smelt2.prg2.suse.org> # Recommended update for nfs-utils Announcement ID: SUSE-RU-2023:3978-2 Rating: moderate References: * bsc#1157881 * bsc#1200710 * bsc#1209859 * bsc#1212594 Affected Products: * SUSE Linux Enterprise Micro 5.5 An update that has four fixes can now be installed. ## Description: This update for nfs-utils fixes the following issues: * SLE15-SP5 and earlier don't use /usr/lib/modprobe.d (bsc#1200710) * Avoid unhelpful warnings (bsc#1157881) * Fix rpc.nfsd man pages (bsc#1209859) * Cope better with duplicate entries in /etc/exports (bsc#1212594) * Allow scope to be set in sysconfig: NFSD_SCOPE ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-3978=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * nfs-utils-debugsource-2.1.1-150500.22.3.1 * nfs-kernel-server-debuginfo-2.1.1-150500.22.3.1 * nfs-client-debuginfo-2.1.1-150500.22.3.1 * nfs-utils-debuginfo-2.1.1-150500.22.3.1 * nfs-client-2.1.1-150500.22.3.1 * nfs-kernel-server-2.1.1-150500.22.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1157881 * https://bugzilla.suse.com/show_bug.cgi?id=1200710 * https://bugzilla.suse.com/show_bug.cgi?id=1209859 * https://bugzilla.suse.com/show_bug.cgi?id=1212594 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 16 20:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Oct 2023 20:30:05 -0000 Subject: SUSE-RU-2023:3798-2: important: Recommended update for libcontainers-common Message-ID: <169748820506.19248.7032950032650005249@smelt2.prg2.suse.org> # Recommended update for libcontainers-common Announcement ID: SUSE-RU-2023:3798-2 Rating: important References: * bsc#1215291 Affected Products: * SUSE Linux Enterprise Micro 5.5 An update that has one fix can now be installed. ## Description: This update for libcontainers-common fixes the following issues: * Require libcontainers-sles-mounts for _all_ SLE products, and not just SLES. (bsc#1215291) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-3798=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (noarch) * libcontainers-sles-mounts-20230214-150500.4.6.1 * libcontainers-common-20230214-150500.4.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215291 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 16 20:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Oct 2023 20:30:06 -0000 Subject: SUSE-RU-2023:3716-2: moderate: Recommended update for libnvme, nvme-cli Message-ID: <169748820658.19248.1909833855288076672@smelt2.prg2.suse.org> # Recommended update for libnvme, nvme-cli Announcement ID: SUSE-RU-2023:3716-2 Rating: moderate References: * bsc#1213762 * bsc#1213993 Affected Products: * SUSE Linux Enterprise Micro 5.5 An update that has two fixes can now be installed. ## Description: This update for libnvme, nvme-cli fixes the following issues: * Update to version 1.4+29.ga3cf0a * Fix segfault in nvme_scan_subsystem() (bsc#1213993) * Fix segfault converting NULL to JSON string (bsc#1213762) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-3716=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * nvme-cli-2.4+25.g367eb9-150500.4.9.1 * libnvme1-1.4+29.ga3cf0a-150500.4.9.1 * libnvme1-debuginfo-1.4+29.ga3cf0a-150500.4.9.1 * libnvme-mi1-1.4+29.ga3cf0a-150500.4.9.1 * libnvme-debugsource-1.4+29.ga3cf0a-150500.4.9.1 * libnvme-mi1-debuginfo-1.4+29.ga3cf0a-150500.4.9.1 * libnvme-debuginfo-1.4+29.ga3cf0a-150500.4.9.1 * nvme-cli-debugsource-2.4+25.g367eb9-150500.4.9.1 * nvme-cli-debuginfo-2.4+25.g367eb9-150500.4.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213762 * https://bugzilla.suse.com/show_bug.cgi?id=1213993 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 16 20:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Oct 2023 20:30:07 -0000 Subject: SUSE-SU-2023:3666-2: important: Security update for libxml2 Message-ID: <169748820798.19248.10016069503714323610@smelt2.prg2.suse.org> # Security update for libxml2 Announcement ID: SUSE-SU-2023:3666-2 Rating: important References: * bsc#1214768 Cross-References: * CVE-2023-39615 CVSS scores: * CVE-2023-39615 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-39615 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Micro 5.5 An update that solves one vulnerability can now be installed. ## Description: This update for libxml2 fixes the following issues: * CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-3666=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * python3-libxml2-2.10.3-150500.5.8.1 * python3-libxml2-debuginfo-2.10.3-150500.5.8.1 * libxml2-2-debuginfo-2.10.3-150500.5.8.1 * libxml2-tools-debuginfo-2.10.3-150500.5.8.1 * libxml2-tools-2.10.3-150500.5.8.1 * libxml2-debugsource-2.10.3-150500.5.8.1 * libxml2-python-debugsource-2.10.3-150500.5.8.1 * libxml2-2-2.10.3-150500.5.8.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39615.html * https://bugzilla.suse.com/show_bug.cgi?id=1214768 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 17 07:02:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2023 09:02:51 +0200 (CEST) Subject: SUSE-CU-2023:3418-1: Security update of suse/sles12sp5 Message-ID: <20231017070251.AD491F417@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3418-1 Container Tags : suse/sles12sp5:6.5.523 , suse/sles12sp5:latest Container Release : 6.5.523 Severity : important Type : security References : 1214806 1215286 1215504 1215888 1215889 CVE-2023-38545 CVE-2023-38546 CVE-2023-4641 CVE-2023-4813 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4023-1 Released: Tue Oct 10 13:23:04 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4043-1 Released: Wed Oct 11 09:00:09 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4063-1 Released: Thu Oct 12 10:41:20 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1215286,1215504,CVE-2023-4813 This update of glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Other issues fixed: - S390: Fix relocation of _nl_current_LC_CATETORY_used in static build (bsc#1215504, BZ #19860) - added GB18030-2022 charmap (jsc#PED-4908, BZ #30243) The following package changes have been done: - glibc-2.22-114.31.1 updated - libcurl4-8.0.1-11.74.1 updated - shadow-4.2.1-36.6.1 updated From sle-updates at lists.suse.com Tue Oct 17 07:04:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2023 09:04:34 +0200 (CEST) Subject: SUSE-CU-2023:3419-1: Security update of suse/sle15 Message-ID: <20231017070434.45650F417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3419-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.829 Container Release : 6.2.829 Severity : moderate Type : security References : 1214806 1215286 1215505 CVE-2023-4641 CVE-2023-4813 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4025-1 Released: Tue Oct 10 13:41:02 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4047-1 Released: Wed Oct 11 10:40:26 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1215286,1215505,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Other changes: - Added GB18030-2022 charmap (jsc#PED-4908, BZ #30243) - Run vismain only if linker supports protected data symbol (bsc#1215505) The following package changes have been done: - glibc-2.26-150000.13.70.1 updated - shadow-4.6-150100.3.11.1 updated From sle-updates at lists.suse.com Tue Oct 17 07:05:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2023 09:05:47 +0200 (CEST) Subject: SUSE-CU-2023:3420-1: Security update of suse/sle15 Message-ID: <20231017070547.EEEA6F417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3420-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.355 Container Release : 9.5.355 Severity : moderate Type : security References : 1214806 1215286 1215505 1215889 CVE-2023-38546 CVE-2023-4641 CVE-2023-4813 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4025-1 Released: Tue Oct 10 13:41:02 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4045-1 Released: Wed Oct 11 09:10:43 2023 Summary: Security update for curl Type: security Severity: moderate References: 1215889,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38546: Fixed a cookie injection with none file (bsc#1215889). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4047-1 Released: Wed Oct 11 10:40:26 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1215286,1215505,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Other changes: - Added GB18030-2022 charmap (jsc#PED-4908, BZ #30243) - Run vismain only if linker supports protected data symbol (bsc#1215505) The following package changes have been done: - glibc-2.26-150000.13.70.1 updated - libcurl4-7.66.0-150200.4.60.1 updated - shadow-4.6-150100.3.11.1 updated From sle-updates at lists.suse.com Tue Oct 17 07:06:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2023 09:06:28 +0200 (CEST) Subject: SUSE-CU-2023:3421-1: Security update of bci/bci-init Message-ID: <20231017070628.8C6CFF417@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3421-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.30.4 Container Release : 30.4 Severity : important Type : security References : 1214806 1215888 1215889 CVE-2023-38545 CVE-2023-38546 CVE-2023-4641 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) The following package changes have been done: - login_defs-4.8.1-150400.10.12.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - rpm-ndb-4.14.3-150400.59.3.1 updated - shadow-4.8.1-150400.10.12.1 updated - container:sles15-image-15.0.0-27.14.107 updated From sle-updates at lists.suse.com Tue Oct 17 07:06:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2023 09:06:41 +0200 (CEST) Subject: SUSE-CU-2023:3422-1: Recommended update of bci/bci-minimal Message-ID: <20231017070641.9DE06F417@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3422-1 Container Tags : bci/bci-minimal:15.4 , bci/bci-minimal:15.4.24.5 Container Release : 24.5 Severity : low Type : recommended References : ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) The following package changes have been done: - rpm-ndb-4.14.3-150400.59.3.1 updated - container:micro-image-15.4.0-23.1 updated From sle-updates at lists.suse.com Tue Oct 17 07:07:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2023 09:07:07 +0200 (CEST) Subject: SUSE-CU-2023:3423-1: Security update of bci/nodejs Message-ID: <20231017070707.7DE4AF417@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3423-1 Container Tags : bci/node:16 , bci/node:16-18.3 , bci/nodejs:16 , bci/nodejs:16-18.3 Container Release : 18.3 Severity : important Type : security References : 1186606 1194038 1194609 1194900 1195391 1201519 1201627 1204844 1205161 1206627 1207534 1207778 1208194 1208721 1209229 1209741 1210004 1210702 1210999 1211078 1211407 1211418 1211419 1211576 1211604 1211605 1211606 1211607 1211828 1211829 1212260 1212434 1212574 1212579 1212581 1212582 1212583 1212623 1212819 1212910 1213185 1213189 1213237 1213240 1213487 1213514 1213517 1213575 1213853 1213873 1214052 1214054 1214140 1214150 1214154 1214156 1214768 1214806 1215026 1215533 1215713 1215888 1215889 CVE-2022-41409 CVE-2022-4304 CVE-2023-22652 CVE-2023-2602 CVE-2023-2603 CVE-2023-30078 CVE-2023-30079 CVE-2023-30581 CVE-2023-30585 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-31484 CVE-2023-32001 CVE-2023-32002 CVE-2023-32006 CVE-2023-32067 CVE-2023-32181 CVE-2023-32559 CVE-2023-3446 CVE-2023-35945 CVE-2023-36054 CVE-2023-38039 CVE-2023-3817 CVE-2023-38545 CVE-2023-38546 CVE-2023-39615 CVE-2023-4039 CVE-2023-4641 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2648-1 Released: Tue Jun 27 09:52:35 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1201627,1207534,CVE-2022-4304 This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect the testsuite (bsc#1201627). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2663-1 Released: Tue Jun 27 20:27:00 2023 Summary: Security update for nodejs16 Type: security Severity: important References: 1211407,1211604,1211605,1211606,1211607,1212574,1212579,1212581,1212582,1212583,CVE-2023-30581,CVE-2023-30585,CVE-2023-30588,CVE-2023-30589,CVE-2023-30590,CVE-2023-31124,CVE-2023-31130,CVE-2023-31147,CVE-2023-32067 This update for nodejs16 fixes the following issues: Update to version 16.20.1: - CVE-2023-30581: Fixed mainModule.__proto__ Bypass Experimental Policy Mechanism (bsc#1212574). - CVE-2023-30585: Fixed privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (bsc#1212579). - CVE-2023-30588: Fixed process interuption due to invalid Public Key information in x509 certificates (bsc#1212581). - CVE-2023-30589: Fixed HTTP Request Smuggling via empty headers separated by CR (bsc#1212582). - CVE-2023-30590: Fixed DiffieHellman key generation after setting a private key (bsc#1212583). - CVE-2023-31124: Fixed cross compilation issue with AutoTools that does not set CARES_RANDOM_FILE (bsc#1211607). - CVE-2023-31130: Fixed buffer underwrite problem in ares_inet_net_pton() (bsc#1211606). - CVE-2023-31147: Fixed insufficient randomness in generation of DNS query IDs (bsc#1211605). - CVE-2023-32067: Fixed denial-of-service via 0-byte UDP payload (bsc#1211604). Bug fixes: - Increased the default timeout on unit tests from 2 to 20 minutes. This seems to have lead to build failures on some platforms, like s390x in Factory. (bsc#1211407) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2800-1 Released: Mon Jul 10 07:35:22 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1212623 This update for openssl-1_1 fixes the following issues: - Check the OCSP RESPONSE in openssl s_client command and terminate connection if a revoked certificate is found. [bsc#1212623] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2962-1 Released: Tue Jul 25 09:34:53 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3286-1 Released: Fri Aug 11 10:32:03 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1194900 This update for util-linux fixes the following issues: - Fix blkid for floppy drives (bsc#1194900) - Fix rpmbuild %checks fail when @ in the directory path (bsc#1194038) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3327-1 Released: Wed Aug 16 08:45:25 2023 Summary: Security update for pcre2 Type: security Severity: moderate References: 1213514,CVE-2022-41409 This update for pcre2 fixes the following issues: - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3363-1 Released: Fri Aug 18 14:54:16 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3379-1 Released: Tue Aug 22 18:36:01 2023 Summary: Security update for nodejs16 Type: security Severity: important References: 1214150,1214154,1214156,CVE-2023-32002,CVE-2023-32006,CVE-2023-32559 This update for nodejs16 fixes the following issues: Update to LTS version 16.20.2. - CVE-2023-32002: Fixed permissions policies bypass via Module._load (bsc#1214150). - CVE-2023-32006: Fixed permissions policies impersonation using module.constructor.createRequire() (bsc#1214156). - CVE-2023-32559: Fixed permissions policies bypass via process.binding (bsc#1214154). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3397-1 Released: Wed Aug 23 18:35:56 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213517,1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) - Don't pass zero length input to EVP_Cipher because s390x assembler optimized AES cannot handle zero size. (bsc#1213517) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3699-1 Released: Wed Sep 20 11:02:50 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3814-1 Released: Wed Sep 27 18:08:17 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1211829,1212819,1212910 This update for glibc fixes the following issues: - nscd: Fix netlink cache invalidation if epoll is used (bsc#1212910, BZ #29415) - Restore lookup of IPv4 mapped addresses in files database (bsc#1212819, BZ #25457) - elf: Remove excessive p_align check on PT_LOAD segments (bsc#1211829, BZ #28688) - elf: Properly align PT_LOAD segments (bsc#1211829, BZ #28676) - ld.so: Always use MAP_COPY to map the first segment (BZ #30452) - add GB18030-2022 charmap (jsc#PED-4908, BZ #30243) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3823-1 Released: Wed Sep 27 18:42:38 2023 Summary: Security update for curl Type: security Severity: important References: 1215026,CVE-2023-38039 This update for curl fixes the following issues: - CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. (bsc#1215026) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3994-1 Released: Fri Oct 6 13:44:15 2023 Summary: Recommended update for git Type: recommended Severity: moderate References: 1215533 This update for git fixes the following issues: - Downgrade openssh dependency to recommends (bsc#1215533) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) The following package changes have been done: - libldap-data-2.4.46-150200.14.17.1 updated - glibc-2.31-150300.58.1 updated - perl-base-5.26.1-150300.17.14.1 updated - libnghttp2-14-1.40.0-150200.9.1 updated - libuuid1-2.37.2-150400.8.20.1 updated - libsmartcols1-2.37.2-150400.8.20.1 updated - libeconf0-0.5.2-150400.3.6.1 updated - libcap2-2.63-150400.3.3.1 updated - libblkid1-2.37.2-150400.8.20.1 updated - libaudit1-3.0.6-150400.4.13.1 updated - libfdisk1-2.37.2-150400.8.20.1 updated - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - libxml2-2-2.9.14-150400.5.22.1 updated - libsystemd0-249.16-150400.8.33.1 updated - libopenssl1_1-1.1.1l-150400.7.53.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.53.1 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - libmount1-2.37.2-150400.8.20.1 updated - krb5-1.19.2-150400.3.6.1 updated - login_defs-4.8.1-150400.10.12.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - rpm-ndb-4.14.3-150400.59.3.1 updated - shadow-4.8.1-150400.10.12.1 updated - sysuser-shadow-3.2-150400.3.5.3 updated - util-linux-2.37.2-150400.8.20.1 updated - libpcre2-8-0-10.39-150400.4.9.1 updated - nodejs16-16.20.2-150400.3.24.1 updated - npm16-16.20.2-150400.3.24.1 updated - git-core-2.35.3-150300.10.30.1 updated - container:sles15-image-15.0.0-27.14.107 updated - libcbor0-0.5.0-150100.4.6.1 removed - libedit0-3.1.snap20150325-2.12 removed - libfido2-1-1.5.0-1.30 removed - libfido2-udev-1.5.0-1.30 removed - libudev1-249.16-150400.8.28.3 removed - openssh-clients-8.4p1-150300.3.18.2 removed - openssh-common-8.4p1-150300.3.18.2 removed - openssh-fips-8.4p1-150300.3.18.2 removed From sle-updates at lists.suse.com Tue Oct 17 07:08:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2023 09:08:26 +0200 (CEST) Subject: SUSE-CU-2023:3430-1: Recommended update of bci/bci-init Message-ID: <20231017070826.A582DF417@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3430-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.10.12 , bci/bci-init:latest Container Release : 10.12 Severity : low Type : recommended References : ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) The following package changes have been done: - rpm-ndb-4.14.3-150400.59.3.1 updated - container:sles15-image-15.0.0-36.5.43 updated From sle-updates at lists.suse.com Tue Oct 17 07:08:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2023 09:08:30 +0200 (CEST) Subject: SUSE-CU-2023:3431-1: Recommended update of bci/bci-minimal Message-ID: <20231017070830.6999FF417@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3431-1 Container Tags : bci/bci-minimal:15.5 , bci/bci-minimal:15.5.13.4 , bci/bci-minimal:latest Container Release : 13.4 Severity : low Type : recommended References : ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) The following package changes have been done: - rpm-ndb-4.14.3-150400.59.3.1 updated From sle-updates at lists.suse.com Tue Oct 17 07:08:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2023 09:08:39 +0200 (CEST) Subject: SUSE-CU-2023:3432-1: Recommended update of suse/sle15 Message-ID: <20231017070839.5F687F417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3432-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.43 , suse/sle15:15.5 , suse/sle15:15.5.36.5.43 Container Release : 36.5.43 Severity : low Type : recommended References : ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) The following package changes have been done: - rpm-ndb-4.14.3-150400.59.3.1 updated From sle-updates at lists.suse.com Tue Oct 17 08:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2023 08:30:06 -0000 Subject: SUSE-SU-2023:4093-1: important: Security update for the Linux Kernel Message-ID: <169753140666.6138.13953491792127267799@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4093-1 Rating: important References: * bsc#1202845 * bsc#1213808 * bsc#1214928 * bsc#1214940 * bsc#1214941 * bsc#1214942 * bsc#1214943 * bsc#1214944 * bsc#1214950 * bsc#1214951 * bsc#1214954 * bsc#1214957 * bsc#1214986 * bsc#1214988 * bsc#1214992 * bsc#1214993 * bsc#1215322 * bsc#1215877 * bsc#1215894 * bsc#1215895 * bsc#1215896 * bsc#1215911 * bsc#1215915 * bsc#1215916 Cross-References: * CVE-2023-1192 * CVE-2023-1206 * CVE-2023-1859 * CVE-2023-2177 * CVE-2023-39192 * CVE-2023-39193 * CVE-2023-39194 * CVE-2023-4155 * CVE-2023-42753 * CVE-2023-42754 * CVE-2023-4389 * CVE-2023-4563 * CVE-2023-4622 * CVE-2023-4623 * CVE-2023-4881 * CVE-2023-4921 * CVE-2023-5345 CVSS scores: * CVE-2023-1192 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1206 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1206 ( NVD ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1859 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L * CVE-2023-1859 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2177 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2177 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39192 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H * CVE-2023-39192 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L * CVE-2023-39193 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39193 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39194 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2023-39194 ( NVD ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2023-4155 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-4155 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2023-42753 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-42754 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-42754 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4389 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-4389 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4563 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N * CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4881 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-4881 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2023-4921 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4921 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5345 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5345 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Real Time Module 15-SP4 An update that solves 17 vulnerabilities and has seven security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861). * CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). * CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858). * CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467). * CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351). * CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215899) * CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150). * CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703). * CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275). * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117). * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). * CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages. (bsc#1214022) * CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169). * CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). * CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system (bsc#1210643). * CVE-2023-4563: Fixed an use-after-free flaw in the nftables sub-component. This vulnerability could allow a local attacker to crash the system or lead to a kernel information leak problem. (bsc#1214727) * CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995). The following non-security bugs were fixed: * ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs (git- fixes). * ALSA: hda/realtek: Splitting the UX3402 into two separate models (git- fixes). * ARM: pxa: remove use of symbol_get() (git-fixes). * arm64: csum: Fix OoB access in IP checksum code for negative lengths (git- fixes). * arm64: module-plts: inline linux/moduleloader.h (git-fixes) * arm64: module: Use module_init_layout_section() to spot init sections (git- fixes) * arm64: sdei: abort running SDEI handlers during crash (git-fixes) * arm64: tegra: Update AHUB clock parent and rate (git-fixes) * arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git- fixes) * ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes). * ASoC: meson: spdifin: start hw on dai probe (git-fixes). * ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes). * ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes). * ata: libata: disallow dev-initiated LPM transitions to unsupported states (git-fixes). * ata: pata_falcon: fix IO base selection for Q40 (git-fixes). * ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes). * ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes). * backlight: gpio_backlight: Drop output GPIO direction check for initial power state (git-fixes). * blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986). * blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992). * block/mq-deadline: use correct way to throttling write requests (bsc#1214993). * Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (git-fixes). * bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322). * bpf: Clear the probe_addr for uprobe (git-fixes). * btrfs: do not hold CPU for too long when defragging a file (bsc#1214988). * drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (git-fixes). * drm/amd/display: fix the white screen issue when >= 64GB DRAM (git-fixes). * drm/amd/display: prevent potential division by zero errors (git-fixes). * drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808). * drm/i915: mark requests for GuC virtual engines to avoid use-after-free (git-fixes). * drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (git-fixes). * drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes). * drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes). * ext4: avoid potential data overflow in next_linear_group (bsc#1214951). * ext4: correct inline offset when handling xattrs in inode body (bsc#1214950). * ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954). * ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943). * ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944). * ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942). * ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941). * ext4: Remove ext4 locking of moved directory (bsc#1214957). * ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940). * fs: do not update freeing inode i_io_list (bsc#1214813). * fs: Establish locking order for unrelated directories (bsc#1214958). * fs: Lock moved directories (bsc#1214959). * fs: lockd: avoid possible wrong NULL parameter (git-fixes). * fs: no need to check source (bsc#1215752). * fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE (bsc#1214813). * fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581). * gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479). * gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479). * gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479). * gve: Changes to add new TX queues (bsc#1214479). * gve: Control path for DQO-QPL (bsc#1214479). * gve: fix frag_list chaining (bsc#1214479). * gve: Fix gve interrupt names (bsc#1214479). * gve: RX path for DQO-QPL (bsc#1214479). * gve: trivial spell fix Recive to Receive (bsc#1214479). * gve: Tx path for DQO-QPL (bsc#1214479). * gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479). * gve: use vmalloc_array and vcalloc (bsc#1214479). * gve: XDP support GQI-QPL: helper function changes (bsc#1214479). * hwrng: virtio - add an internal buffer (git-fixes). * hwrng: virtio - always add a pending request (git-fixes). * hwrng: virtio - do not wait on cleanup (git-fixes). * hwrng: virtio - do not waste entropy (git-fixes). * hwrng: virtio - Fix race on data_avail and actual data (git-fixes). * i2c: aspeed: Reset the i2c controller when timeout occurs (git-fixes). * i3c: master: svc: fix probe failure when no i3c device exist (git-fixes). * idr: fix param name in idr_alloc_cyclic() doc (git-fixes). * Input: tca6416-keypad - fix interrupt enable disbalance (git-fixes). * iommu/virtio: Detach domain on endpoint release (git-fixes). * jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953). * jbd2: correct the end of the journal recovery scan range (bsc#1214955). * jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949). * jbd2: fix checkpoint cleanup performance regression (bsc#1214952). * jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948). * jbd2: recheck chechpointing non-dirty buffer (bsc#1214945). * jbd2: remove journal_clean_one_cp_list() (bsc#1214947). * jbd2: remove t_checkpoint_io_list (bsc#1214946). * jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946). * kabi/severities: ignore mlx4 internal symbols * kconfig: fix possible buffer overflow (git-fixes). * kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template. * kernel-binary: python3 is needed for build At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar scripts may exist. * kselftest/runner.sh: Propagate SIGTERM to runner child (git-fixes). * KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915). * KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896). * KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916). * KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894). * KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895). * KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911). * KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git- fixes). * KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes). * KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes). * KVM: x86/mmu: Include mmu.h in spte.h (git-fixes). * loop: Fix use-after-free issues (bsc#1214991). * loop: loop_set_status_from_info() check before assignment (bsc#1214990). * mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (bsc#1187236). * mlx4: Connect the ethernet part to the auxiliary bus (bsc#1187236). * mlx4: Connect the infiniband part to the auxiliary bus (bsc#1187236). * mlx4: Delete custom device management logic (bsc#1187236). * mlx4: Get rid of the mlx4_interface.activate callback (bsc#1187236). * mlx4: Get rid of the mlx4_interface.get_dev callback (bsc#1187236). * mlx4: Move the bond work to the core driver (bsc#1187236). * mlx4: Register mlx4 devices to an auxiliary virtual bus (bsc#1187236). * mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236). * mlx4: Replace the mlx4_interface.event callback with a notifier (bsc#1187236). * mlx4: Use 'void *' as the event param of mlx4_dispatch_event() (bsc#1187236). * net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes). * net: mana: Add page pool for RX buffers (bsc#1214040). * net: mana: Configure hwc timeout from hardware (bsc#1214037). * net: phy: micrel: Correct bit assignments for phy_device flags (git-fixes). * net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes). * net/mlx4: Remove many unnecessary NULL values (bsc#1187236). * NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git- fixes). * NFS/blocklayout: Use the passed in gfp flags (git-fixes). * NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes). * NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes). * NFSD: fix change_info in NFSv4 RENAME replies (git-fixes). * NFSD: Fix race to FREE_STATEID and cl_revoked (git-fixes). * NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes). * NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes). * NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes). * NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes). * NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes). * ntb: Clean up tx tail index on link down (git-fixes). * ntb: Drop packets when qp link is down (git-fixes). * ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes). * nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543). * nvme-tcp: add recovery_delay to sysfs (bsc#1201284). * nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284). * nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284). * nvme-tcp: make 'err_work' a delayed work (bsc#1201284). * PCI: Free released resource after coalescing (git-fixes). * platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (git-fixes). * platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (git- fixes). * platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes). * platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors (git-fixes). * platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git- fixes). * platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes). * platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes). * platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes). * pNFS: Fix assignment of xprtdata.cred (git-fixes). * powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582). * powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729). * powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051). * powerpc/xics: Remove unnecessary endian conversion (bsc#1065729). * printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875). * pwm: lpc32xx: Remove handling of PWM channels (git-fixes). * quota: add new helper dquot_active() (bsc#1214998). * quota: factor out dquot_write_dquot() (bsc#1214995). * quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963). * quota: fix warning in dqgrab() (bsc#1214962). * quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961). * quota: rename dquot_active() to inode_quota_active() (bsc#1214997). * s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215148). * scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes). * scsi: 53c700: Check that command slot is not NULL (git-fixes). * scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes). * scsi: core: Fix possible memory leak if device_add() fails (git-fixes). * scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes). * scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE (git-fixes). * scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes). * scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git- fixes). * scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (git-fixes). * scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes). * scsi: lpfc: Remove reftag check in DIF paths (git-fixes). * scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658). * scsi: qedf: Fix firmware halt over suspend and resume (git-fixes). * scsi: qedf: Fix NULL dereference in error handling (git-fixes). * scsi: qedi: Fix firmware halt over suspend and resume (git-fixes). * scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928). * scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928). * scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928). * scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928). * scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git- fixes). * scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928). * scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928). * scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928). * scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928). * scsi: qla2xxx: Remove unused declarations (bsc#1214928). * scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928). * scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928). * scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes). * scsi: scsi_debug: Remove dead code (git-fixes). * scsi: snic: Fix double free in snic_tgt_create() (git-fixes). * scsi: snic: Fix possible memory leak if device_add() fails (git-fixes). * scsi: storvsc: Handle additional SRB status values (git-fixes). * scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941). * selftests: tracing: Fix to unmount tracefs for recovering environment (git- fixes). * SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes). * tcpm: Avoid soft reset when partner does not support get_status (git-fixes). * tracing: Fix race issue between cpu buffer write and swap (git-fixes). * tracing: Remove extra space at the end of hwlat_detector/mode (git-fixes). * tracing: Remove unnecessary copying of tr->current_trace (git-fixes). * uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes). * udf: Fix extension of the last extent in the file (bsc#1214964). * udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965). * udf: Fix off-by-one error when discarding preallocation (bsc#1214966). * udf: Fix uninitialized array access for some pathnames (bsc#1214967). * uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes). * usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes). * usb: ehci: move new member has_ci_pec_bug into hole (git-fixes). * usb: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes). * usb: serial: option: add Quectel EM05G variant (0x030e) (git-fixes). * usb: typec: tcpci: clear the fault status bit (git-fixes). * usb: typec: tcpci: move tcpci.h to include/linux/usb/ (git-fixes). * vhost_vdpa: fix the crash in unmap a large memory (git-fixes). * vhost-scsi: unbreak any layout for response (git-fixes). * vhost: allow batching hint without size (git-fixes). * vhost: fix hung thread due to erroneous iotlb entries (git-fixes). * vhost: handle error while adding split ranges to iotlb (git-fixes). * virtio_net: add checking sq is full inside xdp xmit (git-fixes). * virtio_net: Fix probe failed when modprobe virtio_net (git-fixes). * virtio_net: reorder some funcs (git-fixes). * virtio_net: separate the logic of checking whether sq is full (git-fixes). * virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes). * virtio-mmio: do not break lifecycle of vm_dev (git-fixes). * virtio-net: fix race between set queues and probe (git-fixes). * virtio-net: set queues after driver_ok (git-fixes). * virtio-rng: make device ready before making request (git-fixes). * virtio: acknowledge all features before access (git-fixes). * vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582). * watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (git-fixes). * word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729). * x86/alternative: Fix race in try_get_desc() (git-fixes). * x86/boot/e820: Fix typo in e820.c comment (git-fixes). * x86/bugs: Reset speculation control settings on init (git-fixes). * x86/cpu: Add Lunar Lake M (git-fixes). * x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes). * x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git- fixes). * x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git- fixes). * x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes). * x86/ioapic: Do not return 0 from arch_dynirq_lower_bound() (git-fixes). * x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git- fixes). * x86/mce: Retrieve poison range from hardware (git-fixes). * x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes). * x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes). * x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes). * x86/purgatory: remove PGO flags (git-fixes). * x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git- fixes). * x86/reboot: Disable virtualization in an emergency if SVM is supported (git- fixes). * x86/resctl: fix scheduler confusion with 'current' (git-fixes). * x86/resctrl: Fix task CLOSID/RMID update race (git-fixes). * x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes). * x86/rtc: Remove __init for runtime functions (git-fixes). * x86/sgx: Reduce delay and interference of enclave release (git-fixes). * x86/srso: Do not probe microcode in a guest (git-fixes). * x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes). * x86/srso: Fix srso_show_state() side effect (git-fixes). * x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes). * x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes). * xen: remove a confusing comment on auto-translated guest I/O (git-fixes). * xprtrdma: Remap Receive buffers after a reconnect (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4093=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4093=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4093=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4093=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4093=1 * SUSE Real Time Module 15-SP4 zypper in -t patch SUSE-SLE-Module-RT-15-SP4-2023-4093=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.56.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * kernel-rt-debuginfo-5.14.21-150400.15.56.1 * kernel-rt-debugsource-5.14.21-150400.15.56.1 * SUSE Linux Enterprise Micro 5.3 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.56.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * kernel-rt-debuginfo-5.14.21-150400.15.56.1 * kernel-rt-debugsource-5.14.21-150400.15.56.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.56.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * kernel-rt-debuginfo-5.14.21-150400.15.56.1 * kernel-rt-debugsource-5.14.21-150400.15.56.1 * SUSE Linux Enterprise Micro 5.4 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.56.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * kernel-rt-debuginfo-5.14.21-150400.15.56.1 * kernel-rt-debugsource-5.14.21-150400.15.56.1 * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * kernel-livepatch-SLE15-SP4-RT_Update_14-debugsource-1-150400.1.3.1 * kernel-livepatch-5_14_21-150400_15_56-rt-1-150400.1.3.1 * kernel-livepatch-5_14_21-150400_15_56-rt-debuginfo-1-150400.1.3.1 * SUSE Real Time Module 15-SP4 (x86_64) * kernel-rt-debuginfo-5.14.21-150400.15.56.1 * dlm-kmp-rt-5.14.21-150400.15.56.1 * kernel-rt-devel-debuginfo-5.14.21-150400.15.56.1 * kernel-rt-devel-5.14.21-150400.15.56.1 * cluster-md-kmp-rt-5.14.21-150400.15.56.1 * gfs2-kmp-rt-5.14.21-150400.15.56.1 * kernel-rt_debug-devel-debuginfo-5.14.21-150400.15.56.1 * ocfs2-kmp-rt-debuginfo-5.14.21-150400.15.56.1 * gfs2-kmp-rt-debuginfo-5.14.21-150400.15.56.1 * kernel-rt_debug-devel-5.14.21-150400.15.56.1 * kernel-rt_debug-debugsource-5.14.21-150400.15.56.1 * ocfs2-kmp-rt-5.14.21-150400.15.56.1 * kernel-rt_debug-debuginfo-5.14.21-150400.15.56.1 * cluster-md-kmp-rt-debuginfo-5.14.21-150400.15.56.1 * kernel-syms-rt-5.14.21-150400.15.56.1 * kernel-rt-debugsource-5.14.21-150400.15.56.1 * dlm-kmp-rt-debuginfo-5.14.21-150400.15.56.1 * SUSE Real Time Module 15-SP4 (noarch) * kernel-devel-rt-5.14.21-150400.15.56.1 * kernel-source-rt-5.14.21-150400.15.56.1 * SUSE Real Time Module 15-SP4 (nosrc x86_64) * kernel-rt_debug-5.14.21-150400.15.56.1 * kernel-rt-5.14.21-150400.15.56.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1192.html * https://www.suse.com/security/cve/CVE-2023-1206.html * https://www.suse.com/security/cve/CVE-2023-1859.html * https://www.suse.com/security/cve/CVE-2023-2177.html * https://www.suse.com/security/cve/CVE-2023-39192.html * https://www.suse.com/security/cve/CVE-2023-39193.html * https://www.suse.com/security/cve/CVE-2023-39194.html * https://www.suse.com/security/cve/CVE-2023-4155.html * https://www.suse.com/security/cve/CVE-2023-42753.html * https://www.suse.com/security/cve/CVE-2023-42754.html * https://www.suse.com/security/cve/CVE-2023-4389.html * https://www.suse.com/security/cve/CVE-2023-4563.html * https://www.suse.com/security/cve/CVE-2023-4622.html * https://www.suse.com/security/cve/CVE-2023-4623.html * https://www.suse.com/security/cve/CVE-2023-4881.html * https://www.suse.com/security/cve/CVE-2023-4921.html * https://www.suse.com/security/cve/CVE-2023-5345.html * https://bugzilla.suse.com/show_bug.cgi?id=1202845 * https://bugzilla.suse.com/show_bug.cgi?id=1213808 * https://bugzilla.suse.com/show_bug.cgi?id=1214928 * https://bugzilla.suse.com/show_bug.cgi?id=1214940 * https://bugzilla.suse.com/show_bug.cgi?id=1214941 * https://bugzilla.suse.com/show_bug.cgi?id=1214942 * https://bugzilla.suse.com/show_bug.cgi?id=1214943 * https://bugzilla.suse.com/show_bug.cgi?id=1214944 * https://bugzilla.suse.com/show_bug.cgi?id=1214950 * https://bugzilla.suse.com/show_bug.cgi?id=1214951 * https://bugzilla.suse.com/show_bug.cgi?id=1214954 * https://bugzilla.suse.com/show_bug.cgi?id=1214957 * https://bugzilla.suse.com/show_bug.cgi?id=1214986 * https://bugzilla.suse.com/show_bug.cgi?id=1214988 * https://bugzilla.suse.com/show_bug.cgi?id=1214992 * https://bugzilla.suse.com/show_bug.cgi?id=1214993 * https://bugzilla.suse.com/show_bug.cgi?id=1215322 * https://bugzilla.suse.com/show_bug.cgi?id=1215877 * https://bugzilla.suse.com/show_bug.cgi?id=1215894 * https://bugzilla.suse.com/show_bug.cgi?id=1215895 * https://bugzilla.suse.com/show_bug.cgi?id=1215896 * https://bugzilla.suse.com/show_bug.cgi?id=1215911 * https://bugzilla.suse.com/show_bug.cgi?id=1215915 * https://bugzilla.suse.com/show_bug.cgi?id=1215916 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 17 08:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2023 08:30:08 -0000 Subject: SUSE-SU-2023:4092-1: moderate: Security update for python-Django Message-ID: <169753140866.6138.2747409650234654091@smelt2.prg2.suse.org> # Security update for python-Django Announcement ID: SUSE-SU-2023:4092-1 Rating: moderate References: * bsc#1215978 Cross-References: * CVE-2023-43665 CVSS scores: * CVE-2023-43665 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: An update that solves one vulnerability can now be installed. ## Description: This update for python-Django fixes the following issues: * CVE-2023-43665: Fixed a Denial-of-service in django.utils.text.Truncator. (bsc#1215978) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: ## Package List: ## References: * https://www.suse.com/security/cve/CVE-2023-43665.html * https://bugzilla.suse.com/show_bug.cgi?id=1215978 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 17 08:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2023 08:30:10 -0000 Subject: SUSE-SU-2023:4091-1: important: Security update for python-gevent Message-ID: <169753141055.6138.6591938929648036735@smelt2.prg2.suse.org> # Security update for python-gevent Announcement ID: SUSE-SU-2023:4091-1 Rating: important References: * bsc#1215469 Cross-References: * CVE-2023-41419 CVSS scores: * CVE-2023-41419 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-41419 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python-gevent fixes the following issues: * CVE-2023-41419: Fixed a http request smuggling (bsc#1215469). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4091=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4091=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4091=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4091=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4091=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4091=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4091=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4091=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4091=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4091=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4091=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4091=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4091=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4091=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4091=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4091=1 ## Package List: * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * python3-gevent-1.2.2-150000.5.3.1 * python-gevent-debuginfo-1.2.2-150000.5.3.1 * python2-gevent-debuginfo-1.2.2-150000.5.3.1 * python3-gevent-debuginfo-1.2.2-150000.5.3.1 * python-gevent-debugsource-1.2.2-150000.5.3.1 * python2-gevent-1.2.2-150000.5.3.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * python-gevent-debuginfo-1.2.2-150000.5.3.1 * python3-gevent-debuginfo-1.2.2-150000.5.3.1 * python3-gevent-1.2.2-150000.5.3.1 * python-gevent-debugsource-1.2.2-150000.5.3.1 * SUSE CaaS Platform 4.0 (x86_64) * python3-gevent-1.2.2-150000.5.3.1 * python-gevent-debuginfo-1.2.2-150000.5.3.1 * python2-gevent-debuginfo-1.2.2-150000.5.3.1 * python3-gevent-debuginfo-1.2.2-150000.5.3.1 * python-gevent-debugsource-1.2.2-150000.5.3.1 * python2-gevent-1.2.2-150000.5.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python-gevent-debuginfo-1.2.2-150000.5.3.1 * python3-gevent-debuginfo-1.2.2-150000.5.3.1 * python3-gevent-1.2.2-150000.5.3.1 * python-gevent-debugsource-1.2.2-150000.5.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * python-gevent-debuginfo-1.2.2-150000.5.3.1 * python3-gevent-debuginfo-1.2.2-150000.5.3.1 * python3-gevent-1.2.2-150000.5.3.1 * python-gevent-debugsource-1.2.2-150000.5.3.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * python3-gevent-1.2.2-150000.5.3.1 * python-gevent-debuginfo-1.2.2-150000.5.3.1 * python2-gevent-debuginfo-1.2.2-150000.5.3.1 * python3-gevent-debuginfo-1.2.2-150000.5.3.1 * python-gevent-debugsource-1.2.2-150000.5.3.1 * python2-gevent-1.2.2-150000.5.3.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * python3-gevent-1.2.2-150000.5.3.1 * python-gevent-debuginfo-1.2.2-150000.5.3.1 * python2-gevent-debuginfo-1.2.2-150000.5.3.1 * python3-gevent-debuginfo-1.2.2-150000.5.3.1 * python-gevent-debugsource-1.2.2-150000.5.3.1 * python2-gevent-1.2.2-150000.5.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * python-gevent-debuginfo-1.2.2-150000.5.3.1 * python3-gevent-debuginfo-1.2.2-150000.5.3.1 * python3-gevent-1.2.2-150000.5.3.1 * python-gevent-debugsource-1.2.2-150000.5.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * python-gevent-debuginfo-1.2.2-150000.5.3.1 * python3-gevent-debuginfo-1.2.2-150000.5.3.1 * python3-gevent-1.2.2-150000.5.3.1 * python-gevent-debugsource-1.2.2-150000.5.3.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * python3-gevent-1.2.2-150000.5.3.1 * python-gevent-debuginfo-1.2.2-150000.5.3.1 * python2-gevent-debuginfo-1.2.2-150000.5.3.1 * python3-gevent-debuginfo-1.2.2-150000.5.3.1 * python-gevent-debugsource-1.2.2-150000.5.3.1 * python2-gevent-1.2.2-150000.5.3.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * python3-gevent-1.2.2-150000.5.3.1 * python-gevent-debuginfo-1.2.2-150000.5.3.1 * python2-gevent-debuginfo-1.2.2-150000.5.3.1 * python3-gevent-debuginfo-1.2.2-150000.5.3.1 * python-gevent-debugsource-1.2.2-150000.5.3.1 * python2-gevent-1.2.2-150000.5.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * python-gevent-debuginfo-1.2.2-150000.5.3.1 * python3-gevent-debuginfo-1.2.2-150000.5.3.1 * python3-gevent-1.2.2-150000.5.3.1 * python-gevent-debugsource-1.2.2-150000.5.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * python3-gevent-1.2.2-150000.5.3.1 * python-gevent-debuginfo-1.2.2-150000.5.3.1 * python2-gevent-debuginfo-1.2.2-150000.5.3.1 * python3-gevent-debuginfo-1.2.2-150000.5.3.1 * python-gevent-debugsource-1.2.2-150000.5.3.1 * python2-gevent-1.2.2-150000.5.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * python3-gevent-1.2.2-150000.5.3.1 * python-gevent-debuginfo-1.2.2-150000.5.3.1 * python2-gevent-debuginfo-1.2.2-150000.5.3.1 * python3-gevent-debuginfo-1.2.2-150000.5.3.1 * python-gevent-debugsource-1.2.2-150000.5.3.1 * python2-gevent-1.2.2-150000.5.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * python-gevent-debuginfo-1.2.2-150000.5.3.1 * python3-gevent-debuginfo-1.2.2-150000.5.3.1 * python3-gevent-1.2.2-150000.5.3.1 * python-gevent-debugsource-1.2.2-150000.5.3.1 * SUSE Manager Proxy 4.2 (x86_64) * python-gevent-debuginfo-1.2.2-150000.5.3.1 * python3-gevent-debuginfo-1.2.2-150000.5.3.1 * python3-gevent-1.2.2-150000.5.3.1 * python-gevent-debugsource-1.2.2-150000.5.3.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * python-gevent-debuginfo-1.2.2-150000.5.3.1 * python3-gevent-debuginfo-1.2.2-150000.5.3.1 * python3-gevent-1.2.2-150000.5.3.1 * python-gevent-debugsource-1.2.2-150000.5.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41419.html * https://bugzilla.suse.com/show_bug.cgi?id=1215469 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 17 08:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2023 08:30:12 -0000 Subject: SUSE-SU-2023:4090-1: important: Security update for libcue Message-ID: <169753141267.6138.6331023448325982787@smelt2.prg2.suse.org> # Security update for libcue Announcement ID: SUSE-SU-2023:4090-1 Rating: important References: * bsc#1215728 Cross-References: * CVE-2023-43641 CVSS scores: * CVE-2023-43641 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-43641 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for libcue fixes the following issues: * CVE-2023-43641: Fixed a buffer overflow while parsing a malicious file (bsc#1215728). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4090=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4090=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4090=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4090=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4090=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4090=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4090=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4090=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4090=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-4090=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4090=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4090=1 ## Package List: * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libcue2-2.1.0-150000.3.3.1 * libcue-debugsource-2.1.0-150000.3.3.1 * libcue2-debuginfo-2.1.0-150000.3.3.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libcue2-2.1.0-150000.3.3.1 * libcue-debugsource-2.1.0-150000.3.3.1 * libcue2-debuginfo-2.1.0-150000.3.3.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libcue2-2.1.0-150000.3.3.1 * libcue-debugsource-2.1.0-150000.3.3.1 * libcue2-debuginfo-2.1.0-150000.3.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libcue2-2.1.0-150000.3.3.1 * libcue-debugsource-2.1.0-150000.3.3.1 * libcue2-debuginfo-2.1.0-150000.3.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libcue2-2.1.0-150000.3.3.1 * libcue-debugsource-2.1.0-150000.3.3.1 * libcue2-debuginfo-2.1.0-150000.3.3.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libcue2-2.1.0-150000.3.3.1 * libcue-debugsource-2.1.0-150000.3.3.1 * libcue2-debuginfo-2.1.0-150000.3.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libcue2-2.1.0-150000.3.3.1 * libcue-debugsource-2.1.0-150000.3.3.1 * libcue2-debuginfo-2.1.0-150000.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libcue2-2.1.0-150000.3.3.1 * libcue-debugsource-2.1.0-150000.3.3.1 * libcue2-debuginfo-2.1.0-150000.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libcue2-2.1.0-150000.3.3.1 * libcue-debugsource-2.1.0-150000.3.3.1 * libcue2-debuginfo-2.1.0-150000.3.3.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * libcue-debugsource-2.1.0-150000.3.3.1 * libcue-devel-2.1.0-150000.3.3.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * libcue-debugsource-2.1.0-150000.3.3.1 * libcue-devel-2.1.0-150000.3.3.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libcue2-2.1.0-150000.3.3.1 * libcue-debugsource-2.1.0-150000.3.3.1 * libcue2-debuginfo-2.1.0-150000.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-43641.html * https://bugzilla.suse.com/show_bug.cgi?id=1215728 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 17 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2023 12:30:02 -0000 Subject: SUSE-RU-2023:4094-1: important: Recommended update for fwupd Message-ID: <169754580231.19937.1528478458884633497@smelt2.prg2.suse.org> # Recommended update for fwupd Announcement ID: SUSE-RU-2023:4094-1 Rating: important References: * bsc#1212211 Affected Products: * Desktop Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one fix can now be installed. ## Description: This update for fwupd fixes the following issues: * fwupd/FuEngine failure messages in /var/log/messages in SLES15 SP5 (bsc#1212211) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4094=1 ## Package List: * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * typelib-1_0-Fwupd-2_0-1.8.6-150500.4.3.1 * libfwupd2-debuginfo-1.8.6-150500.4.3.1 * fwupd-debugsource-1.8.6-150500.4.3.1 * fwupd-1.8.6-150500.4.3.1 * libfwupd2-1.8.6-150500.4.3.1 * fwupd-devel-1.8.6-150500.4.3.1 * fwupd-debuginfo-1.8.6-150500.4.3.1 * Desktop Applications Module 15-SP5 (noarch) * fwupd-bash-completion-1.8.6-150500.4.3.1 * fwupd-lang-1.8.6-150500.4.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212211 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 17 15:21:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2023 17:21:45 +0200 (CEST) Subject: SUSE-CU-2023:3434-1: Security update of bci/python Message-ID: <20231017152145.44FC3F417@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3434-1 Container Tags : bci/python:3 , bci/python:3-16.4 , bci/python:3.10 , bci/python:3.10-16.4 Container Release : 16.4 Severity : important Type : security References : 1173407 1214806 1215888 1215889 CVE-2023-38545 CVE-2023-38546 CVE-2023-4641 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1906-1 Released: Tue Jul 14 15:58:16 2020 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: 1173407 This update for lifecycle-data-sle-module-development-tools fixes the following issue: - Ensure package is installed with its corresponding module when lifecycle package is installed. (bsc#1173407) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3603-1 Released: Wed Dec 2 15:11:46 2020 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Added expiration data for the GCC 9 yearly update for the Toolchain/Development modules. (jsc#ECO-2373, jsc#SLE-10950, jsc#SLE-10951) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2245-1 Released: Mon Jul 5 12:14:52 2021 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - mark go1.14 as 'end of life' as go1.16 was released and we only support 2 go versions parallel (jsc#ECO-1484) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:950-1 Released: Fri Mar 25 12:47:04 2022 Summary: Feature update for lifecycle-data-sle-module-development-tools Type: feature Severity: moderate References: This feature update for lifecycle-data-sle-module-development-tools fixes the following issues: - Added expiration data for GCC 10 yearly update for the Toolchain/Development modules (jsc#ECO-2373, jsc#SLE-16821, jsc#SLE-16822) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:2523-1 Released: Fri Jun 16 11:15:25 2023 Summary: Feature update for lifecycle-data-sle-module-development-tools Type: feature Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Added expiration data for GCC 11 yearly update for the Toolchain/Development modules (jsc#SLE-25046, jsc#SLE-25045, jsc#SLE-25044, jsc#PED-2030, jsc#PED-2033, jsc#PED-2035) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4086-1 Released: Mon Oct 16 12:48:13 2023 Summary: Recommended update for python310 Type: recommended Severity: moderate References: This update for python310 fixes the following issues: - Python documentation uses deprecated Sphinx index entries (https://github.com/python/cpython/issues/97950) The following package changes have been done: - login_defs-4.8.1-150400.10.12.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - rpm-ndb-4.14.3-150400.59.3.1 updated - shadow-4.8.1-150400.10.12.1 updated - curl-8.0.1-150400.5.32.1 updated - lifecycle-data-sle-module-development-tools-1-150200.3.16.1 added - libpython3_10-1_0-3.10.13-150400.4.36.1 updated - python310-base-3.10.13-150400.4.36.1 updated - python310-3.10.13-150400.4.36.1 updated - python310-devel-3.10.13-150400.4.36.1 updated - container:sles15-image-15.0.0-27.14.107 updated From sle-updates at lists.suse.com Tue Oct 17 15:21:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2023 17:21:50 +0200 (CEST) Subject: SUSE-CU-2023:3435-1: Recommended update of bci/golang Message-ID: <20231017152150.3DFEDF417@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3435-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-7.11 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-7.11 Container Release : 7.11 Severity : low Type : recommended References : ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) The following package changes have been done: - rpm-ndb-4.14.3-150400.59.3.1 updated - container:sles15-image-15.0.0-36.5.43 updated From sle-updates at lists.suse.com Tue Oct 17 15:22:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2023 17:22:06 +0200 (CEST) Subject: SUSE-CU-2023:3436-1: Recommended update of bci/openjdk-devel Message-ID: <20231017152206.352B3F417@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3436-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-10.26 Container Release : 10.26 Severity : low Type : recommended References : ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) The following package changes have been done: - rpm-ndb-4.14.3-150400.59.3.1 updated - container:bci-openjdk-11-15.5.11-11.12 updated From sle-updates at lists.suse.com Tue Oct 17 15:22:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2023 17:22:20 +0200 (CEST) Subject: SUSE-CU-2023:3437-1: Recommended update of bci/openjdk Message-ID: <20231017152220.03AD5F417@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3437-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-12.12 , bci/openjdk:latest Container Release : 12.12 Severity : low Type : recommended References : ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) The following package changes have been done: - rpm-ndb-4.14.3-150400.59.3.1 updated - container:sles15-image-15.0.0-36.5.43 updated From sle-updates at lists.suse.com Tue Oct 17 15:22:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2023 17:22:32 +0200 (CEST) Subject: SUSE-CU-2023:3438-1: Recommended update of bci/php-apache Message-ID: <20231017152232.3CE00F417@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3438-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-8.11 Container Release : 8.11 Severity : low Type : recommended References : ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) The following package changes have been done: - rpm-ndb-4.14.3-150400.59.3.1 updated - container:sles15-image-15.0.0-36.5.43 updated From sle-updates at lists.suse.com Tue Oct 17 15:22:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2023 17:22:44 +0200 (CEST) Subject: SUSE-CU-2023:3439-1: Recommended update of bci/php Message-ID: <20231017152244.8185DF417@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3439-1 Container Tags : bci/php:8 , bci/php:8-8.10 Container Release : 8.10 Severity : low Type : recommended References : ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) The following package changes have been done: - rpm-ndb-4.14.3-150400.59.3.1 updated - container:sles15-image-15.0.0-36.5.43 updated From sle-updates at lists.suse.com Tue Oct 17 15:22:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2023 17:22:58 +0200 (CEST) Subject: SUSE-CU-2023:3440-1: Recommended update of bci/python Message-ID: <20231017152258.C026DF417@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3440-1 Container Tags : bci/python:3 , bci/python:3-12.6 , bci/python:3.11 , bci/python:3.11-12.6 , bci/python:latest Container Release : 12.6 Severity : low Type : recommended References : ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) The following package changes have been done: - rpm-ndb-4.14.3-150400.59.3.1 updated - container:sles15-image-15.0.0-36.5.43 updated From sle-updates at lists.suse.com Tue Oct 17 15:23:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2023 17:23:12 +0200 (CEST) Subject: SUSE-CU-2023:3441-1: Recommended update of bci/python Message-ID: <20231017152312.55A76F417@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3441-1 Container Tags : bci/python:3 , bci/python:3-14.6 , bci/python:3.6 , bci/python:3.6-14.6 Container Release : 14.6 Severity : low Type : recommended References : ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) The following package changes have been done: - rpm-ndb-4.14.3-150400.59.3.1 updated - container:sles15-image-15.0.0-36.5.43 updated From sle-updates at lists.suse.com Tue Oct 17 15:23:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2023 17:23:25 +0200 (CEST) Subject: SUSE-CU-2023:3442-1: Recommended update of bci/ruby Message-ID: <20231017152325.C1FF9F417@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3442-1 Container Tags : bci/ruby:2 , bci/ruby:2-12.10 , bci/ruby:2.5 , bci/ruby:2.5-12.10 , bci/ruby:latest Container Release : 12.10 Severity : low Type : recommended References : ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) The following package changes have been done: - rpm-ndb-4.14.3-150400.59.3.1 updated - container:sles15-image-15.0.0-36.5.43 updated From sle-updates at lists.suse.com Tue Oct 17 15:23:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2023 17:23:38 +0200 (CEST) Subject: SUSE-CU-2023:3443-1: Recommended update of bci/rust Message-ID: <20231017152338.ABF26F417@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3443-1 Container Tags : bci/rust:1.73 , bci/rust:1.73-1.2.2 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.2 Container Release : 2.2 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4067-1 Released: Thu Oct 12 20:05:00 2023 Summary: Recommended update for rust, rust1.73 Type: recommended Severity: moderate References: This update for rust, rust1.73 fixes the following issues: Changes in rust1.73: Version 1.73.0 (2023-10-05) ========================== Language -------- - Uplift clippy::fn_null_check lint as useless_ptr_null_checks. - Make noop_method_call warn by default. - Support interpolated block for try and async in macros. - Make unconditional_recursion lint detect recursive drops. - Future compatibility warning for some impls being incorrectly considered not overlapping. - The invalid_reference_casting lint is now **deny-by-default** (instead of allow-by-default) Compiler -------- - Write version information in a .comment section like GCC/Clang. - Add documentation on v0 symbol mangling. - Stabilize extern 'thiscall' and 'thiscall-unwind' ABIs. - Only check outlives goals on impl compared to trait. - Infer type in irrefutable slice patterns with fixed length as array. - Discard default auto trait impls if explicit ones exist. - Add several new tier 3 targets: - aarch64-unknown-teeos - csky-unknown-linux-gnuabiv2 - riscv64-linux-android - riscv64gc-unknown-hermit - x86_64-unikraft-linux-musl - x86_64-unknown-linux-ohos - Add wasm32-wasi-preview1-threads as a tier 2 target. Refer to Rust's platform support page for more information on Rust's tiered platform support. Libraries --------- - Add Read, Write and Seek impls for Arc. - Merge functionality of io::Sink into io::Empty. - Implement RefUnwindSafe for Backtrace - Make ExitStatus implement Default - impl SliceIndex for (Bound, Bound) - Change default panic handler message format. - Cleaner assert_eq! & assert_ne! panic messages. - Correct the (deprecated) Android stat struct definitions. Stabilized APIs --------------- - Unsigned {integer}::div_ceil https://doc.rust-lang.org/stable/std/primitive.u32.html#method.div_ceil - Unsigned {integer}::next_multiple_of https://doc.rust-lang.org/stable/std/primitive.u32.html#method.next_multiple_of - Unsigned {integer}::checked_next_multiple_of https://doc.rust-lang.org/stable/std/primitive.u32.html#method.checked_next_multiple_of - std::ffi::FromBytesUntilNulError https://doc.rust-lang.org/stable/std/ffi/struct.FromBytesUntilNulError.html - std::os::unix::fs::chown https://doc.rust-lang.org/stable/std/os/unix/fs/fn.chown.html - std::os::unix::fs::fchown https://doc.rust-lang.org/stable/std/os/unix/fs/fn.fchown.html - std::os::unix::fs::lchown https://doc.rust-lang.org/stable/std/os/unix/fs/fn.lchown.html - LocalKey::>::get https://doc.rust-lang.org/stable/std/thread/struct.LocalKey.html#method.get - LocalKey::>::set https://doc.rust-lang.org/stable/std/thread/struct.LocalKey.html#method.set - LocalKey::>::take https://doc.rust-lang.org/stable/std/thread/struct.LocalKey.html#method.take - LocalKey::>::replace https://doc.rust-lang.org/stable/std/thread/struct.LocalKey.html#method.replace - LocalKey::>::with_borrow https://doc.rust-lang.org/stable/std/thread/struct.LocalKey.html#method.with_borrow - LocalKey::>::with_borrow_mut https://doc.rust-lang.org/stable/std/thread/struct.LocalKey.html#method.with_borrow_mut - LocalKey::>::set https://doc.rust-lang.org/stable/std/thread/struct.LocalKey.html#method.set-1 - LocalKey::>::take https://doc.rust-lang.org/stable/std/thread/struct.LocalKey.html#method.take-1 - LocalKey::>::replace https://doc.rust-lang.org/stable/std/thread/struct.LocalKey.html#method.replace-1 These APIs are now stable in const contexts: - rc::Weak::new https://doc.rust-lang.org/stable/alloc/rc/struct.Weak.html#method.new - sync::Weak::new https://doc.rust-lang.org/stable/alloc/sync/struct.Weak.html#method.new - NonNull::as_ref https://doc.rust-lang.org/stable/core/ptr/struct.NonNull.html#method.as_ref Cargo ----- - Encode URL params correctly for SourceId in Cargo.lock. - Bail out an error when using cargo:: in custom build script. Compatibility Notes ------------------- - Update the minimum external LLVM to 15. - Check for non-defining uses of return position impl Trait. Changes in rust: - Update to version 1.73.0 - for details see the rust1.73 package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) The following package changes have been done: - rpm-ndb-4.14.3-150400.59.3.1 updated - rust1.73-1.73.0-150400.9.3.1 added - cargo1.73-1.73.0-150400.9.3.1 added - container:sles15-image-15.0.0-36.5.43 updated - cargo1.72-1.72.1-150400.9.6.1 removed - rust1.72-1.72.1-150400.9.6.1 removed From sle-updates at lists.suse.com Tue Oct 17 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2023 16:30:02 -0000 Subject: SUSE-SU-2023:4104-1: important: Security update for opensc Message-ID: <169756020292.25356.12741028150241772374@smelt2.prg2.suse.org> # Security update for opensc Announcement ID: SUSE-SU-2023:4104-1 Rating: important References: * bsc#1215761 * bsc#1215762 Cross-References: * CVE-2023-40660 * CVE-2023-40661 CVSS scores: * CVE-2023-40660 ( SUSE ): 7.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2023-40661 ( SUSE ): 5.4 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for opensc fixes the following issues: * CVE-2023-40660: Fixed a PIN bypass that could be triggered when cards tracked their own login state (bsc#1215762). * CVE-2023-40661: Fixed several memory safety issues that could happen during the card enrollment process using pkcs15-init (bsc#1215761). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4104=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4104=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4104=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4104=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4104=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4104=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4104=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4104=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4104=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4104=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4104=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4104=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4104=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4104=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4104=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4104=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4104=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * opensc-debugsource-0.19.0-150100.3.25.1 * opensc-0.19.0-150100.3.25.1 * opensc-debuginfo-0.19.0-150100.3.25.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * opensc-debugsource-0.19.0-150100.3.25.1 * opensc-0.19.0-150100.3.25.1 * opensc-debuginfo-0.19.0-150100.3.25.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * opensc-debugsource-0.19.0-150100.3.25.1 * opensc-0.19.0-150100.3.25.1 * opensc-debuginfo-0.19.0-150100.3.25.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * opensc-debugsource-0.19.0-150100.3.25.1 * opensc-0.19.0-150100.3.25.1 * opensc-debuginfo-0.19.0-150100.3.25.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * opensc-debugsource-0.19.0-150100.3.25.1 * opensc-0.19.0-150100.3.25.1 * opensc-debuginfo-0.19.0-150100.3.25.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * opensc-debugsource-0.19.0-150100.3.25.1 * opensc-0.19.0-150100.3.25.1 * opensc-debuginfo-0.19.0-150100.3.25.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * opensc-debugsource-0.19.0-150100.3.25.1 * opensc-0.19.0-150100.3.25.1 * opensc-debuginfo-0.19.0-150100.3.25.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * opensc-debugsource-0.19.0-150100.3.25.1 * opensc-0.19.0-150100.3.25.1 * opensc-debuginfo-0.19.0-150100.3.25.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * opensc-debugsource-0.19.0-150100.3.25.1 * opensc-0.19.0-150100.3.25.1 * opensc-debuginfo-0.19.0-150100.3.25.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * opensc-debugsource-0.19.0-150100.3.25.1 * opensc-0.19.0-150100.3.25.1 * opensc-debuginfo-0.19.0-150100.3.25.1 * SUSE Manager Proxy 4.2 (x86_64) * opensc-debugsource-0.19.0-150100.3.25.1 * opensc-0.19.0-150100.3.25.1 * opensc-debuginfo-0.19.0-150100.3.25.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * opensc-debugsource-0.19.0-150100.3.25.1 * opensc-0.19.0-150100.3.25.1 * opensc-debuginfo-0.19.0-150100.3.25.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * opensc-debugsource-0.19.0-150100.3.25.1 * opensc-0.19.0-150100.3.25.1 * opensc-debuginfo-0.19.0-150100.3.25.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * opensc-debugsource-0.19.0-150100.3.25.1 * opensc-0.19.0-150100.3.25.1 * opensc-debuginfo-0.19.0-150100.3.25.1 * SUSE CaaS Platform 4.0 (x86_64) * opensc-debugsource-0.19.0-150100.3.25.1 * opensc-0.19.0-150100.3.25.1 * opensc-debuginfo-0.19.0-150100.3.25.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * opensc-debugsource-0.19.0-150100.3.25.1 * opensc-0.19.0-150100.3.25.1 * opensc-debuginfo-0.19.0-150100.3.25.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * opensc-debugsource-0.19.0-150100.3.25.1 * opensc-0.19.0-150100.3.25.1 * opensc-debuginfo-0.19.0-150100.3.25.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * opensc-debugsource-0.19.0-150100.3.25.1 * opensc-0.19.0-150100.3.25.1 * opensc-debuginfo-0.19.0-150100.3.25.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40660.html * https://www.suse.com/security/cve/CVE-2023-40661.html * https://bugzilla.suse.com/show_bug.cgi?id=1215761 * https://bugzilla.suse.com/show_bug.cgi?id=1215762 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 17 16:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2023 16:30:05 -0000 Subject: SUSE-SU-2023:4103-1: important: Security update for buildah Message-ID: <169756020518.25356.4320589938978523714@smelt2.prg2.suse.org> # Security update for buildah Announcement ID: SUSE-SU-2023:4103-1 Rating: important References: * bsc#1212475 * bsc#1216005 Affected Products: * Containers Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has two security fixes can now be installed. ## Description: This update of buildah fixes the following issues: * rebuild the package with the go 1.21 security release (bsc#1212475). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-4103=1 ## Package List: * Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64) * buildah-1.29.1-150500.3.2.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212475 * https://bugzilla.suse.com/show_bug.cgi?id=1216005 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 17 16:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2023 16:30:07 -0000 Subject: SUSE-SU-2023:4102-1: important: Security update for nghttp2 Message-ID: <169756020709.25356.5049761200848918533@smelt2.prg2.suse.org> # Security update for nghttp2 Announcement ID: SUSE-SU-2023:4102-1 Rating: important References: * bsc#1215713 Cross-References: * CVE-2023-35945 CVSS scores: * CVE-2023-35945 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-35945 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability can now be installed. ## Description: This update for nghttp2 fixes the following issues: * CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4102=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4102=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4102=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libnghttp2-14-debuginfo-1.40.0-150000.3.14.1 * libnghttp2-14-1.40.0-150000.3.14.1 * libnghttp2_asio1-debuginfo-1.40.0-150000.3.14.1 * libnghttp2-devel-1.40.0-150000.3.14.1 * libnghttp2_asio-devel-1.40.0-150000.3.14.1 * nghttp2-debugsource-1.40.0-150000.3.14.1 * nghttp2-debuginfo-1.40.0-150000.3.14.1 * libnghttp2_asio1-1.40.0-150000.3.14.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libnghttp2-14-32bit-1.40.0-150000.3.14.1 * libnghttp2-14-32bit-debuginfo-1.40.0-150000.3.14.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libnghttp2-14-debuginfo-1.40.0-150000.3.14.1 * libnghttp2-14-1.40.0-150000.3.14.1 * libnghttp2_asio1-debuginfo-1.40.0-150000.3.14.1 * libnghttp2-devel-1.40.0-150000.3.14.1 * libnghttp2_asio-devel-1.40.0-150000.3.14.1 * nghttp2-debugsource-1.40.0-150000.3.14.1 * nghttp2-debuginfo-1.40.0-150000.3.14.1 * libnghttp2_asio1-1.40.0-150000.3.14.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libnghttp2-14-32bit-1.40.0-150000.3.14.1 * libnghttp2-14-32bit-debuginfo-1.40.0-150000.3.14.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libnghttp2-14-debuginfo-1.40.0-150000.3.14.1 * libnghttp2-14-1.40.0-150000.3.14.1 * libnghttp2_asio1-debuginfo-1.40.0-150000.3.14.1 * libnghttp2-devel-1.40.0-150000.3.14.1 * libnghttp2_asio-devel-1.40.0-150000.3.14.1 * nghttp2-debugsource-1.40.0-150000.3.14.1 * nghttp2-debuginfo-1.40.0-150000.3.14.1 * libnghttp2_asio1-1.40.0-150000.3.14.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libnghttp2-14-32bit-1.40.0-150000.3.14.1 * libnghttp2-14-32bit-debuginfo-1.40.0-150000.3.14.1 * SUSE CaaS Platform 4.0 (x86_64) * libnghttp2-14-debuginfo-1.40.0-150000.3.14.1 * libnghttp2-14-1.40.0-150000.3.14.1 * libnghttp2_asio1-debuginfo-1.40.0-150000.3.14.1 * libnghttp2-devel-1.40.0-150000.3.14.1 * nghttp2-debuginfo-1.40.0-150000.3.14.1 * libnghttp2_asio-devel-1.40.0-150000.3.14.1 * nghttp2-debugsource-1.40.0-150000.3.14.1 * libnghttp2-14-32bit-1.40.0-150000.3.14.1 * libnghttp2-14-32bit-debuginfo-1.40.0-150000.3.14.1 * libnghttp2_asio1-1.40.0-150000.3.14.1 ## References: * https://www.suse.com/security/cve/CVE-2023-35945.html * https://bugzilla.suse.com/show_bug.cgi?id=1215713 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 17 16:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2023 16:30:08 -0000 Subject: SUSE-SU-2023:4101-1: important: Security update for conmon Message-ID: <169756020887.25356.5208358958102191736@smelt2.prg2.suse.org> # Security update for conmon Announcement ID: SUSE-SU-2023:4101-1 Rating: important References: * bsc#1215806 Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that has one security fix can now be installed. ## Description: This update for conmon fixes the following issues: conmon is rebuilt with the current stable release go1.21 (bsc#1215806) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4101=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4101=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4101=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4101=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4101=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4101=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4101=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4101=1 ## Package List: * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * conmon-2.1.5-150300.8.14.1 * conmon-debuginfo-2.1.5-150300.8.14.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * conmon-2.1.5-150300.8.14.1 * conmon-debuginfo-2.1.5-150300.8.14.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * conmon-2.1.5-150300.8.14.1 * conmon-debuginfo-2.1.5-150300.8.14.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * conmon-2.1.5-150300.8.14.1 * conmon-debuginfo-2.1.5-150300.8.14.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * conmon-2.1.5-150300.8.14.1 * conmon-debuginfo-2.1.5-150300.8.14.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * conmon-2.1.5-150300.8.14.1 * conmon-debuginfo-2.1.5-150300.8.14.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * conmon-2.1.5-150300.8.14.1 * conmon-debuginfo-2.1.5-150300.8.14.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * conmon-2.1.5-150300.8.14.1 * conmon-debuginfo-2.1.5-150300.8.14.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215806 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 17 16:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2023 16:30:11 -0000 Subject: SUSE-RU-2023:4100-1: moderate: Recommended update for buildah Message-ID: <169756021102.25356.4908242947854499222@smelt2.prg2.suse.org> # Recommended update for buildah Announcement ID: SUSE-RU-2023:4100-1 Rating: moderate References: * bsc#1216005 * jsc#PED-1805 Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that contains one feature and has one fix can now be installed. ## Description: This update for buildah fixes the following issues: Update to version 1.29.1: * Update to c/image 5.24.1 Update to version 1.29.0: * tests: improve build-with-network-test * Flake 3710 has been closed. Reenable the test. * [CI:DOCS] Fix two diversity issues in a tutorial * vendor in latests containers/(storage, common, image) * fix bud-multiple-platform-with-base-as-default-arg flake * stage_executor: while mounting stages use freshly built stage * vendor in latests containers/(storage, common, image, ocicyrpt) * [Itests: change the runtime-flag test for crun * [CI:DOCS] README: drop sudo * Fix multi-arch manifest-list build timeouts * Cirrus: Update VM Images * bud: Consolidate multiple synthetic LABEL instructions * build, secret: allow realtive mountpoints wrt to work dir * fixed squash documentation * system tests: remove unhelpful assertions * buildah: add prune command and expose CleanCacheMount API * Add support for --group-add to buildah from * Add documentation for buildah build --pull=missing * parse: default ignorefile must not point to symlink outside context * buildah: wrap network setup errors * build, mount: allow realtive mountpoints wrt to work dir * Update contact information * Replace io/ioutil calls with os calls * remote-cache: support multiple sources and destinations * Update c/storage after https://github.com/containers/storage/pull/1436 * util.SortMounts(): make the returned order more stable * mount=type=cache: seperate cache parent on host for each user * Fix installation instructions for Gentoo Linux * GHA: Reuse both cirrus rerun and check workflows * Vendor in latest containers/(common,image,storage) * copier.Put(): clear up os/syscall mode bit confusion * Use TypeBind consistently to name bind/nullfs mounts * Add no-new-privileges flag * Update vendor of containers/(common, image, storage) * imagebuildah:build with --all-platforms must honor args for base images * codespell code * Expand args and env when using --all-platforms * GHA: Simplify Cirrus-Cron check slightly * Stop using ubi8 * remove unnecessary (hence misleading) rmi * chroot: fix mounting of ro bind mounts * executor: honor default ARG value while eval base name * userns: add arbitrary steps/stage to --userns=auto test * Don't set allow.mount in the vnet jail on Freebsd * copier: Preserve file flags when copying archives on FreeBSD * Remove quiet flag, so that it works in podman-remote * test: fix preserve rootfs with --mount for podman-remote * test: fix prune logic for cache-from after adding content summary * vendor in latest containers/(storage, common, image) * Fix RUN --mount=type=bind,from= not preserving rootfs of stage * Define and use a safe, reliable test image * Fix word missing in Container Tools Guide * Makefile: Use $(MAKE) to start sub-makes in install.tools * imagebuildah: pull cache from remote repo after adding content summary * Makefile: Fix install on FreeBSD * Ensure the cache volume locks are unlocked on all paths * Vendor in latest containers/(common,storage) * Simplify the interface of GetCacheMount and getCacheMount * Fix cache locks with multiple mounts * Remove calls to Lockfile.Locked() * Maintain cache mount locks as lock objects instead of paths * test: cleaning cache must not clean lockfiles * run: honor lockfiles for multiple --mount instruction * mount,cache: lockfiles must not be part of users cache content * Update vendor containers/(common,image,storage) * [CI:BUILD] copr: buildah rpm should depend on containers-common-extra * pr-should-include-tests: allow specfile, golangci * Update vendor containers/(common,image,storage) * sshagent: LockOSThread before setting SocketLabel * Update tests for error message changes * Update c/image after https://github.com/containers/image/pull/1299 * Fix ident for dependabot gha block * Fix man pages to match latest cobra settings * test: retrofit 'bud with undefined build arg directory' * imagebuildah: warnOnUnsetBuildArgs while processing stages from executor * Update contrib/buildahimage/Containerfile * Cirrus CI add flavor parameter * Correction - `FLAVOR` not `FLAVOUR` * Changed build argument from `RELEASE` to `FLAVOUR` * Combine buildahimage Containerfiles * bud.bats refactoring: $TEST_SCRATCH_DIR, part 2 of 2 * bud.bats refactoring: $TEST_SCRATCH_DIR, part 1 of 2 * System test cleanup: document, clarify, fix * test: removing unneeded/expensive COPY * test: warning behaviour for unset/set TARGETOS,TARGETARCH,TARGETPLATFORM * buildah is also rebuilt against go1.21. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4100=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4100=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4100=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4100=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4100=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * buildah-1.29.1-150300.8.17.53 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * buildah-1.29.1-150300.8.17.53 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * buildah-1.29.1-150300.8.17.53 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * buildah-1.29.1-150300.8.17.53 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * buildah-1.29.1-150300.8.17.53 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216005 * https://jira.suse.com/browse/PED-1805 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 17 16:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2023 16:30:12 -0000 Subject: SUSE-SU-2023:4099-1: moderate: Security update for buildah Message-ID: <169756021258.25356.1697873031723529540@smelt2.prg2.suse.org> # Security update for buildah Announcement ID: SUSE-SU-2023:4099-1 Rating: moderate References: * bsc#1202812 * bsc#1216005 Cross-References: * CVE-2022-2990 CVSS scores: * CVE-2022-2990 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2022-2990 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Affected Products: * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for buildah fixes the following issues: * CVE-2022-2990: Fixed a flaw which might allow sensitive information disclosure or possible data modification. (bsc#1202812) * buildah is also rebuilt against go1.21. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4099=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4099=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4099=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4099=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4099=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4099=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-4099=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * buildah-1.25.1-150100.3.20.15 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * buildah-1.25.1-150100.3.20.15 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * buildah-1.25.1-150100.3.20.15 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * buildah-1.25.1-150100.3.20.15 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * buildah-1.25.1-150100.3.20.15 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * buildah-1.25.1-150100.3.20.15 * SUSE Enterprise Storage 7 (aarch64 x86_64) * buildah-1.25.1-150100.3.20.15 * SUSE CaaS Platform 4.0 (x86_64) * buildah-1.25.1-150100.3.20.15 ## References: * https://www.suse.com/security/cve/CVE-2022-2990.html * https://bugzilla.suse.com/show_bug.cgi?id=1202812 * https://bugzilla.suse.com/show_bug.cgi?id=1216005 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 17 16:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2023 16:30:14 -0000 Subject: SUSE-SU-2023:4098-1: important: Security update for buildah Message-ID: <169756021438.25356.8093606854465276056@smelt2.prg2.suse.org> # Security update for buildah Announcement ID: SUSE-SU-2023:4098-1 Rating: important References: * bsc#1212475 * bsc#1216005 Affected Products: * Containers Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two security fixes can now be installed. ## Description: This update of buildah fixes the following issues: * rebuild the package with the go 1.21 security release (bsc#1212475). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-4098=1 ## Package List: * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * buildah-1.29.1-150400.3.22.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212475 * https://bugzilla.suse.com/show_bug.cgi?id=1216005 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 17 16:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2023 16:30:16 -0000 Subject: SUSE-SU-2023:4097-1: important: Security update for suse-module-tools Message-ID: <169756021668.25356.14903215102570102917@smelt2.prg2.suse.org> # Security update for suse-module-tools Announcement ID: SUSE-SU-2023:4097-1 Rating: important References: * bsc#1205767 * bsc#1210335 * jsc#PED-5731 Cross-References: * CVE-2023-1829 CVSS scores: * CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability, contains one feature and has one security fix can now be installed. ## Description: This update for suse-module-tools fixes the following issues: * Updated to version 15.2.18: * CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier module (bsc#1210335). * Blacklisted the Linux kernel RNDIS modules (bsc#1205767, jsc#PED-5731). * Fixed a build issue for s390x. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4097=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4097=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4097=1 ## Package List: * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * suse-module-tools-15.2.18-150200.4.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * suse-module-tools-15.2.18-150200.4.15.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * suse-module-tools-15.2.18-150200.4.15.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1829.html * https://bugzilla.suse.com/show_bug.cgi?id=1205767 * https://bugzilla.suse.com/show_bug.cgi?id=1210335 * https://jira.suse.com/browse/PED-5731 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 17 16:30:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2023 16:30:18 -0000 Subject: SUSE-SU-2023:4096-1: important: Security update for samba Message-ID: <169756021888.25356.5459977122258786846@smelt2.prg2.suse.org> # Security update for samba Announcement ID: SUSE-SU-2023:4096-1 Rating: important References: * bsc#1215904 * bsc#1215905 * bsc#1215908 Cross-References: * CVE-2023-4091 * CVE-2023-4154 * CVE-2023-42669 CVSS scores: * CVE-2023-4091 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2023-4154 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-42669 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves three vulnerabilities can now be installed. ## Description: This update for samba fixes the following issues: * CVE-2023-4091: Fixed a bug where a client can truncate file with read-only permissions. (bsc#1215904) * CVE-2023-42669: Fixed a bug in "rpcecho" development server which allows Denial of Service via sleep() call on AD DC. (bso#1215905) * CVE-2023-4154: Fixed a bug in dirsync which allows SYSTEM access with only "GUID_DRS_GET_CHANGES" right. (bsc#1215908) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4096=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4096=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4096=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4096=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4096=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4096=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4096=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4096=1 * SUSE Linux Enterprise High Availability Extension 15 SP3 zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-4096=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4096=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4096=1 ## Package List: * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libsamba-policy0-python3-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-libs-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-python3-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-python3-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ad-dc-libs-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-libs-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-python3-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ldb-ldap-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-libs-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-debugsource-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-devel-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-gpupdate-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-libs-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-dsdb-modules-4.15.13+git.691.3d3cea0641-150300.3.63.1 * libsamba-policy-python3-devel-4.15.13+git.691.3d3cea0641-150300.3.63.1 * libsamba-policy0-python3-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ldb-ldap-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-tool-4.15.13+git.691.3d3cea0641-150300.3.63.1 * libsamba-policy-devel-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-python3-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ad-dc-libs-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-dsdb-modules-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-4.15.13+git.691.3d3cea0641-150300.3.63.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64) * samba-ceph-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ceph-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * samba-client-libs-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ad-dc-libs-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-libs-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-devel-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-libs-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-libs-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libsamba-policy0-python3-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-libs-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-python3-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-python3-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ad-dc-libs-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-libs-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-python3-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ldb-ldap-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-libs-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-debugsource-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-devel-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-gpupdate-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-libs-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-dsdb-modules-4.15.13+git.691.3d3cea0641-150300.3.63.1 * libsamba-policy-python3-devel-4.15.13+git.691.3d3cea0641-150300.3.63.1 * libsamba-policy0-python3-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ldb-ldap-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-tool-4.15.13+git.691.3d3cea0641-150300.3.63.1 * libsamba-policy-devel-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-python3-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ad-dc-libs-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-dsdb-modules-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-4.15.13+git.691.3d3cea0641-150300.3.63.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * samba-client-libs-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ceph-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ad-dc-libs-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-libs-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-devel-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-libs-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-libs-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ceph-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * SUSE Manager Proxy 4.2 (x86_64) * libsamba-policy0-python3-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-libs-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-python3-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-python3-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ad-dc-libs-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-libs-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-libs-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-python3-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ldb-ldap-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-libs-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-libs-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-debugsource-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-libs-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-devel-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-gpupdate-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-libs-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ad-dc-libs-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-dsdb-modules-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * libsamba-policy-python3-devel-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * libsamba-policy0-python3-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ldb-ldap-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-tool-4.15.13+git.691.3d3cea0641-150300.3.63.1 * libsamba-policy-devel-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ceph-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-python3-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ad-dc-libs-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-devel-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-dsdb-modules-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-libs-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ceph-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libsamba-policy0-python3-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-libs-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-python3-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-python3-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ad-dc-libs-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-libs-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-libs-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-python3-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ldb-ldap-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-libs-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-libs-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-debugsource-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-libs-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-devel-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-gpupdate-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-libs-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ad-dc-libs-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-dsdb-modules-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * libsamba-policy-python3-devel-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * libsamba-policy0-python3-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ldb-ldap-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-tool-4.15.13+git.691.3d3cea0641-150300.3.63.1 * libsamba-policy-devel-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ceph-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-python3-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ad-dc-libs-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-devel-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-dsdb-modules-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-libs-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ceph-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libsamba-policy0-python3-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-libs-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ad-dc-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-python3-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-python3-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ad-dc-libs-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-libs-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-python3-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ldb-ldap-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ad-dc-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-libs-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-debugsource-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-devel-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-gpupdate-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-libs-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-dsdb-modules-4.15.13+git.691.3d3cea0641-150300.3.63.1 * libsamba-policy-python3-devel-4.15.13+git.691.3d3cea0641-150300.3.63.1 * libsamba-policy0-python3-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ldb-ldap-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-tool-4.15.13+git.691.3d3cea0641-150300.3.63.1 * libsamba-policy-devel-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-python3-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ad-dc-libs-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-dsdb-modules-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-4.15.13+git.691.3d3cea0641-150300.3.63.1 * SUSE Manager Server 4.2 (x86_64) * samba-client-libs-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ceph-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ad-dc-libs-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-libs-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-devel-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-libs-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-libs-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ceph-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libsamba-policy0-python3-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-libs-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-python3-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-python3-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ad-dc-libs-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-libs-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-python3-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ldb-ldap-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-libs-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-debugsource-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-devel-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-gpupdate-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-libs-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-dsdb-modules-4.15.13+git.691.3d3cea0641-150300.3.63.1 * libsamba-policy-python3-devel-4.15.13+git.691.3d3cea0641-150300.3.63.1 * libsamba-policy0-python3-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ldb-ldap-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-tool-4.15.13+git.691.3d3cea0641-150300.3.63.1 * libsamba-policy-devel-4.15.13+git.691.3d3cea0641-150300.3.63.1 * ctdb-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ceph-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-python3-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ad-dc-libs-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-dsdb-modules-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ceph-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * ctdb-4.15.13+git.691.3d3cea0641-150300.3.63.1 * SUSE Enterprise Storage 7.1 (x86_64) * samba-client-libs-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ad-dc-libs-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-libs-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-devel-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-libs-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-libs-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * samba-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-libs-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-libs-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-debugsource-4.15.13+git.691.3d3cea0641-150300.3.63.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * samba-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-libs-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-libs-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-debugsource-4.15.13+git.691.3d3cea0641-150300.3.63.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le s390x x86_64) * ctdb-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-debugsource-4.15.13+git.691.3d3cea0641-150300.3.63.1 * ctdb-4.15.13+git.691.3d3cea0641-150300.3.63.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libsamba-policy0-python3-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-libs-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-python3-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-python3-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ad-dc-libs-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-libs-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-python3-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ldb-ldap-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-libs-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-debugsource-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-devel-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-gpupdate-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-libs-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-dsdb-modules-4.15.13+git.691.3d3cea0641-150300.3.63.1 * libsamba-policy-python3-devel-4.15.13+git.691.3d3cea0641-150300.3.63.1 * libsamba-policy0-python3-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ldb-ldap-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-tool-4.15.13+git.691.3d3cea0641-150300.3.63.1 * libsamba-policy-devel-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ceph-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-python3-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ad-dc-libs-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-dsdb-modules-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ceph-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * samba-client-libs-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ad-dc-libs-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-libs-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-devel-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-libs-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-libs-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libsamba-policy0-python3-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-libs-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-python3-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-python3-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ad-dc-libs-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-libs-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-python3-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ldb-ldap-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-libs-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-debugsource-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-devel-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-gpupdate-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-libs-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-dsdb-modules-4.15.13+git.691.3d3cea0641-150300.3.63.1 * libsamba-policy-python3-devel-4.15.13+git.691.3d3cea0641-150300.3.63.1 * libsamba-policy0-python3-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ldb-ldap-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-tool-4.15.13+git.691.3d3cea0641-150300.3.63.1 * libsamba-policy-devel-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ceph-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-python3-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ad-dc-libs-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-dsdb-modules-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ceph-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * samba-client-libs-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ad-dc-libs-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-libs-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-devel-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-libs-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-winbind-libs-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-client-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.691.3d3cea0641-150300.3.63.1 * samba-libs-32bit-4.15.13+git.691.3d3cea0641-150300.3.63.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4091.html * https://www.suse.com/security/cve/CVE-2023-4154.html * https://www.suse.com/security/cve/CVE-2023-42669.html * https://bugzilla.suse.com/show_bug.cgi?id=1215904 * https://bugzilla.suse.com/show_bug.cgi?id=1215905 * https://bugzilla.suse.com/show_bug.cgi?id=1215908 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 17 16:30:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Oct 2023 16:30:24 -0000 Subject: SUSE-SU-2023:4095-1: important: Security update for the Linux Kernel Message-ID: <169756022481.25356.10086137814389550224@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4095-1 Rating: important References: * bsc#1176588 * bsc#1202845 * bsc#1207036 * bsc#1207270 * bsc#1208995 * bsc#1210169 * bsc#1210643 * bsc#1210658 * bsc#1212703 * bsc#1213812 * bsc#1214233 * bsc#1214351 * bsc#1214380 * bsc#1214386 * bsc#1215115 * bsc#1215117 * bsc#1215150 * bsc#1215221 * bsc#1215275 * bsc#1215299 * bsc#1215322 * bsc#1215356 Cross-References: * CVE-2020-36766 * CVE-2023-1192 * CVE-2023-1206 * CVE-2023-1859 * CVE-2023-2177 * CVE-2023-23454 * CVE-2023-4004 * CVE-2023-40283 * CVE-2023-42753 * CVE-2023-4389 * CVE-2023-4622 * CVE-2023-4623 * CVE-2023-4881 * CVE-2023-4921 CVSS scores: * CVE-2020-36766 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2020-36766 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-1192 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1206 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1206 ( NVD ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1859 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L * CVE-2023-1859 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2177 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2177 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4004 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-40283 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-40283 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-42753 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4389 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-4389 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4881 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-4881 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2023-4921 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4921 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves 14 vulnerabilities and has eight security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703). * CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges on the system. (bsc#1215150) * CVE-2023-4389: Fixed a a double decrement of the reference count flaw in the btrfs filesystem a double decrement of the reference count, which may have allowed a local attacker with user privilege to crash the system or may lead to leaked internal kernel information. (bsc#1214351) * CVE-2023-4921: Fixed a use-after-free vulnerability in the sch_qfq component which could be exploited to achieve local privilege escalation. (bsc#1215275) * CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036). * CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812). * CVE-2023-4622: Fixed a use-after-free vulnerability in the af_unix component which could be exploited to achieve local privilege escalation. (bsc#1215117) * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). * CVE-2020-36766: Fixed an issue in drivers/media/cec/core/cec-api.c which could leaks one byte of kernel memory on specific hardware to unprivileged users. (bsc#1215299) * CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs. This flaw could allow a local attacker to crash the system due to a race problem, possibly leading to a kernel information leak. (bsc#1210169) * CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system or potentially cause a denial of service. (bsc#1210643) * CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). * CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233). * CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995). The following non-security bugs were fixed: * bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322). * locking/rwsem: Disable reader optimistic spinning (bnc#1176588). * mkspec: Allow unsupported KMPs (bsc#1214386) * scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658). * x86/pkeys: Revert a5eff7259790 ("x86/pkeys: Add PKRU value to init_fpstate") (bsc#1215356). * x86/srso: Do not probe microcode in a guest (git-fixes). * x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes). * x86/srso: Fix srso_show_state() side effect (git-fixes). * x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-4095=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. * SUSE Linux Enterprise High Availability Extension 15 SP3 zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-4095=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4095=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4095=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4095=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4095=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4095=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4095=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4095=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4095=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4095=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4095=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4095=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP3 (nosrc) * kernel-default-5.3.18-150300.59.138.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-default-livepatch-devel-5.3.18-150300.59.138.1 * kernel-default-livepatch-5.3.18-150300.59.138.1 * kernel-default-debugsource-5.3.18-150300.59.138.1 * kernel-default-debuginfo-5.3.18-150300.59.138.1 * kernel-livepatch-5_3_18-150300_59_138-default-1-150300.7.5.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le s390x x86_64) * cluster-md-kmp-default-5.3.18-150300.59.138.1 * dlm-kmp-default-debuginfo-5.3.18-150300.59.138.1 * ocfs2-kmp-default-debuginfo-5.3.18-150300.59.138.1 * ocfs2-kmp-default-5.3.18-150300.59.138.1 * dlm-kmp-default-5.3.18-150300.59.138.1 * gfs2-kmp-default-debuginfo-5.3.18-150300.59.138.1 * kernel-default-debugsource-5.3.18-150300.59.138.1 * gfs2-kmp-default-5.3.18-150300.59.138.1 * cluster-md-kmp-default-debuginfo-5.3.18-150300.59.138.1 * kernel-default-debuginfo-5.3.18-150300.59.138.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (nosrc) * kernel-default-5.3.18-150300.59.138.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.138.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64) * kernel-64kb-devel-debuginfo-5.3.18-150300.59.138.1 * kernel-64kb-debugsource-5.3.18-150300.59.138.1 * kernel-64kb-devel-5.3.18-150300.59.138.1 * kernel-64kb-debuginfo-5.3.18-150300.59.138.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.138.1 * kernel-default-5.3.18-150300.59.138.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * kernel-default-devel-5.3.18-150300.59.138.1 * kernel-default-base-5.3.18-150300.59.138.1.150300.18.80.2 * kernel-obs-build-5.3.18-150300.59.138.1 * kernel-obs-build-debugsource-5.3.18-150300.59.138.1 * kernel-preempt-debuginfo-5.3.18-150300.59.138.1 * kernel-preempt-debugsource-5.3.18-150300.59.138.1 * kernel-preempt-devel-5.3.18-150300.59.138.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.138.1 * kernel-syms-5.3.18-150300.59.138.1 * reiserfs-kmp-default-5.3.18-150300.59.138.1 * kernel-default-debugsource-5.3.18-150300.59.138.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.138.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.138.1 * kernel-default-debuginfo-5.3.18-150300.59.138.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * kernel-devel-5.3.18-150300.59.138.1 * kernel-source-5.3.18-150300.59.138.1 * kernel-macros-5.3.18-150300.59.138.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.138.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.138.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64) * kernel-64kb-devel-debuginfo-5.3.18-150300.59.138.1 * kernel-64kb-debugsource-5.3.18-150300.59.138.1 * kernel-64kb-devel-5.3.18-150300.59.138.1 * kernel-64kb-debuginfo-5.3.18-150300.59.138.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.138.1 * kernel-default-5.3.18-150300.59.138.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * kernel-default-devel-5.3.18-150300.59.138.1 * kernel-default-base-5.3.18-150300.59.138.1.150300.18.80.2 * kernel-obs-build-5.3.18-150300.59.138.1 * kernel-obs-build-debugsource-5.3.18-150300.59.138.1 * kernel-preempt-debuginfo-5.3.18-150300.59.138.1 * kernel-preempt-debugsource-5.3.18-150300.59.138.1 * kernel-preempt-devel-5.3.18-150300.59.138.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.138.1 * kernel-syms-5.3.18-150300.59.138.1 * reiserfs-kmp-default-5.3.18-150300.59.138.1 * kernel-default-debugsource-5.3.18-150300.59.138.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.138.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.138.1 * kernel-default-debuginfo-5.3.18-150300.59.138.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * kernel-devel-5.3.18-150300.59.138.1 * kernel-source-5.3.18-150300.59.138.1 * kernel-macros-5.3.18-150300.59.138.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.138.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.138.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64) * kernel-64kb-devel-debuginfo-5.3.18-150300.59.138.1 * kernel-64kb-debugsource-5.3.18-150300.59.138.1 * kernel-64kb-devel-5.3.18-150300.59.138.1 * kernel-64kb-debuginfo-5.3.18-150300.59.138.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.3.18-150300.59.138.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * kernel-default-devel-5.3.18-150300.59.138.1 * kernel-default-base-5.3.18-150300.59.138.1.150300.18.80.2 * kernel-obs-build-5.3.18-150300.59.138.1 * kernel-obs-build-debugsource-5.3.18-150300.59.138.1 * kernel-syms-5.3.18-150300.59.138.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.138.1 * reiserfs-kmp-default-5.3.18-150300.59.138.1 * kernel-default-debugsource-5.3.18-150300.59.138.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.138.1 * kernel-default-debuginfo-5.3.18-150300.59.138.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * kernel-devel-5.3.18-150300.59.138.1 * kernel-source-5.3.18-150300.59.138.1 * kernel-macros-5.3.18-150300.59.138.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.138.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.138.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64) * kernel-preempt-debugsource-5.3.18-150300.59.138.1 * kernel-preempt-devel-5.3.18-150300.59.138.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.138.1 * kernel-preempt-debuginfo-5.3.18-150300.59.138.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (nosrc s390x) * kernel-zfcpdump-5.3.18-150300.59.138.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (s390x) * kernel-zfcpdump-debuginfo-5.3.18-150300.59.138.1 * kernel-zfcpdump-debugsource-5.3.18-150300.59.138.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc ppc64le x86_64) * kernel-default-5.3.18-150300.59.138.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * kernel-default-devel-5.3.18-150300.59.138.1 * kernel-default-base-5.3.18-150300.59.138.1.150300.18.80.2 * kernel-obs-build-5.3.18-150300.59.138.1 * kernel-obs-build-debugsource-5.3.18-150300.59.138.1 * kernel-syms-5.3.18-150300.59.138.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.138.1 * reiserfs-kmp-default-5.3.18-150300.59.138.1 * kernel-default-debugsource-5.3.18-150300.59.138.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.138.1 * kernel-default-debuginfo-5.3.18-150300.59.138.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * kernel-devel-5.3.18-150300.59.138.1 * kernel-source-5.3.18-150300.59.138.1 * kernel-macros-5.3.18-150300.59.138.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.138.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc x86_64) * kernel-preempt-5.3.18-150300.59.138.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * kernel-preempt-debugsource-5.3.18-150300.59.138.1 * kernel-preempt-devel-5.3.18-150300.59.138.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.138.1 * kernel-preempt-debuginfo-5.3.18-150300.59.138.1 * SUSE Manager Proxy 4.2 (nosrc x86_64) * kernel-preempt-5.3.18-150300.59.138.1 * kernel-default-5.3.18-150300.59.138.1 * SUSE Manager Proxy 4.2 (x86_64) * kernel-default-devel-5.3.18-150300.59.138.1 * kernel-default-base-5.3.18-150300.59.138.1.150300.18.80.2 * kernel-preempt-debuginfo-5.3.18-150300.59.138.1 * kernel-preempt-debugsource-5.3.18-150300.59.138.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.138.1 * kernel-default-debugsource-5.3.18-150300.59.138.1 * kernel-default-debuginfo-5.3.18-150300.59.138.1 * SUSE Manager Proxy 4.2 (noarch) * kernel-devel-5.3.18-150300.59.138.1 * kernel-macros-5.3.18-150300.59.138.1 * SUSE Manager Retail Branch Server 4.2 (nosrc x86_64) * kernel-preempt-5.3.18-150300.59.138.1 * kernel-default-5.3.18-150300.59.138.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * kernel-default-devel-5.3.18-150300.59.138.1 * kernel-default-base-5.3.18-150300.59.138.1.150300.18.80.2 * kernel-preempt-debuginfo-5.3.18-150300.59.138.1 * kernel-preempt-debugsource-5.3.18-150300.59.138.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.138.1 * kernel-default-debugsource-5.3.18-150300.59.138.1 * kernel-default-debuginfo-5.3.18-150300.59.138.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * kernel-devel-5.3.18-150300.59.138.1 * kernel-macros-5.3.18-150300.59.138.1 * SUSE Manager Server 4.2 (nosrc ppc64le s390x x86_64) * kernel-default-5.3.18-150300.59.138.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * kernel-default-devel-5.3.18-150300.59.138.1 * kernel-default-base-5.3.18-150300.59.138.1.150300.18.80.2 * kernel-default-devel-debuginfo-5.3.18-150300.59.138.1 * kernel-default-debugsource-5.3.18-150300.59.138.1 * kernel-default-debuginfo-5.3.18-150300.59.138.1 * SUSE Manager Server 4.2 (noarch) * kernel-devel-5.3.18-150300.59.138.1 * kernel-macros-5.3.18-150300.59.138.1 * SUSE Manager Server 4.2 (nosrc s390x) * kernel-zfcpdump-5.3.18-150300.59.138.1 * SUSE Manager Server 4.2 (s390x) * kernel-zfcpdump-debuginfo-5.3.18-150300.59.138.1 * kernel-zfcpdump-debugsource-5.3.18-150300.59.138.1 * SUSE Manager Server 4.2 (nosrc x86_64) * kernel-preempt-5.3.18-150300.59.138.1 * SUSE Manager Server 4.2 (x86_64) * kernel-preempt-debugsource-5.3.18-150300.59.138.1 * kernel-preempt-debuginfo-5.3.18-150300.59.138.1 * SUSE Enterprise Storage 7.1 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.138.1 * SUSE Enterprise Storage 7.1 (aarch64) * kernel-64kb-devel-debuginfo-5.3.18-150300.59.138.1 * kernel-64kb-debugsource-5.3.18-150300.59.138.1 * kernel-64kb-devel-5.3.18-150300.59.138.1 * kernel-64kb-debuginfo-5.3.18-150300.59.138.1 * SUSE Enterprise Storage 7.1 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.138.1 * kernel-default-5.3.18-150300.59.138.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * kernel-default-devel-5.3.18-150300.59.138.1 * kernel-default-base-5.3.18-150300.59.138.1.150300.18.80.2 * kernel-obs-build-5.3.18-150300.59.138.1 * kernel-obs-build-debugsource-5.3.18-150300.59.138.1 * kernel-preempt-debuginfo-5.3.18-150300.59.138.1 * kernel-preempt-debugsource-5.3.18-150300.59.138.1 * kernel-preempt-devel-5.3.18-150300.59.138.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.138.1 * kernel-syms-5.3.18-150300.59.138.1 * reiserfs-kmp-default-5.3.18-150300.59.138.1 * kernel-default-debugsource-5.3.18-150300.59.138.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.138.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.138.1 * kernel-default-debuginfo-5.3.18-150300.59.138.1 * SUSE Enterprise Storage 7.1 (noarch) * kernel-devel-5.3.18-150300.59.138.1 * kernel-source-5.3.18-150300.59.138.1 * kernel-macros-5.3.18-150300.59.138.1 * SUSE Enterprise Storage 7.1 (noarch nosrc) * kernel-docs-5.3.18-150300.59.138.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.138.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * kernel-default-debugsource-5.3.18-150300.59.138.1 * kernel-default-debuginfo-5.3.18-150300.59.138.1 * kernel-default-base-5.3.18-150300.59.138.1.150300.18.80.2 * SUSE Linux Enterprise Micro 5.2 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.138.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64) * kernel-default-base-5.3.18-150300.59.138.1.150300.18.80.2 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * kernel-default-debugsource-5.3.18-150300.59.138.1 * kernel-default-debuginfo-5.3.18-150300.59.138.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.138.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 x86_64) * kernel-default-base-5.3.18-150300.59.138.1.150300.18.80.2 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * kernel-default-debugsource-5.3.18-150300.59.138.1 * kernel-default-debuginfo-5.3.18-150300.59.138.1 ## References: * https://www.suse.com/security/cve/CVE-2020-36766.html * https://www.suse.com/security/cve/CVE-2023-1192.html * https://www.suse.com/security/cve/CVE-2023-1206.html * https://www.suse.com/security/cve/CVE-2023-1859.html * https://www.suse.com/security/cve/CVE-2023-2177.html * https://www.suse.com/security/cve/CVE-2023-23454.html * https://www.suse.com/security/cve/CVE-2023-4004.html * https://www.suse.com/security/cve/CVE-2023-40283.html * https://www.suse.com/security/cve/CVE-2023-42753.html * https://www.suse.com/security/cve/CVE-2023-4389.html * https://www.suse.com/security/cve/CVE-2023-4622.html * https://www.suse.com/security/cve/CVE-2023-4623.html * https://www.suse.com/security/cve/CVE-2023-4881.html * https://www.suse.com/security/cve/CVE-2023-4921.html * https://bugzilla.suse.com/show_bug.cgi?id=1176588 * https://bugzilla.suse.com/show_bug.cgi?id=1202845 * https://bugzilla.suse.com/show_bug.cgi?id=1207036 * https://bugzilla.suse.com/show_bug.cgi?id=1207270 * https://bugzilla.suse.com/show_bug.cgi?id=1208995 * https://bugzilla.suse.com/show_bug.cgi?id=1210169 * https://bugzilla.suse.com/show_bug.cgi?id=1210643 * https://bugzilla.suse.com/show_bug.cgi?id=1210658 * https://bugzilla.suse.com/show_bug.cgi?id=1212703 * https://bugzilla.suse.com/show_bug.cgi?id=1213812 * https://bugzilla.suse.com/show_bug.cgi?id=1214233 * https://bugzilla.suse.com/show_bug.cgi?id=1214351 * https://bugzilla.suse.com/show_bug.cgi?id=1214380 * https://bugzilla.suse.com/show_bug.cgi?id=1214386 * https://bugzilla.suse.com/show_bug.cgi?id=1215115 * https://bugzilla.suse.com/show_bug.cgi?id=1215117 * https://bugzilla.suse.com/show_bug.cgi?id=1215150 * https://bugzilla.suse.com/show_bug.cgi?id=1215221 * https://bugzilla.suse.com/show_bug.cgi?id=1215275 * https://bugzilla.suse.com/show_bug.cgi?id=1215299 * https://bugzilla.suse.com/show_bug.cgi?id=1215322 * https://bugzilla.suse.com/show_bug.cgi?id=1215356 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 18 07:02:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Oct 2023 09:02:34 +0200 (CEST) Subject: SUSE-CU-2023:3444-1: Security update of suse/pcp Message-ID: <20231018070234.AE364F417@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3444-1 Container Tags : suse/pcp:5 , suse/pcp:5-17.149 , suse/pcp:5.2 , suse/pcp:5.2-17.149 , suse/pcp:5.2.5 , suse/pcp:5.2.5-17.149 Container Release : 17.149 Severity : important Type : security References : 1214806 1215888 1215889 CVE-2023-38545 CVE-2023-38546 CVE-2023-4641 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) The following package changes have been done: - login_defs-4.8.1-150400.10.12.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - rpm-ndb-4.14.3-150400.59.3.1 updated - shadow-4.8.1-150400.10.12.1 updated - container:bci-bci-init-15.4-15.4-30.4 updated From sle-updates at lists.suse.com Wed Oct 18 07:02:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Oct 2023 09:02:43 +0200 (CEST) Subject: SUSE-CU-2023:3445-1: Security update of suse/postgres Message-ID: <20231018070243.A936FF417@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3445-1 Container Tags : suse/postgres:14 , suse/postgres:14-23.3 , suse/postgres:14.9 , suse/postgres:14.9-23.3 Container Release : 23.3 Severity : important Type : security References : 1214806 1215888 1215889 CVE-2023-38545 CVE-2023-38546 CVE-2023-4641 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) The following package changes have been done: - login_defs-4.8.1-150400.10.12.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - rpm-ndb-4.14.3-150400.59.3.1 updated - shadow-4.8.1-150400.10.12.1 updated - container:sles15-image-15.0.0-27.14.107 updated From sle-updates at lists.suse.com Wed Oct 18 07:02:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Oct 2023 09:02:52 +0200 (CEST) Subject: SUSE-CU-2023:3446-1: Recommended update of suse/389-ds Message-ID: <20231018070252.42BA6F417@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3446-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-16.13 , suse/389-ds:latest Container Release : 16.13 Severity : low Type : recommended References : ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) The following package changes have been done: - rpm-ndb-4.14.3-150400.59.3.1 updated - container:sles15-image-15.0.0-36.5.43 updated From sle-updates at lists.suse.com Wed Oct 18 07:03:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Oct 2023 09:03:01 +0200 (CEST) Subject: SUSE-CU-2023:3447-1: Security update of bci/golang Message-ID: <20231018070301.AA5B7F417@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3447-1 Container Tags : bci/golang:1.21 , bci/golang:1.21-1.4.13 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.4.13 Container Release : 4.13 Severity : important Type : security References : 1212475 1216109 CVE-2023-39325 CVE-2023-44487 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4069-1 Released: Fri Oct 13 10:09:29 2023 Summary: Security update for go1.21 Type: security Severity: important References: 1212475,1216109,CVE-2023-39325,CVE-2023-44487 This update for go1.21 fixes the following issues: - Update to go1.21.3 (bsc#1212475) - CVE-2023-39325: Fixed a flaw that can lead to a DoS due to a rapid stream resets causing excessive work. This is also known as CVE-2023-44487. (bsc#1216109) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) The following package changes have been done: - rpm-ndb-4.14.3-150400.59.3.1 updated - go1.21-doc-1.21.3-150000.1.12.1 updated - go1.21-1.21.3-150000.1.12.1 updated - go1.21-race-1.21.3-150000.1.12.1 updated - container:sles15-image-15.0.0-36.5.43 updated From sle-updates at lists.suse.com Wed Oct 18 07:03:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Oct 2023 09:03:05 +0200 (CEST) Subject: SUSE-CU-2023:3448-1: Security update of suse/nginx Message-ID: <20231018070305.D83BCF417@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3448-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-5.12 , suse/nginx:latest Container Release : 5.12 Severity : important Type : security References : 1214806 1215888 1215889 CVE-2023-38545 CVE-2023-38546 CVE-2023-4641 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) The following package changes have been done: - login_defs-4.8.1-150400.10.12.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - rpm-ndb-4.14.3-150400.59.3.1 updated - shadow-4.8.1-150400.10.12.1 updated - container:sles15-image-15.0.0-36.5.43 updated From sle-updates at lists.suse.com Wed Oct 18 07:03:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Oct 2023 09:03:15 +0200 (CEST) Subject: SUSE-CU-2023:3449-1: Recommended update of suse/pcp Message-ID: <20231018070315.AFEBFF417@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3449-1 Container Tags : suse/pcp:5 , suse/pcp:5-15.25 , suse/pcp:5.2 , suse/pcp:5.2-15.25 , suse/pcp:5.2.5 , suse/pcp:5.2.5-15.25 , suse/pcp:latest Container Release : 15.25 Severity : low Type : recommended References : ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) The following package changes have been done: - rpm-ndb-4.14.3-150400.59.3.1 updated - container:bci-bci-init-15.5-15.5-10.12 updated From sle-updates at lists.suse.com Wed Oct 18 07:03:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Oct 2023 09:03:23 +0200 (CEST) Subject: SUSE-CU-2023:3450-1: Recommended update of suse/postgres Message-ID: <20231018070323.6E21EF417@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3450-1 Container Tags : suse/postgres:15 , suse/postgres:15-11.11 , suse/postgres:15.4 , suse/postgres:15.4-11.11 , suse/postgres:latest Container Release : 11.11 Severity : low Type : recommended References : ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) The following package changes have been done: - rpm-ndb-4.14.3-150400.59.3.1 updated - container:sles15-image-15.0.0-36.5.43 updated From sle-updates at lists.suse.com Wed Oct 18 07:03:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Oct 2023 09:03:33 +0200 (CEST) Subject: SUSE-CU-2023:3451-1: Security update of bci/rust Message-ID: <20231018070333.5D88DF417@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3451-1 Container Tags : bci/rust:1.72 , bci/rust:1.72-2.2.2 , bci/rust:oldstable , bci/rust:oldstable-2.2.2 Container Release : 2.2 Severity : moderate Type : security References : 1214689 1215834 CVE-2023-40030 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3722-1 Released: Thu Sep 21 10:53:20 2023 Summary: Security update for rust, rust1.72 Type: security Severity: moderate References: 1214689,CVE-2023-40030 This update for rust, rust1.72 fixes the following issues: Changes in rust: - Update to version 1.72.0 - for details see the rust1.72 package Changes in rust1.72: - CVE-2023-40030: fix minor non-exploited issue in cargo (bsc#1214689) Version 1.72.0 (2023-08-24) ========================== Language -------- - Replace const eval limit by a lint and add an exponential backoff warning - expand: Change how `#![cfg(FALSE)]` behaves on crate root - Stabilize inline asm for LoongArch64 - Uplift `clippy::undropped_manually_drops` lint - Uplift `clippy::invalid_utf8_in_unchecked` lint - Uplift `clippy::cast_ref_to_mut` lint - Uplift `clippy::cmp_nan` lint - resolve: Remove artificial import ambiguity errors - Don't require associated types with Self: Sized bounds in `dyn Trait` objects Compiler -------- - Remember names of `cfg`-ed out items to mention them in diagnostics - Support for native WASM exceptions - Add support for NetBSD/aarch64-be (big-endian arm64). - Write to stdout if `-` is given as output file - Force all native libraries to be statically linked when linking a static binary - Add Tier 3 support for `loongarch64-unknown-none*` - Prevent `.eh_frame` from being emitted for `-C panic=abort` - Support 128-bit enum variant in debuginfo codegen - compiler: update solaris/illumos to enable tsan support. Refer to Rust's platform support page for more information on Rust's tiered platform support. Libraries --------- - Document memory orderings of `thread::{park, unpark}` - io: soften ???at most one write attempt??? requirement in io::Write::write - Specify behavior of HashSet::insert - Relax implicit `T: Sized` bounds on `BufReader`, `BufWriter` and `LineWriter` - Update runtime guarantee for `select_nth_unstable` - Return `Ok` on kill if process has already exited - Implement PartialOrd for `Vec`s over different allocators - Use 128 bits for TypeId hash - Don't drain-on-drop in DrainFilter impls of various collections. - Make `{Arc,Rc,Weak}::ptr_eq` ignore pointer metadata Rustdoc ------- - Allow whitespace as path separator like double colon - Add search result item types after their name - Search for slices and arrays by type with `[]` - Clean up type unification and 'unboxing' Stabilized APIs --------------- - `impl Sync for mpsc::Sender` - `impl TryFrom<&OsStr> for &str` - `String::leak` These APIs are now stable in const contexts: - `CStr::from_bytes_with_nul` - `CStr::to_bytes` - `CStr::to_bytes_with_nul` - `CStr::to_str` Cargo ----- - Enable `-Zdoctest-in-workspace` by default. When running each documentation test, the working directory is set to the root directory of the package the test belongs to. - Add support of the 'default' keyword to reset previously set `build.jobs` parallelism back to the default. Compatibility Notes ------------------- - Alter `Display` for `Ipv6Addr` for IPv4-compatible addresses - Cargo changed feature name validation check to a hard error. The warning was added in Rust 1.49. These extended characters aren't allowed on crates.io, so this should only impact users of other registries, or people who don't publish to a registry. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3993-1 Released: Fri Oct 6 12:04:30 2023 Summary: Recommended update for rust1.72 Type: recommended Severity: moderate References: 1215834 This update for rust1.72 fixes the following issues: - use gcc12 instead of gcc11 (bsc#1215834) Version 1.72.1 (2023-09-19) =========================== - Adjust codegen change to improve LLVM codegen - rustdoc: Fix self ty params in objects with lifetimes - Fix regression in compile times - Resolve some ICE regressions in the compiler. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) The following package changes have been done: - rpm-ndb-4.14.3-150400.59.3.1 updated - libasan8-12.3.0+git1204-150000.1.16.1 added - libtsan2-12.3.0+git1204-150000.1.16.1 added - cpp12-12.3.0+git1204-150000.1.16.1 added - gcc12-12.3.0+git1204-150000.1.16.1 added - rust1.72-1.72.1-150400.9.6.1 added - cargo1.72-1.72.1-150400.9.6.1 added - container:sles15-image-15.0.0-36.5.43 updated - cargo1.71-1.71.1-150400.9.6.1 removed - cpp11-11.3.0+git1637-150000.1.11.2 removed - gcc11-11.3.0+git1637-150000.1.11.2 removed - libasan6-11.3.0+git1637-150000.1.11.2 removed - libtsan0-11.3.0+git1637-150000.1.11.2 removed - rust1.71-1.71.1-150400.9.6.1 removed From sle-updates at lists.suse.com Wed Oct 18 08:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Oct 2023 08:30:02 -0000 Subject: SUSE-RU-2023:4106-1: moderate: Recommended update for suseconnect-ng Message-ID: <169761780264.15104.6486274139728248260@smelt2.prg2.suse.org> # Recommended update for suseconnect-ng Announcement ID: SUSE-RU-2023:4106-1 Rating: moderate References: * bsc#1170267 * bsc#1212799 * bsc#1214781 * jsc#PED-3571 Affected Products: * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that contains one feature and has three fixes can now be installed. ## Description: This update for suseconnect-ng fixes the following issues: This update ships suseconnect-ng, the SUSEConnect replacement, to SUSE Linux Enterprise 15 SP1, SP2, and SP3. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP1 zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2023-4106=1 * SUSE Linux Enterprise Server 15 SP2 zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2023-4106=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4106=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4106=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4106=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4106=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-4106=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4106=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4106=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4106=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4106=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4106=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4106=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4106=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4106=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4106=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4106=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise Server 15 SP1 (aarch64 ppc64le s390x x86_64) * suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * libsuseconnect-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * suseconnect-ruby-bindings-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * SUSE Linux Enterprise Server 15 SP1 (noarch) * yast2-registration-4.1.27-150100.3.17.1 * SUSE Linux Enterprise Server 15 SP2 (aarch64 ppc64le s390x x86_64) * suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * libsuseconnect-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * suseconnect-ruby-bindings-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * SUSE Linux Enterprise Server 15 SP2 (noarch) * yast2-registration-4.2.48-150200.3.17.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * suseconnect-ng-debuginfo-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * suseconnect-ruby-bindings-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * libsuseconnect-debuginfo-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * libsuseconnect-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * yast2-registration-4.1.27-150100.3.17.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * suseconnect-ng-debuginfo-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * suseconnect-ruby-bindings-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * libsuseconnect-debuginfo-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * libsuseconnect-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * yast2-registration-4.2.48-150200.3.17.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * suseconnect-ng-debuginfo-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * suseconnect-ruby-bindings-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * libsuseconnect-debuginfo-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * libsuseconnect-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * yast2-registration-4.3.27-150300.3.17.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * suseconnect-ng-debuginfo-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * suseconnect-ruby-bindings-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * libsuseconnect-debuginfo-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * libsuseconnect-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * yast2-registration-4.3.27-150300.3.17.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * suseconnect-ng-debuginfo-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * suseconnect-ruby-bindings-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * libsuseconnect-debuginfo-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * libsuseconnect-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * yast2-registration-4.3.27-150300.3.17.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * suseconnect-ng-debuginfo-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * suseconnect-ruby-bindings-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * libsuseconnect-debuginfo-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * libsuseconnect-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * yast2-registration-4.1.27-150100.3.17.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * suseconnect-ng-debuginfo-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * suseconnect-ruby-bindings-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * libsuseconnect-debuginfo-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * libsuseconnect-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * yast2-registration-4.2.48-150200.3.17.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * suseconnect-ng-debuginfo-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * suseconnect-ruby-bindings-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * libsuseconnect-debuginfo-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * libsuseconnect-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * yast2-registration-4.3.27-150300.3.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * suseconnect-ng-debuginfo-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * suseconnect-ruby-bindings-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * libsuseconnect-debuginfo-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * libsuseconnect-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * yast2-registration-4.1.27-150100.3.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * suseconnect-ng-debuginfo-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * suseconnect-ruby-bindings-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * libsuseconnect-debuginfo-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * libsuseconnect-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * yast2-registration-4.2.48-150200.3.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * suseconnect-ng-debuginfo-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * suseconnect-ruby-bindings-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * libsuseconnect-debuginfo-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * libsuseconnect-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * yast2-registration-4.3.27-150300.3.17.1 * SUSE Manager Proxy 4.2 (x86_64) * suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * suseconnect-ng-debuginfo-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * suseconnect-ruby-bindings-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * libsuseconnect-debuginfo-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * libsuseconnect-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * SUSE Manager Proxy 4.2 (noarch) * yast2-registration-4.3.27-150300.3.17.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * suseconnect-ng-debuginfo-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * suseconnect-ruby-bindings-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * libsuseconnect-debuginfo-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * libsuseconnect-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * yast2-registration-4.3.27-150300.3.17.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * suseconnect-ng-debuginfo-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * suseconnect-ruby-bindings-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * libsuseconnect-debuginfo-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * libsuseconnect-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * SUSE Manager Server 4.2 (noarch) * yast2-registration-4.3.27-150300.3.17.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * suseconnect-ng-debuginfo-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * suseconnect-ruby-bindings-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * libsuseconnect-debuginfo-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * libsuseconnect-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * SUSE Enterprise Storage 7.1 (noarch) * yast2-registration-4.3.27-150300.3.17.1 * SUSE CaaS Platform 4.0 (x86_64) * suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * suseconnect-ng-debuginfo-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * suseconnect-ruby-bindings-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * libsuseconnect-debuginfo-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * libsuseconnect-1.4.0~git0.b0f7c25bfdfa-150100.3.9.1 * SUSE CaaS Platform 4.0 (noarch) * yast2-registration-4.1.27-150100.3.17.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1170267 * https://bugzilla.suse.com/show_bug.cgi?id=1212799 * https://bugzilla.suse.com/show_bug.cgi?id=1214781 * https://jira.suse.com/browse/PED-3571 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 18 08:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Oct 2023 08:30:04 -0000 Subject: SUSE-RU-2023:4105-1: moderate: Recommended update for openssl-1_1 Message-ID: <169761780430.15104.11357455930149103166@smelt2.prg2.suse.org> # Recommended update for openssl-1_1 Announcement ID: SUSE-RU-2023:4105-1 Rating: moderate References: * bsc#1215215 Affected Products: * Basesystem Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one fix can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * Displays "fips" in the version string (bsc#1215215) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4105=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4105=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * libopenssl-1_1-devel-1.1.1l-150500.17.19.1 * libopenssl1_1-debuginfo-1.1.1l-150500.17.19.1 * openssl-1_1-debugsource-1.1.1l-150500.17.19.1 * openssl-1_1-1.1.1l-150500.17.19.1 * libopenssl1_1-1.1.1l-150500.17.19.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.19.1 * libopenssl1_1-hmac-1.1.1l-150500.17.19.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libopenssl-1_1-devel-1.1.1l-150500.17.19.1 * libopenssl1_1-debuginfo-1.1.1l-150500.17.19.1 * openssl-1_1-debugsource-1.1.1l-150500.17.19.1 * openssl-1_1-1.1.1l-150500.17.19.1 * libopenssl1_1-1.1.1l-150500.17.19.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.19.1 * libopenssl1_1-hmac-1.1.1l-150500.17.19.1 * Basesystem Module 15-SP5 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.19.1 * libopenssl1_1-32bit-1.1.1l-150500.17.19.1 * libopenssl1_1-hmac-32bit-1.1.1l-150500.17.19.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215215 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 18 12:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Oct 2023 12:30:01 -0000 Subject: SUSE-SU-2023:4114-1: important: Security update for slurm Message-ID: <169763220195.9933.15020411948230422936@smelt2.prg2.suse.org> # Security update for slurm Announcement ID: SUSE-SU-2023:4114-1 Rating: important References: * bsc#1208810 * bsc#1216207 Cross-References: * CVE-2023-41914 CVSS scores: * CVE-2023-41914 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for slurm fixes the following issues: * CVE-2023-41914: Fixed a filesystem handling race conditions that could lead to an attacker taking control of an arbitrary file. (bsc#1216207) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4114=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4114=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * slurm-plugins-20.11.9-150300.4.9.1 * libpmi0-debuginfo-20.11.9-150300.4.9.1 * slurm-doc-20.11.9-150300.4.9.1 * slurm-webdoc-20.11.9-150300.4.9.1 * libpmi0-20.11.9-150300.4.9.1 * slurm-munge-debuginfo-20.11.9-150300.4.9.1 * slurm-auth-none-debuginfo-20.11.9-150300.4.9.1 * slurm-rest-debuginfo-20.11.9-150300.4.9.1 * slurm-20.11.9-150300.4.9.1 * slurm-lua-20.11.9-150300.4.9.1 * slurm-slurmdbd-20.11.9-150300.4.9.1 * slurm-node-debuginfo-20.11.9-150300.4.9.1 * slurm-sview-debuginfo-20.11.9-150300.4.9.1 * slurm-node-20.11.9-150300.4.9.1 * libnss_slurm2-20.11.9-150300.4.9.1 * slurm-pam_slurm-20.11.9-150300.4.9.1 * slurm-rest-20.11.9-150300.4.9.1 * slurm-pam_slurm-debuginfo-20.11.9-150300.4.9.1 * slurm-munge-20.11.9-150300.4.9.1 * slurm-config-20.11.9-150300.4.9.1 * perl-slurm-20.11.9-150300.4.9.1 * slurm-auth-none-20.11.9-150300.4.9.1 * perl-slurm-debuginfo-20.11.9-150300.4.9.1 * slurm-torque-20.11.9-150300.4.9.1 * slurm-sql-20.11.9-150300.4.9.1 * slurm-debugsource-20.11.9-150300.4.9.1 * slurm-config-man-20.11.9-150300.4.9.1 * libnss_slurm2-debuginfo-20.11.9-150300.4.9.1 * libslurm36-20.11.9-150300.4.9.1 * slurm-plugins-debuginfo-20.11.9-150300.4.9.1 * slurm-torque-debuginfo-20.11.9-150300.4.9.1 * slurm-devel-20.11.9-150300.4.9.1 * slurm-debuginfo-20.11.9-150300.4.9.1 * libslurm36-debuginfo-20.11.9-150300.4.9.1 * slurm-sview-20.11.9-150300.4.9.1 * slurm-sql-debuginfo-20.11.9-150300.4.9.1 * slurm-lua-debuginfo-20.11.9-150300.4.9.1 * slurm-slurmdbd-debuginfo-20.11.9-150300.4.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * slurm-plugins-20.11.9-150300.4.9.1 * libpmi0-debuginfo-20.11.9-150300.4.9.1 * slurm-doc-20.11.9-150300.4.9.1 * slurm-webdoc-20.11.9-150300.4.9.1 * libpmi0-20.11.9-150300.4.9.1 * slurm-munge-debuginfo-20.11.9-150300.4.9.1 * slurm-auth-none-debuginfo-20.11.9-150300.4.9.1 * slurm-rest-debuginfo-20.11.9-150300.4.9.1 * slurm-20.11.9-150300.4.9.1 * slurm-lua-20.11.9-150300.4.9.1 * slurm-slurmdbd-20.11.9-150300.4.9.1 * slurm-node-debuginfo-20.11.9-150300.4.9.1 * slurm-sview-debuginfo-20.11.9-150300.4.9.1 * slurm-node-20.11.9-150300.4.9.1 * libnss_slurm2-20.11.9-150300.4.9.1 * slurm-pam_slurm-20.11.9-150300.4.9.1 * slurm-rest-20.11.9-150300.4.9.1 * slurm-pam_slurm-debuginfo-20.11.9-150300.4.9.1 * slurm-munge-20.11.9-150300.4.9.1 * slurm-config-20.11.9-150300.4.9.1 * perl-slurm-20.11.9-150300.4.9.1 * slurm-auth-none-20.11.9-150300.4.9.1 * perl-slurm-debuginfo-20.11.9-150300.4.9.1 * slurm-torque-20.11.9-150300.4.9.1 * slurm-sql-20.11.9-150300.4.9.1 * slurm-debugsource-20.11.9-150300.4.9.1 * slurm-config-man-20.11.9-150300.4.9.1 * libnss_slurm2-debuginfo-20.11.9-150300.4.9.1 * libslurm36-20.11.9-150300.4.9.1 * slurm-plugins-debuginfo-20.11.9-150300.4.9.1 * slurm-torque-debuginfo-20.11.9-150300.4.9.1 * slurm-devel-20.11.9-150300.4.9.1 * slurm-debuginfo-20.11.9-150300.4.9.1 * libslurm36-debuginfo-20.11.9-150300.4.9.1 * slurm-sview-20.11.9-150300.4.9.1 * slurm-sql-debuginfo-20.11.9-150300.4.9.1 * slurm-lua-debuginfo-20.11.9-150300.4.9.1 * slurm-slurmdbd-debuginfo-20.11.9-150300.4.9.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41914.html * https://bugzilla.suse.com/show_bug.cgi?id=1208810 * https://bugzilla.suse.com/show_bug.cgi?id=1216207 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 18 12:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Oct 2023 12:30:03 -0000 Subject: SUSE-SU-2023:4113-1: important: Security update for slurm Message-ID: <169763220395.9933.387777181417061511@smelt2.prg2.suse.org> # Security update for slurm Announcement ID: SUSE-SU-2023:4113-1 Rating: important References: * bsc#1208810 * bsc#1216207 Cross-References: * CVE-2023-41914 CVSS scores: * CVE-2023-41914 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for slurm fixes the following issues: * CVE-2023-41914: Fixed a filesystem handling race conditions that could lead to an attacker taking control of an arbitrary file. (bsc#1216207) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4113=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * slurm_20_11-config-man-20.11.9-150100.3.19.1 * slurm_20_11-devel-20.11.9-150100.3.19.1 * slurm_20_11-torque-20.11.9-150100.3.19.1 * libnss_slurm2_20_11-20.11.9-150100.3.19.1 * perl-slurm_20_11-20.11.9-150100.3.19.1 * slurm_20_11-doc-20.11.9-150100.3.19.1 * slurm_20_11-node-20.11.9-150100.3.19.1 * slurm_20_11-munge-20.11.9-150100.3.19.1 * slurm_20_11-slurmdbd-20.11.9-150100.3.19.1 * libslurm36-20.11.9-150100.3.19.1 * slurm_20_11-lua-20.11.9-150100.3.19.1 * slurm_20_11-20.11.9-150100.3.19.1 * slurm_20_11-plugins-20.11.9-150100.3.19.1 * slurm_20_11-sview-20.11.9-150100.3.19.1 * slurm_20_11-sql-20.11.9-150100.3.19.1 * slurm_20_11-webdoc-20.11.9-150100.3.19.1 * slurm_20_11-auth-none-20.11.9-150100.3.19.1 * slurm_20_11-pam_slurm-20.11.9-150100.3.19.1 * libpmi0_20_11-20.11.9-150100.3.19.1 * slurm_20_11-config-20.11.9-150100.3.19.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41914.html * https://bugzilla.suse.com/show_bug.cgi?id=1208810 * https://bugzilla.suse.com/show_bug.cgi?id=1216207 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 18 12:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Oct 2023 12:30:06 -0000 Subject: SUSE-RU-2023:4112-1: moderate: Recommended update for open-vm-tools Message-ID: <169763220612.9933.2628768021610312521@smelt2.prg2.suse.org> # Recommended update for open-vm-tools Announcement ID: SUSE-RU-2023:4112-1 Rating: moderate References: * bsc#1205927 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for open-vm-tools fixes the following issue: * Ship correct open-vm-tools version to 15-SP4 (bsc#1205927) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4112=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4112=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4112=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4112=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4112=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4112=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4112=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4112=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4112=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4112=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4112=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4112=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4112=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4112=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4112=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4112=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4112=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4112=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4112=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4112=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * libvmtools0-12.3.0-150300.40.1 * open-vm-tools-12.3.0-150300.40.1 * libvmtools0-debuginfo-12.3.0-150300.40.1 * open-vm-tools-debuginfo-12.3.0-150300.40.1 * open-vm-tools-debugsource-12.3.0-150300.40.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * libvmtools0-12.3.0-150300.40.1 * open-vm-tools-12.3.0-150300.40.1 * libvmtools0-debuginfo-12.3.0-150300.40.1 * open-vm-tools-debuginfo-12.3.0-150300.40.1 * open-vm-tools-debugsource-12.3.0-150300.40.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * libvmtools0-12.3.0-150300.40.1 * open-vm-tools-12.3.0-150300.40.1 * libvmtools0-debuginfo-12.3.0-150300.40.1 * open-vm-tools-debuginfo-12.3.0-150300.40.1 * open-vm-tools-debugsource-12.3.0-150300.40.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * libvmtools0-12.3.0-150300.40.1 * open-vm-tools-12.3.0-150300.40.1 * libvmtools0-debuginfo-12.3.0-150300.40.1 * open-vm-tools-debuginfo-12.3.0-150300.40.1 * open-vm-tools-debugsource-12.3.0-150300.40.1 * SUSE Linux Enterprise Micro 5.5 (x86_64) * libvmtools0-12.3.0-150300.40.1 * open-vm-tools-12.3.0-150300.40.1 * libvmtools0-debuginfo-12.3.0-150300.40.1 * open-vm-tools-debuginfo-12.3.0-150300.40.1 * open-vm-tools-debugsource-12.3.0-150300.40.1 * Basesystem Module 15-SP4 (aarch64 x86_64) * open-vm-tools-containerinfo-12.3.0-150300.40.1 * libvmtools0-12.3.0-150300.40.1 * open-vm-tools-sdmp-12.3.0-150300.40.1 * open-vm-tools-12.3.0-150300.40.1 * open-vm-tools-sdmp-debuginfo-12.3.0-150300.40.1 * libvmtools0-debuginfo-12.3.0-150300.40.1 * open-vm-tools-containerinfo-debuginfo-12.3.0-150300.40.1 * open-vm-tools-debuginfo-12.3.0-150300.40.1 * open-vm-tools-debugsource-12.3.0-150300.40.1 * libvmtools-devel-12.3.0-150300.40.1 * Basesystem Module 15-SP4 (x86_64) * open-vm-tools-salt-minion-12.3.0-150300.40.1 * Basesystem Module 15-SP5 (aarch64 x86_64) * open-vm-tools-containerinfo-12.3.0-150300.40.1 * libvmtools0-12.3.0-150300.40.1 * open-vm-tools-sdmp-12.3.0-150300.40.1 * open-vm-tools-12.3.0-150300.40.1 * open-vm-tools-sdmp-debuginfo-12.3.0-150300.40.1 * libvmtools0-debuginfo-12.3.0-150300.40.1 * open-vm-tools-containerinfo-debuginfo-12.3.0-150300.40.1 * open-vm-tools-debuginfo-12.3.0-150300.40.1 * open-vm-tools-debugsource-12.3.0-150300.40.1 * Basesystem Module 15-SP5 (x86_64) * open-vm-tools-salt-minion-12.3.0-150300.40.1 * libvmtools-devel-12.3.0-150300.40.1 * Desktop Applications Module 15-SP4 (aarch64 x86_64) * open-vm-tools-debuginfo-12.3.0-150300.40.1 * open-vm-tools-desktop-debuginfo-12.3.0-150300.40.1 * open-vm-tools-debugsource-12.3.0-150300.40.1 * open-vm-tools-desktop-12.3.0-150300.40.1 * Desktop Applications Module 15-SP5 (aarch64 x86_64) * open-vm-tools-debuginfo-12.3.0-150300.40.1 * open-vm-tools-desktop-debuginfo-12.3.0-150300.40.1 * open-vm-tools-debugsource-12.3.0-150300.40.1 * open-vm-tools-desktop-12.3.0-150300.40.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * open-vm-tools-containerinfo-12.3.0-150300.40.1 * open-vm-tools-desktop-debuginfo-12.3.0-150300.40.1 * open-vm-tools-desktop-12.3.0-150300.40.1 * libvmtools0-12.3.0-150300.40.1 * open-vm-tools-sdmp-12.3.0-150300.40.1 * open-vm-tools-12.3.0-150300.40.1 * open-vm-tools-sdmp-debuginfo-12.3.0-150300.40.1 * libvmtools0-debuginfo-12.3.0-150300.40.1 * open-vm-tools-containerinfo-debuginfo-12.3.0-150300.40.1 * open-vm-tools-debuginfo-12.3.0-150300.40.1 * open-vm-tools-debugsource-12.3.0-150300.40.1 * open-vm-tools-salt-minion-12.3.0-150300.40.1 * libvmtools-devel-12.3.0-150300.40.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * open-vm-tools-containerinfo-12.3.0-150300.40.1 * open-vm-tools-desktop-debuginfo-12.3.0-150300.40.1 * open-vm-tools-desktop-12.3.0-150300.40.1 * libvmtools0-12.3.0-150300.40.1 * open-vm-tools-sdmp-12.3.0-150300.40.1 * open-vm-tools-12.3.0-150300.40.1 * open-vm-tools-sdmp-debuginfo-12.3.0-150300.40.1 * libvmtools0-debuginfo-12.3.0-150300.40.1 * open-vm-tools-containerinfo-debuginfo-12.3.0-150300.40.1 * open-vm-tools-debuginfo-12.3.0-150300.40.1 * open-vm-tools-debugsource-12.3.0-150300.40.1 * libvmtools-devel-12.3.0-150300.40.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * open-vm-tools-containerinfo-12.3.0-150300.40.1 * open-vm-tools-desktop-debuginfo-12.3.0-150300.40.1 * open-vm-tools-desktop-12.3.0-150300.40.1 * libvmtools0-12.3.0-150300.40.1 * open-vm-tools-sdmp-12.3.0-150300.40.1 * open-vm-tools-12.3.0-150300.40.1 * open-vm-tools-sdmp-debuginfo-12.3.0-150300.40.1 * libvmtools0-debuginfo-12.3.0-150300.40.1 * open-vm-tools-containerinfo-debuginfo-12.3.0-150300.40.1 * open-vm-tools-debuginfo-12.3.0-150300.40.1 * open-vm-tools-debugsource-12.3.0-150300.40.1 * open-vm-tools-salt-minion-12.3.0-150300.40.1 * libvmtools-devel-12.3.0-150300.40.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * open-vm-tools-containerinfo-12.3.0-150300.40.1 * open-vm-tools-desktop-debuginfo-12.3.0-150300.40.1 * open-vm-tools-desktop-12.3.0-150300.40.1 * libvmtools0-12.3.0-150300.40.1 * open-vm-tools-sdmp-12.3.0-150300.40.1 * open-vm-tools-12.3.0-150300.40.1 * open-vm-tools-sdmp-debuginfo-12.3.0-150300.40.1 * libvmtools0-debuginfo-12.3.0-150300.40.1 * open-vm-tools-containerinfo-debuginfo-12.3.0-150300.40.1 * open-vm-tools-debuginfo-12.3.0-150300.40.1 * open-vm-tools-debugsource-12.3.0-150300.40.1 * libvmtools-devel-12.3.0-150300.40.1 * SUSE Manager Proxy 4.2 (x86_64) * libvmtools0-12.3.0-150300.40.1 * open-vm-tools-sdmp-12.3.0-150300.40.1 * open-vm-tools-12.3.0-150300.40.1 * open-vm-tools-sdmp-debuginfo-12.3.0-150300.40.1 * libvmtools0-debuginfo-12.3.0-150300.40.1 * open-vm-tools-debuginfo-12.3.0-150300.40.1 * open-vm-tools-debugsource-12.3.0-150300.40.1 * libvmtools-devel-12.3.0-150300.40.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libvmtools0-12.3.0-150300.40.1 * open-vm-tools-sdmp-12.3.0-150300.40.1 * open-vm-tools-12.3.0-150300.40.1 * open-vm-tools-sdmp-debuginfo-12.3.0-150300.40.1 * libvmtools0-debuginfo-12.3.0-150300.40.1 * open-vm-tools-debuginfo-12.3.0-150300.40.1 * open-vm-tools-debugsource-12.3.0-150300.40.1 * libvmtools-devel-12.3.0-150300.40.1 * SUSE Manager Server 4.2 (x86_64) * libvmtools0-12.3.0-150300.40.1 * open-vm-tools-sdmp-12.3.0-150300.40.1 * open-vm-tools-12.3.0-150300.40.1 * open-vm-tools-sdmp-debuginfo-12.3.0-150300.40.1 * libvmtools0-debuginfo-12.3.0-150300.40.1 * open-vm-tools-debuginfo-12.3.0-150300.40.1 * open-vm-tools-debugsource-12.3.0-150300.40.1 * libvmtools-devel-12.3.0-150300.40.1 * SUSE Enterprise Storage 7.1 (x86_64) * open-vm-tools-containerinfo-12.3.0-150300.40.1 * open-vm-tools-desktop-debuginfo-12.3.0-150300.40.1 * open-vm-tools-desktop-12.3.0-150300.40.1 * libvmtools0-12.3.0-150300.40.1 * open-vm-tools-sdmp-12.3.0-150300.40.1 * open-vm-tools-12.3.0-150300.40.1 * open-vm-tools-sdmp-debuginfo-12.3.0-150300.40.1 * libvmtools0-debuginfo-12.3.0-150300.40.1 * open-vm-tools-containerinfo-debuginfo-12.3.0-150300.40.1 * open-vm-tools-debuginfo-12.3.0-150300.40.1 * open-vm-tools-debugsource-12.3.0-150300.40.1 * open-vm-tools-salt-minion-12.3.0-150300.40.1 * libvmtools-devel-12.3.0-150300.40.1 * SUSE Linux Enterprise Micro 5.1 (x86_64) * libvmtools0-12.3.0-150300.40.1 * open-vm-tools-12.3.0-150300.40.1 * libvmtools0-debuginfo-12.3.0-150300.40.1 * open-vm-tools-debuginfo-12.3.0-150300.40.1 * open-vm-tools-debugsource-12.3.0-150300.40.1 * SUSE Linux Enterprise Micro 5.2 (x86_64) * libvmtools0-12.3.0-150300.40.1 * open-vm-tools-12.3.0-150300.40.1 * libvmtools0-debuginfo-12.3.0-150300.40.1 * open-vm-tools-debuginfo-12.3.0-150300.40.1 * open-vm-tools-debugsource-12.3.0-150300.40.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * libvmtools0-12.3.0-150300.40.1 * open-vm-tools-12.3.0-150300.40.1 * libvmtools0-debuginfo-12.3.0-150300.40.1 * open-vm-tools-debuginfo-12.3.0-150300.40.1 * open-vm-tools-debugsource-12.3.0-150300.40.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1205927 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 18 12:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Oct 2023 12:30:07 -0000 Subject: SUSE-RU-2023:4111-1: moderate: Recommended update for lame Message-ID: <169763220756.9933.16536730292486730900@smelt2.prg2.suse.org> # Recommended update for lame Announcement ID: SUSE-RU-2023:4111-1 Rating: moderate References: Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that can now be installed. ## Description: This update for lame fixes the following issues: * Add a pkg-config file for libmp3lame ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4111=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4111=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4111=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4111=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4111=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4111=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4111=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4111=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4111=1 ## Package List: * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libmp3lame0-3.100-150000.3.5.1 * libmp3lame0-debuginfo-3.100-150000.3.5.1 * lame-debuginfo-3.100-150000.3.5.1 * lame-debugsource-3.100-150000.3.5.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libmp3lame0-3.100-150000.3.5.1 * libmp3lame0-debuginfo-3.100-150000.3.5.1 * lame-debuginfo-3.100-150000.3.5.1 * lame-debugsource-3.100-150000.3.5.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libmp3lame-devel-3.100-150000.3.5.1 * lame-debuginfo-3.100-150000.3.5.1 * lame-debugsource-3.100-150000.3.5.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libmp3lame-devel-3.100-150000.3.5.1 * lame-debuginfo-3.100-150000.3.5.1 * lame-debugsource-3.100-150000.3.5.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * lame-debugsource-3.100-150000.3.5.1 * lame-3.100-150000.3.5.1 * lame-debuginfo-3.100-150000.3.5.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * lame-debugsource-3.100-150000.3.5.1 * lame-3.100-150000.3.5.1 * lame-debuginfo-3.100-150000.3.5.1 * SUSE Manager Proxy 4.2 (x86_64) * libmp3lame0-3.100-150000.3.5.1 * libmp3lame0-debuginfo-3.100-150000.3.5.1 * lame-debuginfo-3.100-150000.3.5.1 * lame-debugsource-3.100-150000.3.5.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libmp3lame0-3.100-150000.3.5.1 * libmp3lame0-debuginfo-3.100-150000.3.5.1 * lame-debuginfo-3.100-150000.3.5.1 * lame-debugsource-3.100-150000.3.5.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libmp3lame0-3.100-150000.3.5.1 * libmp3lame0-debuginfo-3.100-150000.3.5.1 * lame-debuginfo-3.100-150000.3.5.1 * lame-debugsource-3.100-150000.3.5.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 18 12:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Oct 2023 12:30:09 -0000 Subject: SUSE-SU-2023:4110-1: important: Security update for glibc Message-ID: <169763220965.9933.2790955153183537165@smelt2.prg2.suse.org> # Security update for glibc Announcement ID: SUSE-SU-2023:4110-1 Rating: important References: * bsc#1215286 * bsc#1215891 Cross-References: * CVE-2023-4813 CVSS scores: * CVE-2023-4813 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4813 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for glibc fixes the following issues: Security issue fixed: * CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: * elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4110=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4110=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4110=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4110=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4110=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4110=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4110=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4110=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4110=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4110=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4110=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4110=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4110=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4110=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4110=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4110=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4110=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4110=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4110=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4110=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * glibc-locale-2.31-150300.63.1 * glibc-locale-base-2.31-150300.63.1 * glibc-devel-debuginfo-2.31-150300.63.1 * glibc-debugsource-2.31-150300.63.1 * glibc-devel-2.31-150300.63.1 * glibc-debuginfo-2.31-150300.63.1 * glibc-2.31-150300.63.1 * glibc-locale-base-debuginfo-2.31-150300.63.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * glibc-locale-2.31-150300.63.1 * glibc-locale-base-2.31-150300.63.1 * glibc-devel-debuginfo-2.31-150300.63.1 * glibc-debugsource-2.31-150300.63.1 * glibc-devel-2.31-150300.63.1 * glibc-debuginfo-2.31-150300.63.1 * glibc-2.31-150300.63.1 * glibc-locale-base-debuginfo-2.31-150300.63.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * glibc-locale-2.31-150300.63.1 * glibc-locale-base-2.31-150300.63.1 * glibc-devel-debuginfo-2.31-150300.63.1 * glibc-debugsource-2.31-150300.63.1 * glibc-devel-2.31-150300.63.1 * glibc-debuginfo-2.31-150300.63.1 * glibc-2.31-150300.63.1 * glibc-locale-base-debuginfo-2.31-150300.63.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * glibc-locale-2.31-150300.63.1 * glibc-locale-base-2.31-150300.63.1 * glibc-devel-debuginfo-2.31-150300.63.1 * glibc-debugsource-2.31-150300.63.1 * glibc-devel-2.31-150300.63.1 * glibc-debuginfo-2.31-150300.63.1 * glibc-2.31-150300.63.1 * glibc-locale-base-debuginfo-2.31-150300.63.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * glibc-locale-2.31-150300.63.1 * glibc-locale-base-2.31-150300.63.1 * glibc-devel-debuginfo-2.31-150300.63.1 * glibc-debugsource-2.31-150300.63.1 * glibc-devel-2.31-150300.63.1 * glibc-debuginfo-2.31-150300.63.1 * glibc-2.31-150300.63.1 * glibc-locale-base-debuginfo-2.31-150300.63.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * glibc-locale-2.31-150300.63.1 * glibc-extra-2.31-150300.63.1 * glibc-locale-base-2.31-150300.63.1 * glibc-devel-debuginfo-2.31-150300.63.1 * glibc-debugsource-2.31-150300.63.1 * glibc-extra-debuginfo-2.31-150300.63.1 * glibc-devel-2.31-150300.63.1 * nscd-2.31-150300.63.1 * glibc-profile-2.31-150300.63.1 * glibc-debuginfo-2.31-150300.63.1 * glibc-2.31-150300.63.1 * glibc-locale-base-debuginfo-2.31-150300.63.1 * nscd-debuginfo-2.31-150300.63.1 * Basesystem Module 15-SP4 (noarch) * glibc-info-2.31-150300.63.1 * glibc-lang-2.31-150300.63.1 * glibc-i18ndata-2.31-150300.63.1 * Basesystem Module 15-SP4 (x86_64) * glibc-32bit-debuginfo-2.31-150300.63.1 * glibc-locale-base-32bit-debuginfo-2.31-150300.63.1 * glibc-locale-base-32bit-2.31-150300.63.1 * glibc-32bit-2.31-150300.63.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * glibc-locale-2.31-150300.63.1 * glibc-extra-2.31-150300.63.1 * glibc-locale-base-2.31-150300.63.1 * glibc-devel-debuginfo-2.31-150300.63.1 * glibc-debugsource-2.31-150300.63.1 * glibc-extra-debuginfo-2.31-150300.63.1 * glibc-devel-2.31-150300.63.1 * nscd-2.31-150300.63.1 * glibc-profile-2.31-150300.63.1 * glibc-debuginfo-2.31-150300.63.1 * glibc-2.31-150300.63.1 * glibc-locale-base-debuginfo-2.31-150300.63.1 * nscd-debuginfo-2.31-150300.63.1 * Basesystem Module 15-SP5 (noarch) * glibc-info-2.31-150300.63.1 * glibc-lang-2.31-150300.63.1 * glibc-i18ndata-2.31-150300.63.1 * Basesystem Module 15-SP5 (x86_64) * glibc-locale-base-32bit-debuginfo-2.31-150300.63.1 * glibc-32bit-debuginfo-2.31-150300.63.1 * glibc-32bit-2.31-150300.63.1 * glibc-locale-base-32bit-2.31-150300.63.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * glibc-utils-2.31-150300.63.1 * glibc-utils-debuginfo-2.31-150300.63.1 * glibc-utils-src-debugsource-2.31-150300.63.1 * glibc-debugsource-2.31-150300.63.1 * glibc-devel-static-2.31-150300.63.1 * glibc-debuginfo-2.31-150300.63.1 * Development Tools Module 15-SP4 (x86_64) * glibc-devel-32bit-debuginfo-2.31-150300.63.1 * glibc-32bit-debuginfo-2.31-150300.63.1 * glibc-devel-32bit-2.31-150300.63.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * glibc-utils-2.31-150300.63.1 * glibc-utils-debuginfo-2.31-150300.63.1 * glibc-utils-src-debugsource-2.31-150300.63.1 * glibc-debugsource-2.31-150300.63.1 * glibc-devel-static-2.31-150300.63.1 * glibc-debuginfo-2.31-150300.63.1 * Development Tools Module 15-SP5 (x86_64) * glibc-devel-32bit-debuginfo-2.31-150300.63.1 * glibc-32bit-debuginfo-2.31-150300.63.1 * glibc-devel-32bit-2.31-150300.63.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * glibc-locale-2.31-150300.63.1 * glibc-utils-2.31-150300.63.1 * glibc-extra-2.31-150300.63.1 * glibc-locale-base-2.31-150300.63.1 * glibc-utils-debuginfo-2.31-150300.63.1 * glibc-utils-src-debugsource-2.31-150300.63.1 * glibc-devel-debuginfo-2.31-150300.63.1 * glibc-debugsource-2.31-150300.63.1 * glibc-extra-debuginfo-2.31-150300.63.1 * glibc-devel-2.31-150300.63.1 * nscd-2.31-150300.63.1 * glibc-devel-static-2.31-150300.63.1 * glibc-profile-2.31-150300.63.1 * glibc-debuginfo-2.31-150300.63.1 * glibc-2.31-150300.63.1 * glibc-locale-base-debuginfo-2.31-150300.63.1 * nscd-debuginfo-2.31-150300.63.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * glibc-info-2.31-150300.63.1 * glibc-lang-2.31-150300.63.1 * glibc-i18ndata-2.31-150300.63.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * glibc-32bit-debuginfo-2.31-150300.63.1 * glibc-devel-32bit-2.31-150300.63.1 * glibc-locale-base-32bit-2.31-150300.63.1 * glibc-devel-32bit-debuginfo-2.31-150300.63.1 * glibc-locale-base-32bit-debuginfo-2.31-150300.63.1 * glibc-32bit-2.31-150300.63.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * glibc-locale-2.31-150300.63.1 * glibc-utils-2.31-150300.63.1 * glibc-extra-2.31-150300.63.1 * glibc-locale-base-2.31-150300.63.1 * glibc-utils-debuginfo-2.31-150300.63.1 * glibc-utils-src-debugsource-2.31-150300.63.1 * glibc-devel-debuginfo-2.31-150300.63.1 * glibc-debugsource-2.31-150300.63.1 * glibc-extra-debuginfo-2.31-150300.63.1 * glibc-devel-2.31-150300.63.1 * nscd-2.31-150300.63.1 * glibc-devel-static-2.31-150300.63.1 * glibc-profile-2.31-150300.63.1 * glibc-debuginfo-2.31-150300.63.1 * glibc-2.31-150300.63.1 * glibc-locale-base-debuginfo-2.31-150300.63.1 * nscd-debuginfo-2.31-150300.63.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * glibc-info-2.31-150300.63.1 * glibc-lang-2.31-150300.63.1 * glibc-i18ndata-2.31-150300.63.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * glibc-32bit-debuginfo-2.31-150300.63.1 * glibc-devel-32bit-2.31-150300.63.1 * glibc-locale-base-32bit-2.31-150300.63.1 * glibc-devel-32bit-debuginfo-2.31-150300.63.1 * glibc-locale-base-32bit-debuginfo-2.31-150300.63.1 * glibc-32bit-2.31-150300.63.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * glibc-locale-2.31-150300.63.1 * glibc-utils-2.31-150300.63.1 * glibc-extra-2.31-150300.63.1 * glibc-locale-base-2.31-150300.63.1 * glibc-utils-debuginfo-2.31-150300.63.1 * glibc-utils-src-debugsource-2.31-150300.63.1 * glibc-devel-debuginfo-2.31-150300.63.1 * glibc-debugsource-2.31-150300.63.1 * glibc-extra-debuginfo-2.31-150300.63.1 * glibc-devel-2.31-150300.63.1 * nscd-2.31-150300.63.1 * glibc-devel-static-2.31-150300.63.1 * glibc-profile-2.31-150300.63.1 * glibc-debuginfo-2.31-150300.63.1 * glibc-2.31-150300.63.1 * glibc-locale-base-debuginfo-2.31-150300.63.1 * nscd-debuginfo-2.31-150300.63.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * glibc-info-2.31-150300.63.1 * glibc-lang-2.31-150300.63.1 * glibc-i18ndata-2.31-150300.63.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * glibc-32bit-debuginfo-2.31-150300.63.1 * glibc-devel-32bit-2.31-150300.63.1 * glibc-locale-base-32bit-2.31-150300.63.1 * glibc-devel-32bit-debuginfo-2.31-150300.63.1 * glibc-locale-base-32bit-debuginfo-2.31-150300.63.1 * glibc-32bit-2.31-150300.63.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * glibc-locale-2.31-150300.63.1 * glibc-utils-2.31-150300.63.1 * glibc-extra-2.31-150300.63.1 * glibc-locale-base-2.31-150300.63.1 * glibc-utils-debuginfo-2.31-150300.63.1 * glibc-utils-src-debugsource-2.31-150300.63.1 * glibc-devel-debuginfo-2.31-150300.63.1 * glibc-debugsource-2.31-150300.63.1 * glibc-extra-debuginfo-2.31-150300.63.1 * glibc-devel-2.31-150300.63.1 * nscd-2.31-150300.63.1 * glibc-devel-static-2.31-150300.63.1 * glibc-profile-2.31-150300.63.1 * glibc-debuginfo-2.31-150300.63.1 * glibc-2.31-150300.63.1 * glibc-locale-base-debuginfo-2.31-150300.63.1 * nscd-debuginfo-2.31-150300.63.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * glibc-info-2.31-150300.63.1 * glibc-lang-2.31-150300.63.1 * glibc-i18ndata-2.31-150300.63.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * glibc-32bit-debuginfo-2.31-150300.63.1 * glibc-devel-32bit-2.31-150300.63.1 * glibc-locale-base-32bit-2.31-150300.63.1 * glibc-devel-32bit-debuginfo-2.31-150300.63.1 * glibc-locale-base-32bit-debuginfo-2.31-150300.63.1 * glibc-32bit-2.31-150300.63.1 * SUSE Manager Proxy 4.2 (x86_64) * glibc-locale-2.31-150300.63.1 * glibc-extra-2.31-150300.63.1 * glibc-locale-base-2.31-150300.63.1 * glibc-locale-base-32bit-debuginfo-2.31-150300.63.1 * glibc-32bit-2.31-150300.63.1 * glibc-32bit-debuginfo-2.31-150300.63.1 * glibc-locale-base-32bit-2.31-150300.63.1 * glibc-debugsource-2.31-150300.63.1 * glibc-devel-debuginfo-2.31-150300.63.1 * glibc-extra-debuginfo-2.31-150300.63.1 * glibc-devel-2.31-150300.63.1 * nscd-2.31-150300.63.1 * glibc-profile-2.31-150300.63.1 * glibc-debuginfo-2.31-150300.63.1 * glibc-2.31-150300.63.1 * glibc-locale-base-debuginfo-2.31-150300.63.1 * nscd-debuginfo-2.31-150300.63.1 * SUSE Manager Proxy 4.2 (noarch) * glibc-info-2.31-150300.63.1 * glibc-lang-2.31-150300.63.1 * glibc-i18ndata-2.31-150300.63.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * glibc-locale-2.31-150300.63.1 * glibc-extra-2.31-150300.63.1 * glibc-locale-base-2.31-150300.63.1 * glibc-locale-base-32bit-debuginfo-2.31-150300.63.1 * glibc-32bit-2.31-150300.63.1 * glibc-32bit-debuginfo-2.31-150300.63.1 * glibc-locale-base-32bit-2.31-150300.63.1 * glibc-debugsource-2.31-150300.63.1 * glibc-devel-debuginfo-2.31-150300.63.1 * glibc-extra-debuginfo-2.31-150300.63.1 * glibc-devel-2.31-150300.63.1 * nscd-2.31-150300.63.1 * glibc-profile-2.31-150300.63.1 * glibc-debuginfo-2.31-150300.63.1 * glibc-2.31-150300.63.1 * glibc-locale-base-debuginfo-2.31-150300.63.1 * nscd-debuginfo-2.31-150300.63.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * glibc-info-2.31-150300.63.1 * glibc-lang-2.31-150300.63.1 * glibc-i18ndata-2.31-150300.63.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * glibc-locale-2.31-150300.63.1 * glibc-extra-2.31-150300.63.1 * glibc-locale-base-2.31-150300.63.1 * glibc-devel-debuginfo-2.31-150300.63.1 * glibc-debugsource-2.31-150300.63.1 * glibc-extra-debuginfo-2.31-150300.63.1 * glibc-devel-2.31-150300.63.1 * nscd-2.31-150300.63.1 * glibc-profile-2.31-150300.63.1 * glibc-debuginfo-2.31-150300.63.1 * glibc-2.31-150300.63.1 * glibc-locale-base-debuginfo-2.31-150300.63.1 * nscd-debuginfo-2.31-150300.63.1 * SUSE Manager Server 4.2 (noarch) * glibc-info-2.31-150300.63.1 * glibc-lang-2.31-150300.63.1 * glibc-i18ndata-2.31-150300.63.1 * SUSE Manager Server 4.2 (x86_64) * glibc-locale-base-32bit-debuginfo-2.31-150300.63.1 * glibc-32bit-debuginfo-2.31-150300.63.1 * glibc-32bit-2.31-150300.63.1 * glibc-locale-base-32bit-2.31-150300.63.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * glibc-locale-2.31-150300.63.1 * glibc-utils-2.31-150300.63.1 * glibc-extra-2.31-150300.63.1 * glibc-locale-base-2.31-150300.63.1 * glibc-utils-debuginfo-2.31-150300.63.1 * glibc-utils-src-debugsource-2.31-150300.63.1 * glibc-devel-debuginfo-2.31-150300.63.1 * glibc-debugsource-2.31-150300.63.1 * glibc-extra-debuginfo-2.31-150300.63.1 * glibc-devel-2.31-150300.63.1 * nscd-2.31-150300.63.1 * glibc-devel-static-2.31-150300.63.1 * glibc-profile-2.31-150300.63.1 * glibc-debuginfo-2.31-150300.63.1 * glibc-2.31-150300.63.1 * glibc-locale-base-debuginfo-2.31-150300.63.1 * nscd-debuginfo-2.31-150300.63.1 * SUSE Enterprise Storage 7.1 (noarch) * glibc-info-2.31-150300.63.1 * glibc-lang-2.31-150300.63.1 * glibc-i18ndata-2.31-150300.63.1 * SUSE Enterprise Storage 7.1 (x86_64) * glibc-32bit-debuginfo-2.31-150300.63.1 * glibc-devel-32bit-2.31-150300.63.1 * glibc-locale-base-32bit-2.31-150300.63.1 * glibc-devel-32bit-debuginfo-2.31-150300.63.1 * glibc-locale-base-32bit-debuginfo-2.31-150300.63.1 * glibc-32bit-2.31-150300.63.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * glibc-locale-2.31-150300.63.1 * glibc-locale-base-2.31-150300.63.1 * glibc-debugsource-2.31-150300.63.1 * glibc-devel-2.31-150300.63.1 * glibc-debuginfo-2.31-150300.63.1 * glibc-2.31-150300.63.1 * glibc-locale-base-debuginfo-2.31-150300.63.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * glibc-locale-2.31-150300.63.1 * glibc-locale-base-2.31-150300.63.1 * glibc-debugsource-2.31-150300.63.1 * glibc-devel-2.31-150300.63.1 * glibc-debuginfo-2.31-150300.63.1 * glibc-2.31-150300.63.1 * glibc-locale-base-debuginfo-2.31-150300.63.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * glibc-locale-2.31-150300.63.1 * glibc-locale-base-2.31-150300.63.1 * glibc-debugsource-2.31-150300.63.1 * glibc-devel-2.31-150300.63.1 * glibc-debuginfo-2.31-150300.63.1 * glibc-2.31-150300.63.1 * glibc-locale-base-debuginfo-2.31-150300.63.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4813.html * https://bugzilla.suse.com/show_bug.cgi?id=1215286 * https://bugzilla.suse.com/show_bug.cgi?id=1215891 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 18 12:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Oct 2023 12:30:12 -0000 Subject: SUSE-SU-2023:4109-1: critical: Security update for erlang Message-ID: <169763221227.9933.10849108097475305043@smelt2.prg2.suse.org> # Security update for erlang Announcement ID: SUSE-SU-2023:4109-1 Rating: critical References: * bsc#1205318 * jsc#PED-6209 Cross-References: * CVE-2022-37026 CVSS scores: * CVE-2022-37026 ( SUSE ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L * CVE-2022-37026 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability and contains one feature can now be installed. ## Description: This update for erlang fixes the following issues: * Updated to version 23.3.4.19 (jsc#PED-6209): * CVE-2022-37026: Complete a previous insufficient fix for an authentication bypass (bsc#1205318). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4109=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4109=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4109=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4109=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4109=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4109=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4109=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4109=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4109=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4109=1 ## Package List: * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * erlang-epmd-debuginfo-23.3.4.19-150300.3.11.1 * erlang-23.3.4.19-150300.3.11.1 * erlang-debugsource-23.3.4.19-150300.3.11.1 * erlang-debuginfo-23.3.4.19-150300.3.11.1 * erlang-epmd-23.3.4.19-150300.3.11.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * erlang-epmd-debuginfo-23.3.4.19-150300.3.11.1 * erlang-23.3.4.19-150300.3.11.1 * erlang-debugsource-23.3.4.19-150300.3.11.1 * erlang-debuginfo-23.3.4.19-150300.3.11.1 * erlang-epmd-23.3.4.19-150300.3.11.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * erlang-epmd-debuginfo-23.3.4.19-150300.3.11.1 * erlang-23.3.4.19-150300.3.11.1 * erlang-debugsource-23.3.4.19-150300.3.11.1 * erlang-debuginfo-23.3.4.19-150300.3.11.1 * erlang-epmd-23.3.4.19-150300.3.11.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * erlang-epmd-debuginfo-23.3.4.19-150300.3.11.1 * erlang-23.3.4.19-150300.3.11.1 * erlang-debugsource-23.3.4.19-150300.3.11.1 * erlang-debuginfo-23.3.4.19-150300.3.11.1 * erlang-epmd-23.3.4.19-150300.3.11.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * erlang-epmd-debuginfo-23.3.4.19-150300.3.11.1 * erlang-23.3.4.19-150300.3.11.1 * erlang-debugsource-23.3.4.19-150300.3.11.1 * erlang-debuginfo-23.3.4.19-150300.3.11.1 * erlang-epmd-23.3.4.19-150300.3.11.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * erlang-epmd-debuginfo-23.3.4.19-150300.3.11.1 * erlang-23.3.4.19-150300.3.11.1 * erlang-debugsource-23.3.4.19-150300.3.11.1 * erlang-debuginfo-23.3.4.19-150300.3.11.1 * erlang-epmd-23.3.4.19-150300.3.11.1 * SUSE Manager Proxy 4.2 (x86_64) * erlang-epmd-debuginfo-23.3.4.19-150300.3.11.1 * erlang-23.3.4.19-150300.3.11.1 * erlang-debugsource-23.3.4.19-150300.3.11.1 * erlang-debuginfo-23.3.4.19-150300.3.11.1 * erlang-epmd-23.3.4.19-150300.3.11.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * erlang-epmd-debuginfo-23.3.4.19-150300.3.11.1 * erlang-23.3.4.19-150300.3.11.1 * erlang-debugsource-23.3.4.19-150300.3.11.1 * erlang-debuginfo-23.3.4.19-150300.3.11.1 * erlang-epmd-23.3.4.19-150300.3.11.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * erlang-epmd-debuginfo-23.3.4.19-150300.3.11.1 * erlang-23.3.4.19-150300.3.11.1 * erlang-debugsource-23.3.4.19-150300.3.11.1 * erlang-debuginfo-23.3.4.19-150300.3.11.1 * erlang-epmd-23.3.4.19-150300.3.11.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * erlang-epmd-debuginfo-23.3.4.19-150300.3.11.1 * erlang-23.3.4.19-150300.3.11.1 * erlang-debugsource-23.3.4.19-150300.3.11.1 * erlang-debuginfo-23.3.4.19-150300.3.11.1 * erlang-epmd-23.3.4.19-150300.3.11.1 ## References: * https://www.suse.com/security/cve/CVE-2022-37026.html * https://bugzilla.suse.com/show_bug.cgi?id=1205318 * https://jira.suse.com/browse/PED-6209 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 18 12:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Oct 2023 12:30:14 -0000 Subject: SUSE-SU-2023:4108-1: moderate: Security update for python-urllib3 Message-ID: <169763221452.9933.5993365277998503486@smelt2.prg2.suse.org> # Security update for python-urllib3 Announcement ID: SUSE-SU-2023:4108-1 Rating: moderate References: * bsc#1215968 Cross-References: * CVE-2023-43804 CVSS scores: * CVE-2023-43804 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-43804 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python-urllib3 fixes the following issues: * CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if the user manually set the corresponding header (bsc#1215968). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4108=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4108=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4108=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4108=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4108=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4108=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4108=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4108=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4108=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4108=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4108=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4108=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4108=1 ## Package List: * SUSE Manager Retail Branch Server 4.2 (noarch) * python3-urllib3-1.25.10-150300.4.6.1 * SUSE Manager Server 4.2 (noarch) * python3-urllib3-1.25.10-150300.4.6.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * python3-urllib3-1.25.10-150300.4.6.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * python3-urllib3-1.25.10-150300.4.6.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * python3-urllib3-1.25.10-150300.4.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * python3-urllib3-1.25.10-150300.4.6.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * python3-urllib3-1.25.10-150300.4.6.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * python3-urllib3-1.25.10-150300.4.6.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * python3-urllib3-1.25.10-150300.4.6.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * python3-urllib3-1.25.10-150300.4.6.1 * Basesystem Module 15-SP4 (noarch) * python3-urllib3-1.25.10-150300.4.6.1 * Basesystem Module 15-SP5 (noarch) * python3-urllib3-1.25.10-150300.4.6.1 * SUSE Manager Proxy 4.2 (noarch) * python3-urllib3-1.25.10-150300.4.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-43804.html * https://bugzilla.suse.com/show_bug.cgi?id=1215968 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 18 12:30:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Oct 2023 12:30:18 -0000 Subject: SUSE-RU-2023:4107-1: moderate: Recommended update for docker Message-ID: <169763221874.9933.8369048378722610950@smelt2.prg2.suse.org> # Recommended update for docker Announcement ID: SUSE-RU-2023:4107-1 Rating: moderate References: * bsc#1208074 * bsc#1210141 * bsc#1210797 * bsc#1211578 * bsc#1212368 * bsc#1213120 * bsc#1213229 * bsc#1213500 * bsc#1215323 Affected Products: * Containers Module 12 * SUSE Linux Enterprise Desktop 12 * SUSE Linux Enterprise Desktop 12 SP1 * SUSE Linux Enterprise Desktop 12 SP2 * SUSE Linux Enterprise Desktop 12 SP3 * SUSE Linux Enterprise Desktop 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 * SUSE Manager Client Tools for SLE 12 An update that has nine fixes can now be installed. ## Description: This update for docker fixes the following issues: Update to Docker 24.0.6-ce. See upstream changelong online at https://docs.docker.com/engine/release-notes/24.0/#2406. bsc#1215323 * Add a docker.socket unit file, but with socket activation effectively disabled to ensure that Docker will always run even if you start the socket individually. Users should probably just ignore this unit file. bsc#1210141 Update to Docker 24.0.5-ce. See upstream changelong online at https://docs.docker.com/engine/release-notes/24.0/#2405. bsc#1213229 Update to Docker 24.0.4-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/24.0/#2404. bsc#1213500 Update to Docker 24.0.3-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/24.0/#2403. bsc#1213120 * Recommend docker-rootless-extras instead of Require(ing) it, given it's an additional functionality and not inherently required for docker to function. * Add docker-rootless-extras subpackage (https://docs.docker.com/engine/security/rootless) Update to Docker 24.0.2-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/24.0/#2402. bsc#1212368 * Includes the upstreamed fix for the mount table pollution issue. bsc#1210797 * Add Recommends for docker-buildx, and add /usr/lib/docker/cli-plugins as being provided by this package. Update to Docker 23.0.6-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/23.0/#2306. bsc#1211578 Update to Docker 23.0.5-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/23.0/#2305. Update to Docker 23.0.4-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/23.0/#2304. bsc#1208074 * Add apparmor-parser as a Recommends to make sure that most users will end up with it installed even if they are primarily running SELinux. * Allow to install container-selinux instead of apparmor-parser. * Change to using systemd-sysusers runc was updated to 1.1.9: * Update to runc v1.1.9. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.9 containerd was updated to 1.7.7: * Update to containerd v1.7.7. Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.7 * Update to containerd v1.7.6 for Docker v24.0.6-ce. Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.6 bsc#1215323 * Add `Provides: cri-runtime` to use containerd as container runtime in Factory Kubernetes packages ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for SLE 12 zypper in -t patch SUSE-SLE-Manager-Tools-12-2023-4107=1 * Containers Module 12 zypper in -t patch SUSE-SLE-Module-Containers-12-2023-4107=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4107=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4107=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4107=1 ## Package List: * SUSE Manager Client Tools for SLE 12 (noarch) * sysuser-shadow-2.0-1.7.1 * Containers Module 12 (ppc64le s390x x86_64) * runc-debuginfo-1.1.9-16.37.1 * docker-24.0.6_ce-98.100.2 * docker-debuginfo-24.0.6_ce-98.100.2 * containerd-1.7.7-16.85.1 * runc-1.1.9-16.37.1 * Containers Module 12 (noarch) * sysuser-shadow-2.0-1.7.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * sysuser-shadow-2.0-1.7.1 * sysuser-tools-2.0-1.7.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * sysuser-shadow-2.0-1.7.1 * sysuser-tools-2.0-1.7.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * sysuser-shadow-2.0-1.7.1 * sysuser-tools-2.0-1.7.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208074 * https://bugzilla.suse.com/show_bug.cgi?id=1210141 * https://bugzilla.suse.com/show_bug.cgi?id=1210797 * https://bugzilla.suse.com/show_bug.cgi?id=1211578 * https://bugzilla.suse.com/show_bug.cgi?id=1212368 * https://bugzilla.suse.com/show_bug.cgi?id=1213120 * https://bugzilla.suse.com/show_bug.cgi?id=1213229 * https://bugzilla.suse.com/show_bug.cgi?id=1213500 * https://bugzilla.suse.com/show_bug.cgi?id=1215323 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 18 16:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Oct 2023 16:30:04 -0000 Subject: SUSE-RU-2023:4052-2: moderate: Recommended update for babeltrace Message-ID: <169764660477.32197.9091665407034076809@smelt2.prg2.suse.org> # Recommended update for babeltrace Announcement ID: SUSE-RU-2023:4052-2 Rating: moderate References: * bsc#1209275 Affected Products: * SUSE Linux Enterprise Micro 5.5 An update that has one fix can now be installed. ## Description: This update ships missing babeltrace-devel to the Basesystem module to allow building gdb source rpms. (bsc#1209275) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4052=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (x86_64) * babeltrace-1.5.8-150300.3.2.1 * babeltrace-debugsource-1.5.8-150300.3.2.1 * babeltrace-debuginfo-1.5.8-150300.3.2.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209275 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 18 16:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Oct 2023 16:30:06 -0000 Subject: SUSE-SU-2023:4121-1: important: Security update for slurm Message-ID: <169764660626.32197.3509546564669639076@smelt2.prg2.suse.org> # Security update for slurm Announcement ID: SUSE-SU-2023:4121-1 Rating: important References: * bsc#1208810 * bsc#1216207 Cross-References: * CVE-2023-41914 CVSS scores: * CVE-2023-41914 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for slurm fixes the following issues: * CVE-2023-41914: Fixed a filesystem handling race conditions that could lead to an attacker taking control of an arbitrary file. (bsc#1216207) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4121=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * slurm-torque-18.08.9-150100.3.25.1 * slurm-lua-debuginfo-18.08.9-150100.3.25.1 * perl-slurm-18.08.9-150100.3.25.1 * slurm-auth-none-debuginfo-18.08.9-150100.3.25.1 * slurm-pam_slurm-18.08.9-150100.3.25.1 * perl-slurm-debuginfo-18.08.9-150100.3.25.1 * slurm-node-debuginfo-18.08.9-150100.3.25.1 * slurm-slurmdbd-debuginfo-18.08.9-150100.3.25.1 * slurm-plugins-debuginfo-18.08.9-150100.3.25.1 * slurm-sql-18.08.9-150100.3.25.1 * slurm-plugins-18.08.9-150100.3.25.1 * slurm-munge-debuginfo-18.08.9-150100.3.25.1 * slurm-torque-debuginfo-18.08.9-150100.3.25.1 * slurm-18.08.9-150100.3.25.1 * slurm-config-18.08.9-150100.3.25.1 * slurm-sview-18.08.9-150100.3.25.1 * slurm-doc-18.08.9-150100.3.25.1 * slurm-devel-18.08.9-150100.3.25.1 * slurm-node-18.08.9-150100.3.25.1 * slurm-lua-18.08.9-150100.3.25.1 * slurm-auth-none-18.08.9-150100.3.25.1 * slurm-munge-18.08.9-150100.3.25.1 * slurm-pam_slurm-debuginfo-18.08.9-150100.3.25.1 * slurm-debuginfo-18.08.9-150100.3.25.1 * slurm-slurmdbd-18.08.9-150100.3.25.1 * slurm-sql-debuginfo-18.08.9-150100.3.25.1 * libpmi0-18.08.9-150100.3.25.1 * slurm-debugsource-18.08.9-150100.3.25.1 * libslurm33-debuginfo-18.08.9-150100.3.25.1 * libslurm33-18.08.9-150100.3.25.1 * slurm-sview-debuginfo-18.08.9-150100.3.25.1 * libpmi0-debuginfo-18.08.9-150100.3.25.1 * slurm-config-man-18.08.9-150100.3.25.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41914.html * https://bugzilla.suse.com/show_bug.cgi?id=1208810 * https://bugzilla.suse.com/show_bug.cgi?id=1216207 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 18 16:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Oct 2023 16:30:08 -0000 Subject: SUSE-SU-2023:4120-1: important: Security update for slurm Message-ID: <169764660812.32197.16208284480143457533@smelt2.prg2.suse.org> # Security update for slurm Announcement ID: SUSE-SU-2023:4120-1 Rating: important References: * bsc#1208810 * bsc#1216207 Cross-References: * CVE-2023-41914 CVSS scores: * CVE-2023-41914 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * HPC Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for slurm fixes the following issues: * CVE-2023-41914: Fixed a filesystem handling race conditions that could lead to an attacker taking control of an arbitrary file. (bsc#1216207) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * HPC Module 12 zypper in -t patch SUSE-SLE-Module-HPC-12-2023-4120=1 ## Package List: * HPC Module 12 (aarch64 x86_64) * slurm-sql-17.02.11-6.56.1 * slurm-plugins-debuginfo-17.02.11-6.56.1 * slurm-sql-debuginfo-17.02.11-6.56.1 * slurm-plugins-17.02.11-6.56.1 * slurm-auth-none-17.02.11-6.56.1 * slurm-debuginfo-17.02.11-6.56.1 * libpmi0-debuginfo-17.02.11-6.56.1 * slurm-doc-17.02.11-6.56.1 * libslurm31-debuginfo-17.02.11-6.56.1 * slurm-slurmdbd-17.02.11-6.56.1 * slurm-munge-17.02.11-6.56.1 * slurm-auth-none-debuginfo-17.02.11-6.56.1 * slurm-slurmdbd-debuginfo-17.02.11-6.56.1 * slurm-slurmdb-direct-17.02.11-6.56.1 * slurm-sched-wiki-17.02.11-6.56.1 * slurm-devel-17.02.11-6.56.1 * perl-slurm-debuginfo-17.02.11-6.56.1 * slurm-munge-debuginfo-17.02.11-6.56.1 * slurm-torque-debuginfo-17.02.11-6.56.1 * libpmi0-17.02.11-6.56.1 * slurm-config-17.02.11-6.56.1 * slurm-lua-debuginfo-17.02.11-6.56.1 * libslurm31-17.02.11-6.56.1 * slurm-debugsource-17.02.11-6.56.1 * slurm-pam_slurm-debuginfo-17.02.11-6.56.1 * slurm-pam_slurm-17.02.11-6.56.1 * slurm-17.02.11-6.56.1 * perl-slurm-17.02.11-6.56.1 * slurm-torque-17.02.11-6.56.1 * slurm-lua-17.02.11-6.56.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41914.html * https://bugzilla.suse.com/show_bug.cgi?id=1208810 * https://bugzilla.suse.com/show_bug.cgi?id=1216207 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 18 16:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Oct 2023 16:30:10 -0000 Subject: SUSE-SU-2023:4119-1: important: Security update for slurm Message-ID: <169764661005.32197.17802864862992676876@smelt2.prg2.suse.org> # Security update for slurm Announcement ID: SUSE-SU-2023:4119-1 Rating: important References: * bsc#1208810 * bsc#1216207 Cross-References: * CVE-2023-41914 CVSS scores: * CVE-2023-41914 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * HPC Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for slurm fixes the following issues: * CVE-2023-41914: Fixed a filesystem handling race conditions that could lead to an attacker taking control of an arbitrary file. (bsc#1216207) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * HPC Module 12 zypper in -t patch SUSE-SLE-Module-HPC-12-2023-4119=1 ## Package List: * HPC Module 12 (aarch64 x86_64) * perl-slurm_20_02-debuginfo-20.02.7-3.17.1 * slurm_20_02-slurmdbd-debuginfo-20.02.7-3.17.1 * slurm_20_02-config-man-20.02.7-3.17.1 * slurm_20_02-lua-20.02.7-3.17.1 * slurm_20_02-20.02.7-3.17.1 * perl-slurm_20_02-20.02.7-3.17.1 * slurm_20_02-munge-debuginfo-20.02.7-3.17.1 * slurm_20_02-torque-debuginfo-20.02.7-3.17.1 * slurm_20_02-debugsource-20.02.7-3.17.1 * slurm_20_02-devel-20.02.7-3.17.1 * slurm_20_02-doc-20.02.7-3.17.1 * slurm_20_02-torque-20.02.7-3.17.1 * libslurm35-20.02.7-3.17.1 * slurm_20_02-auth-none-20.02.7-3.17.1 * slurm_20_02-plugins-20.02.7-3.17.1 * slurm_20_02-plugins-debuginfo-20.02.7-3.17.1 * libpmi0_20_02-debuginfo-20.02.7-3.17.1 * slurm_20_02-munge-20.02.7-3.17.1 * slurm_20_02-config-20.02.7-3.17.1 * slurm_20_02-sview-debuginfo-20.02.7-3.17.1 * libnss_slurm2_20_02-20.02.7-3.17.1 * libnss_slurm2_20_02-debuginfo-20.02.7-3.17.1 * slurm_20_02-lua-debuginfo-20.02.7-3.17.1 * slurm_20_02-slurmdbd-20.02.7-3.17.1 * slurm_20_02-node-debuginfo-20.02.7-3.17.1 * slurm_20_02-node-20.02.7-3.17.1 * slurm_20_02-pam_slurm-20.02.7-3.17.1 * libpmi0_20_02-20.02.7-3.17.1 * slurm_20_02-auth-none-debuginfo-20.02.7-3.17.1 * slurm_20_02-sql-20.02.7-3.17.1 * slurm_20_02-pam_slurm-debuginfo-20.02.7-3.17.1 * slurm_20_02-debuginfo-20.02.7-3.17.1 * slurm_20_02-sview-20.02.7-3.17.1 * slurm_20_02-sql-debuginfo-20.02.7-3.17.1 * libslurm35-debuginfo-20.02.7-3.17.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41914.html * https://bugzilla.suse.com/show_bug.cgi?id=1208810 * https://bugzilla.suse.com/show_bug.cgi?id=1216207 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 18 16:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Oct 2023 16:30:12 -0000 Subject: SUSE-SU-2023:4118-1: important: Security update for slurm Message-ID: <169764661205.32197.11375634974935063186@smelt2.prg2.suse.org> # Security update for slurm Announcement ID: SUSE-SU-2023:4118-1 Rating: important References: * bsc#1208810 * bsc#1216207 Cross-References: * CVE-2023-41914 CVSS scores: * CVE-2023-41914 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for slurm fixes the following issues: * CVE-2023-41914: Fixed a filesystem handling race conditions that could lead to an attacker taking control of an arbitrary file. (bsc#1216207) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4118=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * slurm_20_02-slurmdbd-20.02.7-150100.3.27.1 * slurm_20_02-20.02.7-150100.3.27.1 * slurm_20_02-webdoc-20.02.7-150100.3.27.1 * libnss_slurm2_20_02-20.02.7-150100.3.27.1 * slurm_20_02-node-20.02.7-150100.3.27.1 * perl-slurm_20_02-debuginfo-20.02.7-150100.3.27.1 * slurm_20_02-auth-none-20.02.7-150100.3.27.1 * slurm_20_02-devel-20.02.7-150100.3.27.1 * slurm_20_02-sview-20.02.7-150100.3.27.1 * libpmi0_20_02-20.02.7-150100.3.27.1 * slurm_20_02-auth-none-debuginfo-20.02.7-150100.3.27.1 * slurm_20_02-torque-20.02.7-150100.3.27.1 * slurm_20_02-sql-20.02.7-150100.3.27.1 * slurm_20_02-config-man-20.02.7-150100.3.27.1 * slurm_20_02-plugins-debuginfo-20.02.7-150100.3.27.1 * libpmi0_20_02-debuginfo-20.02.7-150100.3.27.1 * libslurm35-debuginfo-20.02.7-150100.3.27.1 * slurm_20_02-munge-20.02.7-150100.3.27.1 * slurm_20_02-node-debuginfo-20.02.7-150100.3.27.1 * slurm_20_02-torque-debuginfo-20.02.7-150100.3.27.1 * perl-slurm_20_02-20.02.7-150100.3.27.1 * slurm_20_02-slurmdbd-debuginfo-20.02.7-150100.3.27.1 * slurm_20_02-sview-debuginfo-20.02.7-150100.3.27.1 * libslurm35-20.02.7-150100.3.27.1 * slurm_20_02-debugsource-20.02.7-150100.3.27.1 * libnss_slurm2_20_02-debuginfo-20.02.7-150100.3.27.1 * slurm_20_02-plugins-20.02.7-150100.3.27.1 * slurm_20_02-munge-debuginfo-20.02.7-150100.3.27.1 * slurm_20_02-sql-debuginfo-20.02.7-150100.3.27.1 * slurm_20_02-pam_slurm-debuginfo-20.02.7-150100.3.27.1 * slurm_20_02-lua-20.02.7-150100.3.27.1 * slurm_20_02-pam_slurm-20.02.7-150100.3.27.1 * slurm_20_02-doc-20.02.7-150100.3.27.1 * slurm_20_02-lua-debuginfo-20.02.7-150100.3.27.1 * slurm_20_02-config-20.02.7-150100.3.27.1 * slurm_20_02-debuginfo-20.02.7-150100.3.27.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41914.html * https://bugzilla.suse.com/show_bug.cgi?id=1208810 * https://bugzilla.suse.com/show_bug.cgi?id=1216207 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 18 16:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Oct 2023 16:30:14 -0000 Subject: SUSE-SU-2023:4117-1: important: Security update for slurm Message-ID: <169764661495.32197.17431397752736329738@smelt2.prg2.suse.org> # Security update for slurm Announcement ID: SUSE-SU-2023:4117-1 Rating: important References: * bsc#1208810 * bsc#1216207 Cross-References: * CVE-2023-41914 CVSS scores: * CVE-2023-41914 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * HPC Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for slurm fixes the following issues: * CVE-2023-41914: Fixed a filesystem handling race conditions that could lead to an attacker taking control of an arbitrary file. (bsc#1216207) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * HPC Module 12 zypper in -t patch SUSE-SLE-Module-HPC-12-2023-4117=1 ## Package List: * HPC Module 12 (aarch64 x86_64) * slurm_18_08-node-18.08.9-3.20.1 * slurm_18_08-sql-debuginfo-18.08.9-3.20.1 * slurm_18_08-torque-18.08.9-3.20.1 * slurm_18_08-lua-debuginfo-18.08.9-3.20.1 * slurm_18_08-torque-debuginfo-18.08.9-3.20.1 * perl-slurm_18_08-debuginfo-18.08.9-3.20.1 * slurm_18_08-config-18.08.9-3.20.1 * slurm_18_08-node-debuginfo-18.08.9-3.20.1 * slurm_18_08-sql-18.08.9-3.20.1 * libslurm33-18.08.9-3.20.1 * slurm_18_08-debugsource-18.08.9-3.20.1 * slurm_18_08-pam_slurm-debuginfo-18.08.9-3.20.1 * slurm_18_08-plugins-debuginfo-18.08.9-3.20.1 * slurm_18_08-slurmdbd-debuginfo-18.08.9-3.20.1 * slurm_18_08-slurmdbd-18.08.9-3.20.1 * slurm_18_08-munge-18.08.9-3.20.1 * slurm_18_08-auth-none-18.08.9-3.20.1 * libslurm33-debuginfo-18.08.9-3.20.1 * libpmi0_18_08-debuginfo-18.08.9-3.20.1 * slurm_18_08-debuginfo-18.08.9-3.20.1 * slurm_18_08-18.08.9-3.20.1 * slurm_18_08-doc-18.08.9-3.20.1 * slurm_18_08-auth-none-debuginfo-18.08.9-3.20.1 * slurm_18_08-lua-18.08.9-3.20.1 * perl-slurm_18_08-18.08.9-3.20.1 * slurm_18_08-plugins-18.08.9-3.20.1 * slurm_18_08-pam_slurm-18.08.9-3.20.1 * libpmi0_18_08-18.08.9-3.20.1 * slurm_18_08-devel-18.08.9-3.20.1 * slurm_18_08-munge-debuginfo-18.08.9-3.20.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41914.html * https://bugzilla.suse.com/show_bug.cgi?id=1208810 * https://bugzilla.suse.com/show_bug.cgi?id=1216207 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 18 16:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Oct 2023 16:30:16 -0000 Subject: SUSE-SU-2023:4116-1: important: Security update for slurm Message-ID: <169764661689.32197.15533916797715194539@smelt2.prg2.suse.org> # Security update for slurm Announcement ID: SUSE-SU-2023:4116-1 Rating: important References: * bsc#1208810 * bsc#1216207 Cross-References: * CVE-2023-41914 CVSS scores: * CVE-2023-41914 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for slurm fixes the following issues: * CVE-2023-41914: Fixed several filesystem handling race conditions that could lead to an attacker taking control of an arbitrary file (bsc#1216207). Non-security fixes: * Fixed dependency issues that could arise during an upgrade (bsc#1208810). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4116=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * slurm-config-20.02.7-150200.3.17.1 * slurm-node-debuginfo-20.02.7-150200.3.17.1 * slurm-plugins-20.02.7-150200.3.17.1 * slurm-webdoc-20.02.7-150200.3.17.1 * slurm-auth-none-20.02.7-150200.3.17.1 * perl-slurm-debuginfo-20.02.7-150200.3.17.1 * slurm-debuginfo-20.02.7-150200.3.17.1 * slurm-lua-debuginfo-20.02.7-150200.3.17.1 * slurm-auth-none-debuginfo-20.02.7-150200.3.17.1 * slurm-devel-20.02.7-150200.3.17.1 * slurm-munge-debuginfo-20.02.7-150200.3.17.1 * slurm-pam_slurm-20.02.7-150200.3.17.1 * perl-slurm-20.02.7-150200.3.17.1 * slurm-20.02.7-150200.3.17.1 * slurm-sql-debuginfo-20.02.7-150200.3.17.1 * slurm-sview-20.02.7-150200.3.17.1 * slurm-sql-20.02.7-150200.3.17.1 * slurm-lua-20.02.7-150200.3.17.1 * slurm-debugsource-20.02.7-150200.3.17.1 * slurm-munge-20.02.7-150200.3.17.1 * slurm-config-man-20.02.7-150200.3.17.1 * slurm-torque-20.02.7-150200.3.17.1 * libnss_slurm2-20.02.7-150200.3.17.1 * slurm-sview-debuginfo-20.02.7-150200.3.17.1 * slurm-torque-debuginfo-20.02.7-150200.3.17.1 * slurm-node-20.02.7-150200.3.17.1 * libslurm35-20.02.7-150200.3.17.1 * libslurm35-debuginfo-20.02.7-150200.3.17.1 * slurm-slurmdbd-20.02.7-150200.3.17.1 * slurm-doc-20.02.7-150200.3.17.1 * slurm-plugins-debuginfo-20.02.7-150200.3.17.1 * libpmi0-debuginfo-20.02.7-150200.3.17.1 * libnss_slurm2-debuginfo-20.02.7-150200.3.17.1 * libpmi0-20.02.7-150200.3.17.1 * slurm-pam_slurm-debuginfo-20.02.7-150200.3.17.1 * slurm-slurmdbd-debuginfo-20.02.7-150200.3.17.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41914.html * https://bugzilla.suse.com/show_bug.cgi?id=1208810 * https://bugzilla.suse.com/show_bug.cgi?id=1216207 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 18 16:30:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Oct 2023 16:30:23 -0000 Subject: SUSE-SU-2023:4115-1: important: Security update for slurm Message-ID: <169764662373.32197.1456771459539540561@smelt2.prg2.suse.org> # Security update for slurm Announcement ID: SUSE-SU-2023:4115-1 Rating: important References: * bsc#1208810 * bsc#1216207 Cross-References: * CVE-2023-41914 CVSS scores: * CVE-2023-41914 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * HPC Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for slurm fixes the following issues: * CVE-2023-41914: Fixed a filesystem handling race conditions that could lead to an attacker taking control of an arbitrary file. (bsc#1216207) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * HPC Module 12 zypper in -t patch SUSE-SLE-Module-HPC-12-2023-4115=1 ## Package List: * HPC Module 12 (aarch64 x86_64) * libpmi0_20_11-debuginfo-20.11.9-3.16.1 * slurm_20_11-lua-20.11.9-3.16.1 * slurm_20_11-config-man-20.11.9-3.16.1 * slurm_20_11-node-20.11.9-3.16.1 * slurm_20_11-debugsource-20.11.9-3.16.1 * libslurm36-20.11.9-3.16.1 * slurm_20_11-config-20.11.9-3.16.1 * slurm_20_11-plugins-debuginfo-20.11.9-3.16.1 * slurm_20_11-slurmdbd-debuginfo-20.11.9-3.16.1 * perl-slurm_20_11-debuginfo-20.11.9-3.16.1 * slurm_20_11-debuginfo-20.11.9-3.16.1 * slurm_20_11-sql-20.11.9-3.16.1 * perl-slurm_20_11-20.11.9-3.16.1 * slurm_20_11-devel-20.11.9-3.16.1 * slurm_20_11-slurmdbd-20.11.9-3.16.1 * slurm_20_11-munge-20.11.9-3.16.1 * slurm_20_11-plugins-20.11.9-3.16.1 * slurm_20_11-sview-debuginfo-20.11.9-3.16.1 * slurm_20_11-webdoc-20.11.9-3.16.1 * slurm_20_11-auth-none-20.11.9-3.16.1 * slurm_20_11-lua-debuginfo-20.11.9-3.16.1 * libnss_slurm2_20_11-20.11.9-3.16.1 * libpmi0_20_11-20.11.9-3.16.1 * libnss_slurm2_20_11-debuginfo-20.11.9-3.16.1 * slurm_20_11-20.11.9-3.16.1 * slurm_20_11-torque-20.11.9-3.16.1 * slurm_20_11-sview-20.11.9-3.16.1 * libslurm36-debuginfo-20.11.9-3.16.1 * slurm_20_11-auth-none-debuginfo-20.11.9-3.16.1 * slurm_20_11-doc-20.11.9-3.16.1 * slurm_20_11-torque-debuginfo-20.11.9-3.16.1 * slurm_20_11-munge-debuginfo-20.11.9-3.16.1 * slurm_20_11-node-debuginfo-20.11.9-3.16.1 * slurm_20_11-pam_slurm-20.11.9-3.16.1 * slurm_20_11-pam_slurm-debuginfo-20.11.9-3.16.1 * slurm_20_11-sql-debuginfo-20.11.9-3.16.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41914.html * https://bugzilla.suse.com/show_bug.cgi?id=1208810 * https://bugzilla.suse.com/show_bug.cgi?id=1216207 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 18 20:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Oct 2023 20:30:02 -0000 Subject: SUSE-SU-2023:3707-2: important: Security update for cups Message-ID: <169766100253.18533.11459596575297709051@smelt2.prg2.suse.org> # Security update for cups Announcement ID: SUSE-SU-2023:3707-2 Rating: important References: * bsc#1214254 * bsc#1215204 Cross-References: * CVE-2023-32360 * CVE-2023-4504 CVSS scores: * CVE-2023-32360 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-32360 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-4504 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4504 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Micro 5.5 An update that solves two vulnerabilities can now be installed. ## Description: This update for cups fixes the following issues: * CVE-2023-4504: Fixed heap overflow in OpenPrinting CUPS Postscript Parsing (bsc#1215204). * CVE-2023-32360: Fixed Information leak through Cups-Get-Document operation (bsc#1214254). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-3707=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * cups-debugsource-2.2.7-150000.3.51.2 * libcups2-2.2.7-150000.3.51.2 * cups-config-2.2.7-150000.3.51.2 * cups-debuginfo-2.2.7-150000.3.51.2 * libcups2-debuginfo-2.2.7-150000.3.51.2 ## References: * https://www.suse.com/security/cve/CVE-2023-32360.html * https://www.suse.com/security/cve/CVE-2023-4504.html * https://bugzilla.suse.com/show_bug.cgi?id=1214254 * https://bugzilla.suse.com/show_bug.cgi?id=1215204 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 18 20:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Oct 2023 20:30:04 -0000 Subject: SUSE-RU-2023:3843-2: important: Recommended update for suse-build-key Message-ID: <169766100425.18533.1619839911523127694@smelt2.prg2.suse.org> # Recommended update for suse-build-key Announcement ID: SUSE-RU-2023:3843-2 Rating: important References: * jsc#PED-2777 Affected Products: * SUSE Linux Enterprise Micro 5.5 An update that contains one feature can now be installed. ## Description: This update for suse-build-key fixes the following issues: This update adds and runs a import-suse-build-key script. It is run after installation with libzypp based installers. (jsc#PED-2777) It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-3843=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (noarch) * suse-build-key-12.0-150000.8.34.1 ## References: * https://jira.suse.com/browse/PED-2777 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 18 20:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Oct 2023 20:30:05 -0000 Subject: SUSE-SU-2023:3954-2: important: Security update for libeconf Message-ID: <169766100580.18533.15494056645850170189@smelt2.prg2.suse.org> # Security update for libeconf Announcement ID: SUSE-SU-2023:3954-2 Rating: important References: * bsc#1211078 Cross-References: * CVE-2023-22652 * CVE-2023-30078 * CVE-2023-30079 * CVE-2023-32181 CVSS scores: * CVE-2023-22652 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-22652 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-30078 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-30078 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-30079 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-30079 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-32181 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-32181 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise Micro 5.5 An update that solves four vulnerabilities can now be installed. ## Description: This update for libeconf fixes the following issues: Update to version 0.5.2. * CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in "econf_writeFile" function (bsc#1211078). * CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in "read_file" function. (bsc#1211078) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-3954=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * libeconf0-0.5.2-150400.3.6.1 * libeconf-debugsource-0.5.2-150400.3.6.1 * libeconf0-debuginfo-0.5.2-150400.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-22652.html * https://www.suse.com/security/cve/CVE-2023-30078.html * https://www.suse.com/security/cve/CVE-2023-30079.html * https://www.suse.com/security/cve/CVE-2023-32181.html * https://bugzilla.suse.com/show_bug.cgi?id=1211078 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 18 20:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Oct 2023 20:30:09 -0000 Subject: SUSE-SU-2023:3822-2: moderate: Security update for supportutils Message-ID: <169766100919.18533.17464684310994957358@smelt2.prg2.suse.org> # Security update for supportutils Announcement ID: SUSE-SU-2023:3822-2 Rating: moderate References: * bsc#1181477 * bsc#1196933 * bsc#1204942 * bsc#1205533 * bsc#1206402 * bsc#1206608 * bsc#1207543 * bsc#1207598 * bsc#1208928 * bsc#1209979 * bsc#1210015 * bsc#1210950 * bsc#1211598 * bsc#1211599 * bsc#1213127 * jsc#PED-1703 Cross-References: * CVE-2022-45154 CVSS scores: * CVE-2022-45154 ( SUSE ): 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2022-45154 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L Affected Products: * SUSE Linux Enterprise Micro 5.5 An update that solves one vulnerability, contains one feature and has 14 security fixes can now be installed. ## Description: This update for supportutils fixes the following issues: Security fixes: * CVE-2022-45154: Removed iSCSI passwords (bsc#1207598). Other Fixes: * Changes in version 3.1.26 * powerpc plugin to collect the slots and active memory (bsc#1210950) * A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154 * supportconfig: collect BPF information (pr#154) * Added additional iscsi information (pr#155) * Added run time detection (bsc#1213127) * Changes for supportutils version 3.1.25 * Removed iSCSI passwords CVE-2022-45154 (bsc#1207598) * powerpc: Collect lsslot,amsstat, and opal elogs (pr#149) * powerpc: collect invscout logs (pr#150) * powerpc: collect RMC status logs (pr#151) * Added missing nvme nbft commands (bsc#1211599) * Fixed invalid nvme commands (bsc#1211598) * Added missing podman information (PED-1703, bsc#1181477) * Removed dependency on sysfstools * Check for systool use (bsc#1210015) * Added selinux checking (bsc#1209979) * Updated SLES_VER matrix * Fixed missing status detail for apparmor (bsc#1196933) * Corrected invalid argument list in docker.txt (bsc#1206608) * Applies limit equally to sar data and text files (bsc#1207543) * Collects hwinfo hardware logs (bsc#1208928) * Collects lparnumascore logs (issue#148) * Add dependency to `numactl` on ppc64le and `s390x`, this enforces that `numactl --hardware` data is provided in supportconfigs * Changes to supportconfig.rc version 3.1.11-35 * Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402) * Changes to supportconfig version 3.1.11-46.4 * Added plymouth_info * Changes to getappcore version 1.53.02 * The location of chkbin was updated earlier. This documents that change (bsc#1205533, bsc#1204942) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-3822=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (noarch) * supportutils-3.1.26-150300.7.35.21.1 ## References: * https://www.suse.com/security/cve/CVE-2022-45154.html * https://bugzilla.suse.com/show_bug.cgi?id=1181477 * https://bugzilla.suse.com/show_bug.cgi?id=1196933 * https://bugzilla.suse.com/show_bug.cgi?id=1204942 * https://bugzilla.suse.com/show_bug.cgi?id=1205533 * https://bugzilla.suse.com/show_bug.cgi?id=1206402 * https://bugzilla.suse.com/show_bug.cgi?id=1206608 * https://bugzilla.suse.com/show_bug.cgi?id=1207543 * https://bugzilla.suse.com/show_bug.cgi?id=1207598 * https://bugzilla.suse.com/show_bug.cgi?id=1208928 * https://bugzilla.suse.com/show_bug.cgi?id=1209979 * https://bugzilla.suse.com/show_bug.cgi?id=1210015 * https://bugzilla.suse.com/show_bug.cgi?id=1210950 * https://bugzilla.suse.com/show_bug.cgi?id=1211598 * https://bugzilla.suse.com/show_bug.cgi?id=1211599 * https://bugzilla.suse.com/show_bug.cgi?id=1213127 * https://jira.suse.com/browse/PED-1703 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 18 20:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Oct 2023 20:30:11 -0000 Subject: SUSE-RU-2023:3780-2: moderate: Recommended update hidapi Message-ID: <169766101107.18533.5535069157375749227@smelt2.prg2.suse.org> # Recommended update hidapi Announcement ID: SUSE-RU-2023:3780-2 Rating: moderate References: * bsc#1214535 Affected Products: * SUSE Linux Enterprise Micro 5.5 An update that has one fix can now be installed. ## Description: This update for hidapi ships the missing libhidapi-raw0 library to SLE and Leap Micro 5.3 and 5.4. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-3780=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * hidapi-debugsource-0.10.1-150300.3.2.1 * libhidapi-hidraw0-0.10.1-150300.3.2.1 * libhidapi-hidraw0-debuginfo-0.10.1-150300.3.2.1 * hidapi-debuginfo-0.10.1-150300.3.2.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214535 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 18 20:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Oct 2023 20:30:13 -0000 Subject: SUSE-SU-2023:3952-2: important: Security update for runc Message-ID: <169766101345.18533.1261149546294854297@smelt2.prg2.suse.org> # Security update for runc Announcement ID: SUSE-SU-2023:3952-2 Rating: important References: * bsc#1212475 Affected Products: * SUSE Linux Enterprise Micro 5.5 An update that has one security fix can now be installed. ## Description: This update of runc fixes the following issues: * Update to runc v1.1.8. Upstream changelog is available from . * rebuild the package with the go 1.21 security release (bsc#1212475). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-3952=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * runc-debuginfo-1.1.8-150000.49.1 * runc-1.1.8-150000.49.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212475 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 18 20:30:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Oct 2023 20:30:15 -0000 Subject: SUSE-SU-2023:3817-2: important: Security update for containerd Message-ID: <169766101524.18533.10992452452170586381@smelt2.prg2.suse.org> # Security update for containerd Announcement ID: SUSE-SU-2023:3817-2 Rating: important References: * bsc#1212475 Affected Products: * SUSE Linux Enterprise Micro 5.5 An update that has one security fix can now be installed. ## Description: This update of containerd fixes the following issues: * rebuild the package with the go 1.21 security release (bsc#1212475). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-3817=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * containerd-1.6.21-150000.95.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212475 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 18 20:30:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Oct 2023 20:30:17 -0000 Subject: SUSE-RU-2023:3850-2: moderate: Recommended update for evolution Message-ID: <169766101702.18533.1422574685112656129@smelt2.prg2.suse.org> # Recommended update for evolution Announcement ID: SUSE-RU-2023:3850-2 Rating: moderate References: * bsc#1213858 Affected Products: * SUSE Linux Enterprise Micro 5.5 An update that has one fix can now be installed. ## Description: This update for evolution and its dependencies fixes the following issues: evolution: * Handle frame flattening change in WebKitGTK 2.40 (bsc#1213858) bogofilter, evolution-data-server, gcr, geocode-glib, gjs, glade, gnome-autoar, gnome-desktop, gnome-online-accounts, gsl, gspell, gtkspell3, libcanberra, libgdata, libgweather, libical, liboauth, libphonenumber, librest, libxkbcommon, mozjs78: * Deliver missing direct and indirect dependencies of evolution to SUSE Package Hub 15 SP{4,5} for aarch64, ppc64le and s390x * There are NO code changes ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-3850=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * libxkbcommon-debugsource-1.3.0-150400.3.2.2 * libxkbcommon0-1.3.0-150400.3.2.2 * libxkbcommon0-debuginfo-1.3.0-150400.3.2.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213858 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 18 20:30:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Oct 2023 20:30:18 -0000 Subject: SUSE-RU-2023:3637-2: important: Recommended update for cloud-netconfig Message-ID: <169766101842.18533.6493037055687304228@smelt2.prg2.suse.org> # Recommended update for cloud-netconfig Announcement ID: SUSE-RU-2023:3637-2 Rating: important References: * bsc#1214715 Affected Products: * SUSE Linux Enterprise Micro 5.5 An update that has one fix can now be installed. ## Description: This update for cloud-netconfig fixes the following issues: * Update to version 1.8: * Fix Automatic Addition of Secondary IP Addresses in Azure Using cloud- netconfig. (bsc#1214715) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-3637=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (noarch) * cloud-netconfig-gce-1.8-150000.25.11.1 * cloud-netconfig-ec2-1.8-150000.25.11.1 * cloud-netconfig-azure-1.8-150000.25.11.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214715 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 19 07:03:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2023 09:03:11 +0200 (CEST) Subject: SUSE-CU-2023:3455-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20231019070311.A85F8F417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3455-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.131 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.131 Severity : important Type : security References : 1215286 1215891 CVE-2023-4813 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) The following package changes have been done: - glibc-locale-base-2.31-150300.63.1 updated - glibc-locale-2.31-150300.63.1 updated From sle-updates at lists.suse.com Thu Oct 19 07:03:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2023 09:03:20 +0200 (CEST) Subject: SUSE-CU-2023:3456-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20231019070320.1CDD3F417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3456-1 Container Tags : suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.77 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.77 Severity : important Type : security References : 1215286 1215891 CVE-2023-4813 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) The following package changes have been done: - glibc-locale-base-2.31-150300.63.1 updated - glibc-locale-2.31-150300.63.1 updated From sle-updates at lists.suse.com Thu Oct 19 07:03:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2023 09:03:56 +0200 (CEST) Subject: SUSE-CU-2023:3457-1: Security update of bci/dotnet-aspnet Message-ID: <20231019070356.38440F417@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3457-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-16.3 , bci/dotnet-aspnet:6.0.23 , bci/dotnet-aspnet:6.0.23-16.3 Container Release : 16.3 Severity : important Type : security References : 1215215 1215286 1215891 CVE-2023-4813 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4105-1 Released: Wed Oct 18 08:15:40 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) The following package changes have been done: - glibc-2.31-150300.63.1 updated - libopenssl1_1-1.1.1l-150500.17.19.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.19.1 updated - container:sles15-image-15.0.0-36.5.44 updated From sle-updates at lists.suse.com Thu Oct 19 07:04:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2023 09:04:05 +0200 (CEST) Subject: SUSE-CU-2023:3458-1: Security update of bci/dotnet-aspnet Message-ID: <20231019070405.9F717F417@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3458-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-16.3 , bci/dotnet-aspnet:7.0.12 , bci/dotnet-aspnet:7.0.12-16.3 , bci/dotnet-aspnet:latest Container Release : 16.3 Severity : important Type : security References : 1215215 1215286 1215891 CVE-2023-4813 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4105-1 Released: Wed Oct 18 08:15:40 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) The following package changes have been done: - glibc-2.31-150300.63.1 updated - libopenssl1_1-1.1.1l-150500.17.19.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.19.1 updated - container:sles15-image-15.0.0-36.5.44 updated From sle-updates at lists.suse.com Thu Oct 19 07:04:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2023 09:04:17 +0200 (CEST) Subject: SUSE-CU-2023:3459-1: Security update of bci/dotnet-sdk Message-ID: <20231019070417.7E42EF417@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3459-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-15.3 , bci/dotnet-sdk:6.0.23 , bci/dotnet-sdk:6.0.23-15.3 Container Release : 15.3 Severity : important Type : security References : 1215215 1215286 1215891 CVE-2023-4813 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4105-1 Released: Wed Oct 18 08:15:40 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) The following package changes have been done: - glibc-2.31-150300.63.1 updated - libopenssl1_1-1.1.1l-150500.17.19.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.19.1 updated - container:sles15-image-15.0.0-36.5.44 updated From sle-updates at lists.suse.com Thu Oct 19 07:04:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2023 09:04:29 +0200 (CEST) Subject: SUSE-CU-2023:3460-1: Security update of bci/dotnet-sdk Message-ID: <20231019070429.8FD7BF417@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3460-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-17.3 , bci/dotnet-sdk:7.0.12 , bci/dotnet-sdk:7.0.12-17.3 , bci/dotnet-sdk:latest Container Release : 17.3 Severity : important Type : security References : 1215215 1215286 1215891 CVE-2023-4813 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4105-1 Released: Wed Oct 18 08:15:40 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) The following package changes have been done: - glibc-2.31-150300.63.1 updated - libopenssl1_1-1.1.1l-150500.17.19.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.19.1 updated - container:sles15-image-15.0.0-36.5.44 updated From sle-updates at lists.suse.com Thu Oct 19 07:04:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2023 09:04:39 +0200 (CEST) Subject: SUSE-CU-2023:3461-1: Security update of bci/dotnet-runtime Message-ID: <20231019070439.52E55F417@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3461-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-15.3 , bci/dotnet-runtime:6.0.23 , bci/dotnet-runtime:6.0.23-15.3 Container Release : 15.3 Severity : important Type : security References : 1215215 1215286 1215891 CVE-2023-4813 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4105-1 Released: Wed Oct 18 08:15:40 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) The following package changes have been done: - glibc-2.31-150300.63.1 updated - libopenssl1_1-1.1.1l-150500.17.19.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.19.1 updated - container:sles15-image-15.0.0-36.5.44 updated From sle-updates at lists.suse.com Thu Oct 19 07:04:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2023 09:04:49 +0200 (CEST) Subject: SUSE-CU-2023:3462-1: Security update of bci/dotnet-runtime Message-ID: <20231019070449.75EA3F417@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3462-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-17.3 , bci/dotnet-runtime:7.0.12 , bci/dotnet-runtime:7.0.12-17.3 , bci/dotnet-runtime:latest Container Release : 17.3 Severity : important Type : security References : 1215215 1215286 1215891 CVE-2023-4813 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4105-1 Released: Wed Oct 18 08:15:40 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) The following package changes have been done: - glibc-2.31-150300.63.1 updated - libopenssl1_1-1.1.1l-150500.17.19.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.19.1 updated - container:sles15-image-15.0.0-36.5.44 updated From sle-updates at lists.suse.com Thu Oct 19 08:54:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2023 08:54:43 -0000 Subject: SUSE-SU-2023:4130-1: important: Security update for grub2 Message-ID: <169770568367.29066.6166750412716394100@smelt2.prg2.suse.org> # Security update for grub2 Announcement ID: SUSE-SU-2023:4130-1 Rating: important References: * bsc#1215935 * bsc#1215936 Cross-References: * CVE-2023-4692 * CVE-2023-4693 CVSS scores: * CVE-2023-4692 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4693 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.2 Module 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for grub2 fixes the following issues: * CVE-2023-4692: Fixed an out-of-bounds write at fs/ntfs.c which may lead to unsigned code execution. (bsc#1215935) * CVE-2023-4693: Fixed an out-of-bounds read at fs/ntfs.c which may lead to leak sensitive information. (bsc#1215936) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Proxy 4.2 Module 4.2 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2023-4130=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4130=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4130=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4130=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4130=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4130=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4130=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4130=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4130=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4130=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4130=1 ## Package List: * SUSE Manager Proxy 4.2 Module 4.2 (noarch) * grub2-arm64-efi-2.04-150300.22.43.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * grub2-debugsource-2.04-150300.22.43.1 * grub2-2.04-150300.22.43.1 * grub2-debuginfo-2.04-150300.22.43.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * grub2-x86_64-xen-2.04-150300.22.43.1 * grub2-powerpc-ieee1275-2.04-150300.22.43.1 * grub2-i386-pc-2.04-150300.22.43.1 * grub2-x86_64-efi-2.04-150300.22.43.1 * grub2-systemd-sleep-plugin-2.04-150300.22.43.1 * grub2-arm64-efi-2.04-150300.22.43.1 * grub2-snapper-plugin-2.04-150300.22.43.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * grub2-debugsource-2.04-150300.22.43.1 * grub2-2.04-150300.22.43.1 * grub2-debuginfo-2.04-150300.22.43.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * grub2-x86_64-xen-2.04-150300.22.43.1 * grub2-powerpc-ieee1275-2.04-150300.22.43.1 * grub2-i386-pc-2.04-150300.22.43.1 * grub2-x86_64-efi-2.04-150300.22.43.1 * grub2-systemd-sleep-plugin-2.04-150300.22.43.1 * grub2-arm64-efi-2.04-150300.22.43.1 * grub2-snapper-plugin-2.04-150300.22.43.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * grub2-2.04-150300.22.43.1 * grub2-debuginfo-2.04-150300.22.43.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * grub2-x86_64-xen-2.04-150300.22.43.1 * grub2-powerpc-ieee1275-2.04-150300.22.43.1 * grub2-i386-pc-2.04-150300.22.43.1 * grub2-x86_64-efi-2.04-150300.22.43.1 * grub2-systemd-sleep-plugin-2.04-150300.22.43.1 * grub2-arm64-efi-2.04-150300.22.43.1 * grub2-snapper-plugin-2.04-150300.22.43.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 s390x x86_64) * grub2-debugsource-2.04-150300.22.43.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (s390x) * grub2-s390x-emu-2.04-150300.22.43.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * grub2-2.04-150300.22.43.1 * grub2-debuginfo-2.04-150300.22.43.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * grub2-x86_64-xen-2.04-150300.22.43.1 * grub2-powerpc-ieee1275-2.04-150300.22.43.1 * grub2-i386-pc-2.04-150300.22.43.1 * grub2-x86_64-efi-2.04-150300.22.43.1 * grub2-systemd-sleep-plugin-2.04-150300.22.43.1 * grub2-arm64-efi-2.04-150300.22.43.1 * grub2-snapper-plugin-2.04-150300.22.43.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * grub2-debugsource-2.04-150300.22.43.1 * SUSE Manager Proxy 4.2 (x86_64) * grub2-debugsource-2.04-150300.22.43.1 * grub2-2.04-150300.22.43.1 * grub2-debuginfo-2.04-150300.22.43.1 * SUSE Manager Proxy 4.2 (noarch) * grub2-x86_64-xen-2.04-150300.22.43.1 * grub2-powerpc-ieee1275-2.04-150300.22.43.1 * grub2-i386-pc-2.04-150300.22.43.1 * grub2-x86_64-efi-2.04-150300.22.43.1 * grub2-systemd-sleep-plugin-2.04-150300.22.43.1 * grub2-arm64-efi-2.04-150300.22.43.1 * grub2-snapper-plugin-2.04-150300.22.43.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * grub2-debugsource-2.04-150300.22.43.1 * grub2-2.04-150300.22.43.1 * grub2-debuginfo-2.04-150300.22.43.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * grub2-x86_64-xen-2.04-150300.22.43.1 * grub2-powerpc-ieee1275-2.04-150300.22.43.1 * grub2-i386-pc-2.04-150300.22.43.1 * grub2-x86_64-efi-2.04-150300.22.43.1 * grub2-systemd-sleep-plugin-2.04-150300.22.43.1 * grub2-arm64-efi-2.04-150300.22.43.1 * grub2-snapper-plugin-2.04-150300.22.43.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * grub2-2.04-150300.22.43.1 * grub2-debuginfo-2.04-150300.22.43.1 * SUSE Manager Server 4.2 (noarch) * grub2-x86_64-xen-2.04-150300.22.43.1 * grub2-powerpc-ieee1275-2.04-150300.22.43.1 * grub2-i386-pc-2.04-150300.22.43.1 * grub2-x86_64-efi-2.04-150300.22.43.1 * grub2-systemd-sleep-plugin-2.04-150300.22.43.1 * grub2-arm64-efi-2.04-150300.22.43.1 * grub2-snapper-plugin-2.04-150300.22.43.1 * SUSE Manager Server 4.2 (s390x x86_64) * grub2-debugsource-2.04-150300.22.43.1 * SUSE Manager Server 4.2 (s390x) * grub2-s390x-emu-2.04-150300.22.43.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * grub2-debugsource-2.04-150300.22.43.1 * grub2-2.04-150300.22.43.1 * grub2-debuginfo-2.04-150300.22.43.1 * SUSE Enterprise Storage 7.1 (noarch) * grub2-x86_64-xen-2.04-150300.22.43.1 * grub2-powerpc-ieee1275-2.04-150300.22.43.1 * grub2-i386-pc-2.04-150300.22.43.1 * grub2-x86_64-efi-2.04-150300.22.43.1 * grub2-systemd-sleep-plugin-2.04-150300.22.43.1 * grub2-arm64-efi-2.04-150300.22.43.1 * grub2-snapper-plugin-2.04-150300.22.43.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * grub2-debugsource-2.04-150300.22.43.1 * grub2-2.04-150300.22.43.1 * grub2-debuginfo-2.04-150300.22.43.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * grub2-x86_64-xen-2.04-150300.22.43.1 * grub2-i386-pc-2.04-150300.22.43.1 * grub2-x86_64-efi-2.04-150300.22.43.1 * grub2-arm64-efi-2.04-150300.22.43.1 * grub2-snapper-plugin-2.04-150300.22.43.1 * SUSE Linux Enterprise Micro 5.2 (s390x) * grub2-s390x-emu-2.04-150300.22.43.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * grub2-debugsource-2.04-150300.22.43.1 * grub2-2.04-150300.22.43.1 * grub2-debuginfo-2.04-150300.22.43.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * grub2-x86_64-xen-2.04-150300.22.43.1 * grub2-i386-pc-2.04-150300.22.43.1 * grub2-x86_64-efi-2.04-150300.22.43.1 * grub2-arm64-efi-2.04-150300.22.43.1 * grub2-snapper-plugin-2.04-150300.22.43.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (s390x) * grub2-s390x-emu-2.04-150300.22.43.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4692.html * https://www.suse.com/security/cve/CVE-2023-4693.html * https://bugzilla.suse.com/show_bug.cgi?id=1215935 * https://bugzilla.suse.com/show_bug.cgi?id=1215936 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 19 08:54:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2023 08:54:46 -0000 Subject: SUSE-SU-2023:4129-1: important: Security update for tomcat Message-ID: <169770568645.29066.17792068788222435180@smelt2.prg2.suse.org> # Security update for tomcat Announcement ID: SUSE-SU-2023:4129-1 Rating: important References: * bsc#1214666 * bsc#1216182 * jsc#PED-6376 * jsc#PED-6377 Cross-References: * CVE-2023-41080 * CVE-2023-44487 CVSS scores: * CVE-2023-41080 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2023-41080 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * Web and Scripting Module 15-SP4 * Web and Scripting Module 15-SP5 An update that solves two vulnerabilities and contains two features can now be installed. ## Description: This update for tomcat fixes the following issues: Tomcat was updated to version 9.0.82 (jsc#PED-6376, jsc#PED-6377): * Security issues fixed: * CVE-2023-41080: Avoid protocol relative redirects in FORM authentication. (bsc#1214666) * CVE-2023-44487: Fix HTTP/2 Rapid Reset Attack. (bsc#1216182) * Update to Tomcat 9.0.82: * Catalina * Add: 65770: Provide a lifecycle listener that will automatically reload TLS configurations a set time before the certificate is due to expire. This is intended to be used with third-party tools that regularly renew TLS certificates. * Fix: Fix handling of an error reading a context descriptor on deployment. * Fix: Fix rewrite rule qsd (query string discard) being ignored if qsa was also use, while it should instead take precedence. * Fix: 67472: Send fewer CORS-related headers when CORS is not actually being engaged. * Add: Improve handling of failures within recycle() methods. * Coyote * Fix: 67670: Fix regression with HTTP compression after code refactoring. * Fix: 67198: Ensure that the AJP connector attribute tomcatAuthorization takes precedence over the tomcatAuthentication attribute when processing an auth_type attribute received from a proxy server. * Fix: 67235: Fix a NullPointerException when an AsyncListener handles an error with a dispatch rather than a complete. * Fix: When an error occurs during asynchronous processing, ensure that the error handling process is only triggered once per asynchronous cycle. * Fix: Fix logic issue trying to match no argument method in IntropectionUtil. * Fix: Improve thread safety around readNotify and writeNotify in the NIO2 endpoint. * Fix: Avoid rare thread safety issue accessing message digest map. * Fix: Improve statistics collection for upgraded connections under load. * Fix: Align validation of HTTP trailer fields with standard fields. * Fix: Improvements to HTTP/2 overhead protection (bsc#1216182, CVE-2023-44487) * jdbc-pool * Fix: 67664: Correct a regression in the clean-up of unnecessary use of fully qualified class names in 9.0.81 that broke the jdbc-pool. * Jasper * Fix: 67080: Improve performance of EL expressions in JSPs that use implicit objects * Update to Tomcat 9.0.80 (jsc#PED-6376, jsc#PED-6377): * Catalina: * Add RateLimitFilter which can be used to mitigate DoS and Brute Force attacks * Move the management of the utility executor from the init()/destroy() methods of components to the start()/stop() methods. * Add org.apache.catalina.core.StandardVirtualThreadExecutor, a virtual thread based executor that may be used with one or more Connectors to process requests received by those Connectors using virtual threads. This Executor requires a minimum Java version of Java 21. * Add a per session Semaphore to the PersistentValve that ensures that, within a single Tomcat instance, there is no more than one concurrent request per session. Also expand the debug logging to include whether a request bypasses the Valve and the reason if a request fails to obtain the per session Semaphore. * Ensure that the default servlet correctly escapes file names in directory listings when using XML output. * Add a numeric last modified field to the XML directory listings produced by the default servlet to enable sorting in the XSLT. * Attempts to lock a collection with WebDAV may incorrectly fail if a child collection has an expired lock. * Deprecate the xssProtectionEnabled setting from the HttpHeaderSecurityFilter and change the default value to false as support for the associated HTTP header has been removed from all major browsers. * Add org.apache.catalina.core.ContextNamingInfoListener, a listener which creates context naming information environment entries. * Add org.apache.catalina.core.PropertiesRoleMappingListener, a listener which populates the context's role mapping from a properties file. * Fix an edge case where intra-web application symlinks would be followed if the web applications were deliberately crafted to allow it even when allowLinking was set to false. * Add utility config file resource lookup on Context to allow looking up resources from the webapp (prefixed with webapp:) and make the resource lookup API more visible. * Fix potential database connection leaks in DataSourceUserDatabase identified by Coverity Scan. * Make parsing of ExtendedAccessLogValve patterns more robust. * Fix failure trying to persist configuration for an internal credential handler. * When serializing a session during the session presistence process, do not log a warning that null Principals are not serializable. * Catch NamingException in JNDIRealm#getPrincipal. It is used in Java up to 17 to signal closed connections. * Use the same naming format in log messages for Connector instances as the associated ProtocolHandler instance. * The parts count should also lower the actual maxParameterCount used for parsing parameters if parts are parsed first. * If an application or library sets both a non-500 error code and the javax.servlet.error.exception request attribute, use the provided error code during error page processing rather than assuming an error code of 500. * Update code comments and Tomcat output to use MiB for 1024 * 1024 bytes and KiB for 1024 bytes rather than MB and kB. * Coyote: * Update the HTTP/2 implementation to use the prioritization scheme defined in RFC 9218 rather than the one defined in RFC 7540. * Fix not sending WINDOW_UPDATE when dataLength is ZERO on call SwallowedDataFramePayload. * Restore the documented behaviour of MessageBytes.getType() that it returns the type of the original content rather than reflecting the most recent conversion. * Correct certificate logging on start-up so it differentiates between keystore based keys/certificates: PEM file based keys/certificates and logs the relevant information for each. * Refactor blocking reads and writes for the NIO connector to remove code paths that could allow a notification from the Poller to be missed resuting in a timeout rather than the expected read or write. * Refactor waiting for an HTTP/2 stream or connection window update to handle spurious wake-ups during the wait. * Correct a regression introduced in 9.0.78 and use the correct constant when constructing the default value for the certificateKeystoreFile attribute of an SSLHostConfigCertificate instance. * Refactor HTTP/2 implementation to reduce pinning when using virtual threads. * Pass through ciphers referring to an OpenSSL profile, such as PROFILE=SYSTEM instead of producing an error trying to parse it. * Ensure that AsyncListener.onError() is called after an error during asynchronous processing with HTTP/2. * When using asynchronous I/O (the default for NIO and NIO2), include DATA frames when calculating the HTTP/2 overhead count to ensure that connections are not prematurely terminated. * Correct a race condition that could cause spurious RST messages to be sent after the response had been written to an HTTP/2 stream. * WebSocket: * Expand the validation of the value of the Sec-Websocket-Key header in the HTTP upgrade request that initiates a WebSocket connection. The value is not decoded but it is checked for the correct length and that only valid characters from the base64 alphabet are used. * Improve handling of error conditions for the WebSocket server, particularly during Tomcat shutdown. * Correct a regression in the fix for 66574 that meant the WebSocket session could return false for onOpen() before the onClose() event had been completed. * Fix a NullPointerException when flushing batched messages with compression enabled using permessage-deflate. * Web applications: * Add RateLimitFilter which can be used to mitigate DoS and Brute Force attacks attribute in the configuration section for the Digest authentication value. * Documentation: Expand the security guidance to cover the embedded use case and add notes on the uses made of the java.io.tmpdir system property. * Documentation: Fix a typo in the name of the algorithms * Documentation: Update documentation to use MiB for 1024 * 1024 bytes and KiB for 1024 bytes rather than MB and kB. * jdbc-pool: * Fix the releaseIdleCounter does not increment when testAllIdle releases them. * Fix the ConnectionState state will be inconsistent with actual state on the connection when an exception occurs while writing. * Other: * Update to Commons Daemon 1.3.4. * Improvements to French translations. * Update Checkstyle to 10.12.0. * Update the packaged version of the Apache Tomcat Native Library to 1.2.37 to pick up the Windows binaries built with with OpenSSL 1.1.1u. * Include the Windows specific binary distributions in the files uploaded to Maven Central. * Improvements to French translations. * Improvements to Japanese translations. * Update UnboundID to 6.0.9. * Update Checkstyle to 10.12.1. * Update BND to 6.4.1.66665: * Update JSign to 5.0. * Correct properties for JSign dependency. * Align documentation for maxParameterCount to match hard-coded defaults. * Update NSIS to 3.0.9. * Update Checkstyle to 10.12.2. * Improvements to French translations. * Improvements to Japanese translations. * Fix quoting so users can use the _RUNJAVA environment variable as intended on Windows when the path to the Java executable contains spaces. * Update Tomcat Native to 1.2.38 to pick up Windows binaries built with OpenSSL 1.1.1v. * Improvements to Chinese translations. * Improvements to French translations. * Improvements to Japanese translations ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Web and Scripting Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP5-2023-4129=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4129=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4129=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4129=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4129=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4129=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4129=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4129=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4129=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4129=1 * Web and Scripting Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2023-4129=1 ## Package List: * Web and Scripting Module 15-SP5 (noarch) * tomcat-jsp-2_3-api-9.0.82-150200.46.1 * tomcat-9.0.82-150200.46.1 * tomcat-servlet-4_0-api-9.0.82-150200.46.1 * tomcat-webapps-9.0.82-150200.46.1 * tomcat-admin-webapps-9.0.82-150200.46.1 * tomcat-el-3_0-api-9.0.82-150200.46.1 * tomcat-lib-9.0.82-150200.46.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * tomcat-jsp-2_3-api-9.0.82-150200.46.1 * tomcat-9.0.82-150200.46.1 * tomcat-servlet-4_0-api-9.0.82-150200.46.1 * tomcat-webapps-9.0.82-150200.46.1 * tomcat-admin-webapps-9.0.82-150200.46.1 * tomcat-el-3_0-api-9.0.82-150200.46.1 * tomcat-lib-9.0.82-150200.46.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * tomcat-jsp-2_3-api-9.0.82-150200.46.1 * tomcat-9.0.82-150200.46.1 * tomcat-servlet-4_0-api-9.0.82-150200.46.1 * tomcat-webapps-9.0.82-150200.46.1 * tomcat-admin-webapps-9.0.82-150200.46.1 * tomcat-el-3_0-api-9.0.82-150200.46.1 * tomcat-lib-9.0.82-150200.46.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * tomcat-jsp-2_3-api-9.0.82-150200.46.1 * tomcat-9.0.82-150200.46.1 * tomcat-servlet-4_0-api-9.0.82-150200.46.1 * tomcat-webapps-9.0.82-150200.46.1 * tomcat-admin-webapps-9.0.82-150200.46.1 * tomcat-el-3_0-api-9.0.82-150200.46.1 * tomcat-lib-9.0.82-150200.46.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * tomcat-jsp-2_3-api-9.0.82-150200.46.1 * tomcat-9.0.82-150200.46.1 * tomcat-servlet-4_0-api-9.0.82-150200.46.1 * tomcat-webapps-9.0.82-150200.46.1 * tomcat-admin-webapps-9.0.82-150200.46.1 * tomcat-el-3_0-api-9.0.82-150200.46.1 * tomcat-lib-9.0.82-150200.46.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * tomcat-jsp-2_3-api-9.0.82-150200.46.1 * tomcat-9.0.82-150200.46.1 * tomcat-servlet-4_0-api-9.0.82-150200.46.1 * tomcat-webapps-9.0.82-150200.46.1 * tomcat-admin-webapps-9.0.82-150200.46.1 * tomcat-el-3_0-api-9.0.82-150200.46.1 * tomcat-lib-9.0.82-150200.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * tomcat-jsp-2_3-api-9.0.82-150200.46.1 * tomcat-9.0.82-150200.46.1 * tomcat-servlet-4_0-api-9.0.82-150200.46.1 * tomcat-webapps-9.0.82-150200.46.1 * tomcat-admin-webapps-9.0.82-150200.46.1 * tomcat-el-3_0-api-9.0.82-150200.46.1 * tomcat-lib-9.0.82-150200.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * tomcat-jsp-2_3-api-9.0.82-150200.46.1 * tomcat-9.0.82-150200.46.1 * tomcat-servlet-4_0-api-9.0.82-150200.46.1 * tomcat-webapps-9.0.82-150200.46.1 * tomcat-admin-webapps-9.0.82-150200.46.1 * tomcat-el-3_0-api-9.0.82-150200.46.1 * tomcat-lib-9.0.82-150200.46.1 * SUSE Manager Server 4.2 (noarch) * tomcat-jsp-2_3-api-9.0.82-150200.46.1 * tomcat-9.0.82-150200.46.1 * tomcat-servlet-4_0-api-9.0.82-150200.46.1 * tomcat-webapps-9.0.82-150200.46.1 * tomcat-admin-webapps-9.0.82-150200.46.1 * tomcat-el-3_0-api-9.0.82-150200.46.1 * tomcat-lib-9.0.82-150200.46.1 * SUSE Enterprise Storage 7.1 (noarch) * tomcat-jsp-2_3-api-9.0.82-150200.46.1 * tomcat-9.0.82-150200.46.1 * tomcat-servlet-4_0-api-9.0.82-150200.46.1 * tomcat-webapps-9.0.82-150200.46.1 * tomcat-admin-webapps-9.0.82-150200.46.1 * tomcat-el-3_0-api-9.0.82-150200.46.1 * tomcat-lib-9.0.82-150200.46.1 * Web and Scripting Module 15-SP4 (noarch) * tomcat-jsp-2_3-api-9.0.82-150200.46.1 * tomcat-9.0.82-150200.46.1 * tomcat-servlet-4_0-api-9.0.82-150200.46.1 * tomcat-webapps-9.0.82-150200.46.1 * tomcat-admin-webapps-9.0.82-150200.46.1 * tomcat-el-3_0-api-9.0.82-150200.46.1 * tomcat-lib-9.0.82-150200.46.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41080.html * https://www.suse.com/security/cve/CVE-2023-44487.html * https://bugzilla.suse.com/show_bug.cgi?id=1214666 * https://bugzilla.suse.com/show_bug.cgi?id=1216182 * https://jira.suse.com/browse/PED-6376 * https://jira.suse.com/browse/PED-6377 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 19 08:54:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2023 08:54:49 -0000 Subject: SUSE-RU-2023:4128-1: moderate: Recommended update for sca-patterns-base, sca-patterns-sle11, sca-patterns-sle12, sca-patterns-sle15, sca-server-report Message-ID: <169770568987.29066.11846136079224407102@smelt2.prg2.suse.org> # Recommended update for sca-patterns-base, sca-patterns-sle11, sca-patterns- sle12, sca-patterns-sle15, sca-server-report Announcement ID: SUSE-RU-2023:4128-1 Rating: moderate References: * bsc#1186148 * bsc#1188137 * bsc#1188138 * bsc#1192315 * bsc#1201011 * bsc#1201522 * bsc#1201523 * bsc#1204721 * bsc#1204723 * bsc#1204724 * bsc#1204772 * bsc#1204776 * bsc#1205826 * bsc#1210908 * bsc#1214837 Affected Products: * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has 15 fixes can now be installed. ## Description: This update for sca-patterns-base, sca-patterns-sle11, sca-patterns-sle12, sca- patterns-sle15, sca-server-report fixes the following issues: sca-patterns-base was updated to version 1.5.2: * Fixed scatool email failure with python3 (bsc#1192315) * Allow batch mode that does not have progress bar issue#13 (pr#14) * Added quiet and debug modes issue#11 sca-patterns-sle11 was updated to version 1.5.2 * Fixed SUSE.getRpmInfo to find the correct rpm.txt section (bsc#1210908) * Changes to python/SUSE.py version 1.0.1 * Changed name from getScInfo to getSCInfo * Fixed getSCInfo error on basic-environment.txt (bsc#1205826) * Updated SLES version constants Changes to version 1.5.1 * Fixed UnicodeDecodeError when reading files (bsc#1204723) Changes in version 1.5.5 * New patterns (2) (bsc#1214837): * sle15sp4/kabi-000021148.py: Pattern for TID000021148 * sle15sp5/vmwgfx-000021151.py: Pattern for TID000021151 * New security announcement patterns as of Aug 2023 (140). * New security announcement patterns as of May 2023 (881). Changes in version 1.5.3 * New regular patterns (3) * sle15sp2/freeused-000020894.py: Pattern for TID000020894 * sle15sp3/freeused-000020894.py: Pattern for TID000020894 * sle15sp4/freeused-000020894.py: Pattern for TID000020894 Changes in version 1.5.3 * Updated category in btrfsmaster-000018779.py (bsc#1188138) * sle15all/bhc-kernelload-00001.py fixed divison by zero (bsc#1204721) * sle15all/lvmsnapshot-000019858.py KeyError (bsc#1204724) * New regular patterns (7) * sle15all/vimerr-000020735.py: Pattern for TID000020735 * sle15all/nmiconfig-000020754.py: Pattern for TID000020754 * sle15sp2/kmpdracut-000020799.py: Pattern for TID000020799 * sle15sp3/kmpdracut-000020799.py: Pattern for TID000020799 * sle15sp3/sssdad-000020793.py: Pattern for TID000020793 * sle15sp4/drbdresdir-000020749.py: Pattern for TID000020749 * sle15sp4/sssdad-000020793.py: Pattern for TID000020793 * New security announcement patterns (1426) Additional patterns in version 1.5.2 * sle15all/azurenetaccel-000020694.py: Azure Accelerated Networking fails (bsc#1201522) * sle15all/traceprintk-000020680.py: trace_printk() Messages in System Logs (bsc#1201523) Changes in version 1.5.2 * Check setup-sca php version mismatch (bsc#1201011) * SCA schema pattern check (tid#000020689) * kernel crashes at nfs4_get_valid_delegation (tid#000020688) Changes in version 1.5.1 * IRQ vectory affinity issue * TID000020653 NFS mount attempt with vers=n returns invalid argument or incorrect mount option Changes in version 1.5.5 * New security announcement patterns as of Aug 2023 (159) (bsc#1214837): * New security announcement patterns as of May 2023 (543). Changes in version 1.5.3 * Updated category in btrfsmaster-000018779.py (bsc#1188138) * Fixed invalid link in lvm-00003.pl (bsc#1186148) * Removed invalid pattern dst-00001.pl (bsc#1188137) * Removed or fixed patterns with no valid solution links (bsc#1204772) * New regular patterns (1) * sle12all/nmiconfig-000020754.py: Pattern for TID000020754 * New security announcement patterns (831) Additional patterns in version 1.5.2 * sle12all/azurenetaccel-000020694.py: Azure Accelerated Networking fails (bsc#1201522) * sle12all/traceprintk-000020680.py: trace_printk() Messages in System Logs (bsc#1201523) Changes in version 1.5.2 * SCA schema pattern check Changes in version 1.5.3 * New security announcement patterns as of Aug 2023 (12) (bsc#1214837) Changes in version 1.5.2 * New security announcement patterns (14) Changes in version 1.5.2 * Fixed sca-patterns-sle11 invalid solution links (bsc#1204776) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4128=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4128=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4128=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4128=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4128=1 ## Package List: * Server Applications Module 15-SP4 (noarch) * sca-patterns-sle11-1.5.3-150400.3.3.1 * sca-patterns-sle12-1.5.5-150400.3.3.1 * sca-patterns-base-1.5.2-150400.3.3.1 * sca-patterns-sle15-1.5.5-150400.3.3.1 * sca-server-report-1.5.2-150400.3.3.1 * Server Applications Module 15-SP5 (noarch) * sca-patterns-sle11-1.5.3-150400.3.3.1 * sca-patterns-sle12-1.5.5-150400.3.3.1 * sca-patterns-base-1.5.2-150400.3.3.1 * sca-patterns-sle15-1.5.5-150400.3.3.1 * sca-server-report-1.5.2-150400.3.3.1 * SUSE Manager Proxy 4.2 (noarch) * sca-patterns-sle12-1.5.5-150300.3.6.1 * sca-patterns-base-1.5.2-150300.10.6.1 * sca-patterns-sle11-1.5.3-150300.18.6.1 * sca-patterns-sle15-1.5.5-150300.14.6.1 * sca-server-report-1.5.2-150300.11.6.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * sca-patterns-sle12-1.5.5-150300.3.6.1 * sca-patterns-base-1.5.2-150300.10.6.1 * sca-patterns-sle11-1.5.3-150300.18.6.1 * sca-patterns-sle15-1.5.5-150300.14.6.1 * sca-server-report-1.5.2-150300.11.6.1 * SUSE Manager Server 4.2 (noarch) * sca-patterns-sle12-1.5.5-150300.3.6.1 * sca-patterns-base-1.5.2-150300.10.6.1 * sca-patterns-sle11-1.5.3-150300.18.6.1 * sca-patterns-sle15-1.5.5-150300.14.6.1 * sca-server-report-1.5.2-150300.11.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1186148 * https://bugzilla.suse.com/show_bug.cgi?id=1188137 * https://bugzilla.suse.com/show_bug.cgi?id=1188138 * https://bugzilla.suse.com/show_bug.cgi?id=1192315 * https://bugzilla.suse.com/show_bug.cgi?id=1201011 * https://bugzilla.suse.com/show_bug.cgi?id=1201522 * https://bugzilla.suse.com/show_bug.cgi?id=1201523 * https://bugzilla.suse.com/show_bug.cgi?id=1204721 * https://bugzilla.suse.com/show_bug.cgi?id=1204723 * https://bugzilla.suse.com/show_bug.cgi?id=1204724 * https://bugzilla.suse.com/show_bug.cgi?id=1204772 * https://bugzilla.suse.com/show_bug.cgi?id=1204776 * https://bugzilla.suse.com/show_bug.cgi?id=1205826 * https://bugzilla.suse.com/show_bug.cgi?id=1210908 * https://bugzilla.suse.com/show_bug.cgi?id=1214837 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 19 08:54:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2023 08:54:51 -0000 Subject: SUSE-SU-2023:4127-1: important: Security update for cni-plugins Message-ID: <169770569179.29066.280097351837037590@smelt2.prg2.suse.org> # Security update for cni-plugins Announcement ID: SUSE-SU-2023:4127-1 Rating: important References: * bsc#1212475 * bsc#1216006 Affected Products: * Containers Module 15-SP4 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.3 An update that has two security fixes can now be installed. ## Description: This update of cni-plugins fixes the following issues: * rebuild the package with the go 1.21 security release (bsc#1212475). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4127=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4127=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4127=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4127=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-4127=1 * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-4127=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-4127=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4127=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4127=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4127=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4127=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4127=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4127=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4127=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4127=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4127=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4127=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4127=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4127=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4127=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4127=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * cni-plugins-0.8.6-150100.3.20.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * cni-plugins-0.8.6-150100.3.20.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * cni-plugins-0.8.6-150100.3.20.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * cni-plugins-0.8.6-150100.3.20.1 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * cni-plugins-0.8.6-150100.3.20.1 * Public Cloud Module 15-SP1 (aarch64 ppc64le s390x x86_64) * cni-plugins-0.8.6-150100.3.20.1 * Public Cloud Module 15-SP2 (aarch64 ppc64le s390x x86_64) * cni-plugins-0.8.6-150100.3.20.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * cni-plugins-0.8.6-150100.3.20.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * cni-plugins-0.8.6-150100.3.20.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * cni-plugins-0.8.6-150100.3.20.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * cni-plugins-0.8.6-150100.3.20.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * cni-plugins-0.8.6-150100.3.20.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * cni-plugins-0.8.6-150100.3.20.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * cni-plugins-0.8.6-150100.3.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * cni-plugins-0.8.6-150100.3.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * cni-plugins-0.8.6-150100.3.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * cni-plugins-0.8.6-150100.3.20.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * cni-plugins-0.8.6-150100.3.20.1 * SUSE CaaS Platform 4.0 (x86_64) * cni-plugins-0.8.6-150100.3.20.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * cni-plugins-0.8.6-150100.3.20.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * cni-plugins-0.8.6-150100.3.20.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * cni-plugins-0.8.6-150100.3.20.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212475 * https://bugzilla.suse.com/show_bug.cgi?id=1216006 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 19 08:54:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2023 08:54:53 -0000 Subject: SUSE-SU-2023:4126-1: important: Security update for cni Message-ID: <169770569390.29066.15471812920587765326@smelt2.prg2.suse.org> # Security update for cni Announcement ID: SUSE-SU-2023:4126-1 Rating: important References: * bsc#1212475 * bsc#1216006 Affected Products: * Containers Module 15-SP4 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.3 An update that has two security fixes can now be installed. ## Description: This update of cni fixes the following issues: * rebuild the package with the go 1.21 security release (bsc#1212475). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4126=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4126=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4126=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4126=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-4126=1 * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-4126=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-4126=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4126=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4126=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4126=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4126=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4126=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4126=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4126=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4126=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4126=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4126=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4126=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4126=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4126=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4126=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * cni-0.7.1-150100.3.16.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * cni-0.7.1-150100.3.16.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * cni-0.7.1-150100.3.16.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * cni-0.7.1-150100.3.16.1 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * cni-0.7.1-150100.3.16.1 * Public Cloud Module 15-SP1 (aarch64 ppc64le s390x x86_64) * cni-0.7.1-150100.3.16.1 * Public Cloud Module 15-SP2 (aarch64 ppc64le s390x x86_64) * cni-0.7.1-150100.3.16.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * cni-0.7.1-150100.3.16.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * cni-0.7.1-150100.3.16.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * cni-0.7.1-150100.3.16.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * cni-0.7.1-150100.3.16.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * cni-0.7.1-150100.3.16.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * cni-0.7.1-150100.3.16.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * cni-0.7.1-150100.3.16.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * cni-0.7.1-150100.3.16.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * cni-0.7.1-150100.3.16.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * cni-0.7.1-150100.3.16.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * cni-0.7.1-150100.3.16.1 * SUSE CaaS Platform 4.0 (x86_64) * cni-0.7.1-150100.3.16.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * cni-0.7.1-150100.3.16.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * cni-0.7.1-150100.3.16.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * cni-0.7.1-150100.3.16.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212475 * https://bugzilla.suse.com/show_bug.cgi?id=1216006 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 19 08:54:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2023 08:54:55 -0000 Subject: SUSE-SU-2023:4125-1: important: Security update for container-suseconnect Message-ID: <169770569580.29066.5322124505538238920@smelt2.prg2.suse.org> # Security update for container-suseconnect Announcement ID: SUSE-SU-2023:4125-1 Rating: important References: * bsc#1212475 Affected Products: * Containers Module 15-SP4 * Containers Module 15-SP5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one security fix can now be installed. ## Description: This update of container-suseconnect fixes the following issues: * rebuild the package with the go 1.21 security release (bsc#1212475). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4125=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4125=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4125=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4125=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4125=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4125=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4125=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4125=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-4125=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-4125=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4125=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4125=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4125=1 ## Package List: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.40.2 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.4.0-150000.4.40.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.4.0-150000.4.40.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.4.0-150000.4.40.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * container-suseconnect-2.4.0-150000.4.40.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * container-suseconnect-2.4.0-150000.4.40.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * container-suseconnect-2.4.0-150000.4.40.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.40.2 * SUSE CaaS Platform 4.0 (x86_64) * container-suseconnect-2.4.0-150000.4.40.2 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.4.0-150000.4.40.2 * Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.4.0-150000.4.40.2 * container-suseconnect-debuginfo-2.4.0-150000.4.40.2 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.40.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.40.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.40.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212475 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 19 08:54:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2023 08:54:58 -0000 Subject: SUSE-SU-2023:4124-1: important: Security update for helm Message-ID: <169770569805.29066.2957743558056341513@smelt2.prg2.suse.org> # Security update for helm Announcement ID: SUSE-SU-2023:4124-1 Rating: important References: * bsc#1183043 * bsc#1215588 * bsc#1215711 Cross-References: * CVE-2022-41723 * CVE-2023-25173 CVSS scores: * CVE-2022-41723 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-41723 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-25173 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2023-25173 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: * Containers Module 15-SP4 * Containers Module 15-SP5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for helm fixes the following issues: helm was updated to version 3.13.1: * Fixing precedence issue with the import of values. * Add missing with clause to release gh action * FIX Default ServiceAccount yaml * fix(registry): unswallow error * remove useless print during prepareUpgrade * fix(registry): address anonymous pull issue * Fix missing run statement on release action * Write latest version to get.helm.sh bucket * Increased release information key name max length. helm was updated to version 3.13.0 (bsc#1215588): * Fix leaking goroutines in Install * Update Helm to use k8s 1.28.2 libraries * make the dependabot k8s.io group explicit * use dependabot's group support for k8s.io dependencies * doc:Executing helm rollback release 0 will roll back to the previous release * Use labels instead of selectorLabels for pod labels * fix(helm): fix GetPodLogs, the hooks should be sorted before get the logs of each hook * chore: HTTPGetter add default timeout * Avoid nil dereference if passing a nil resolver * Add required changes after merge * Fix #3352, add support for --ignore-not-found just like kubectl delete * Fix helm may identify achieve of the application/x-gzip as application/vnd.ms-fontobject * Restore `helm get metadata` command * Revert "Add `helm get metadata` command" * test: replace `ensure.TempDir` with `t.TempDir` * use json api url + report curl/wget error on fail * Added error in case try to supply custom label with name of system label during install/upgrade * fix(main): fix basic auth for helm pull or push * cmd: support generating index in JSON format * repo: detect JSON and unmarshal efficiently * Tweaking new dry-run internal handling * bump kubernetes modules to v0.27.3 * Remove warning for template directory not found. * Added tests for created OCI annotation time format * Add created OCI annotation * Fix multiple bugs in values handling * chore: fix a typo in `manager.go` * add GetRegistryClient method * oci: add tests for plain HTTP and insecure HTTPS registries * oci: Add flag `--plain-http` to enable working with HTTP registries * docs: add an example for using the upgrade command with existing values * Replace `fmt.Fprintf` with `fmt.Fprint` in get_metadata.go * Replace `fmt.Fprintln` with `fmt.Fprintf` in get_metadata.go * update kubernetes dependencies from v0.27.0 to v0.27.1 * Add ClientOptResolver to test util file * Check that missing keys are still handled in tpl * tests: change crd golden file to match after #11870 * Adding details on the Factory interface * update autoscaling/v2beta1 to autoscaling/v2 in skeleton chart * feat(helm): add ability for --dry-run to do lookup functions When a helm command is run with the --dry-run flag, it will try to connect to the cluster to be able to render lookup functions. Closes #8137 * bugfix:(#11391) helm lint infinite loop when malformed template object * pkg/engine: fix nil-dereference * pkg/chartutil: fix nil-dereference * pkg/action: fix nil-dereference * full source path when output-dir is not provided * added Contributing.md section and ref link in the README * feat(helm): add ability for --dry-run to do lookup functions When a helm command is run with the --dry-run flag, it will try to connect to the cluster if the value is 'server' to be able to render lookup functions. Closes #8137 * feat(helm): add ability for --dry-run to do lookup functions * Add `CHART`, `VERSION` and `APP_VERSION` fields to `get all` command output * Adjust `get` command description to account metadata * add volumes and volumeMounts in chartutil * Seed a default switch to control `automountServiceAccountToken` * Avoid confusing error when passing in '\--version X.Y.Z' * Add `helm get metadata` command * Use wrapped error so that ErrNoObjectsVisited can be compared after return. * Add exact version test. * strict file permissions of repository.yaml * Check redefinition of define and include in tpl * Check that `.Template` is passed through `tpl` * Make sure empty `tpl` values render empty. * Pick the test improvement out of PR#8371 * # 11369 Use the correct index repo cache directory in the `parallelRepoUpdate` method as well * # 11369 Add a test case to prove the bug and its resolution * ref(helm): export DescriptorPullSummary fields * feat(helm): add 'ClientOptResolver' ClientOption * Fix flaky TestSQLCreate test by making sqlmock ignore order of sql requests * Fixing tests after adding labels to release fixture * Make default release fixture contain custom labels to make tests check that labels are not lost * Added support for storing custom labels in SQL storage driver * Adding support merging new custom labels with original release labels during upgrade * Added note to install/upgrade commands that original release labels wouldn't be persisted in upgraded release * Added unit tests for implemented install/upgrade labels logic * Remove redudant types from util_test.go * Added tests for newly introduced util.go functions * Fix broken tests for SQL storage driver * Fix broken tests for configmap and secret storage drivers * Make superseded releases keep labels * Support configmap storage driver for install/upgrade actions \--labels argument * Added upgrade --install labels argument support * Add labels support for install action with secret storage backend * test: added tests to load plugin from home dir with space * fix: plugin does not load when helm base dir contains space * Add priority class to kind sorter * Fixes #10566 * test(search): add mixedCase test case * fix(search): print repo search result in original case * Adjust error message wrongly claiming that there is a resource conflict * Throw an error from jobReady() if the job exceeds its BackoffLimit * github: add Asset Transparency action for GitHub releases Update to version 3.12.3: * bump kubernetes modules to v0.27.3 * Add priority class to kind sorter Update to version 3.12.2: * add GetRegistryClient method Update to version 3.12.1: * bugfix:(#11391) helm lint infinite loop when malformed template object * update autoscaling/v2beta1 to autoscaling/v2 in skeleton chart * test(search): add mixedCase test case * fix(search): print repo search result in original case * strict file permissions of repository.yaml * update kubernetes dependencies from v0.27.0 to v0.27.1 Update to version 3.12.0: * Attach annotations to OCI artifacts * Fix goroutine leak in action install * fix quiet lint does not fail on non-linting errors * create failing test for quietly linting a chart that doesn't exist * Fixes Readiness Check for statefulsets using partitioned rolling update. (#11774) * fix: failed testcase on windows * Fix 32bit-x86 typo in testsuite * Handle failed DNS case for Go 1.20+ * Updating the Go version in go.mod * Fix goroutine leak in perform * Properly invalidate client after CRD install * Provide a helper to set the registryClient in cmd * Reimplemented change in httpgetter for insecure TLS option * Added insecure option to login subcommand * Added support for insecure OCI registries * Enable custom certificates option for OCI * Add testing to default and release branches * Remove job dependency. Should have done when I moved job to new file * Remove check to run only in helm org * Add why comments * Convert remaining CircleCI config to GitHub Actions * Changed how the setup-go action sets go version * chore:Use http constants as http.request parameters * update k8s registry domain * don't mark issues as stale where a PR is in progress * Update to func handling * Add option to support cascade deletion options * the linter varcheck and deadcode are deprecated (since v1.49.0) * Check status code before retrying request * Fix improper use of Table request/response to k8s API * fix template --output-dir issue * Add protection for stack-overflows for nested keys * feature(helm): add --set-literal flag for literal string interpretation Update to version 3.11.3: * Fix goroutine leak in perform * Fix goroutine leak in action install * Fix 32bit-x86 typo in testsuite * Fixes Readiness Check for statefulsets using partitioned rolling update. (#11774) * avoid CGO to workaround missing gold dependency (bsc#1183043) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-4124=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-4124=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4124=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4124=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4124=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4124=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4124=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4124=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4124=1 ## Package List: * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * helm-3.13.1-150000.1.26.1 * helm-debuginfo-3.13.1-150000.1.26.1 * Containers Module 15-SP4 (noarch) * helm-zsh-completion-3.13.1-150000.1.26.1 * helm-bash-completion-3.13.1-150000.1.26.1 * Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64) * helm-3.13.1-150000.1.26.1 * helm-debuginfo-3.13.1-150000.1.26.1 * Containers Module 15-SP5 (noarch) * helm-zsh-completion-3.13.1-150000.1.26.1 * helm-bash-completion-3.13.1-150000.1.26.1 * SUSE Package Hub 15 15-SP4 (noarch) * helm-fish-completion-3.13.1-150000.1.26.1 * SUSE Package Hub 15 15-SP5 (noarch) * helm-fish-completion-3.13.1-150000.1.26.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * helm-3.13.1-150000.1.26.1 * helm-debuginfo-3.13.1-150000.1.26.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * helm-zsh-completion-3.13.1-150000.1.26.1 * helm-bash-completion-3.13.1-150000.1.26.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * helm-3.13.1-150000.1.26.1 * helm-debuginfo-3.13.1-150000.1.26.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * helm-zsh-completion-3.13.1-150000.1.26.1 * helm-bash-completion-3.13.1-150000.1.26.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * helm-3.13.1-150000.1.26.1 * helm-debuginfo-3.13.1-150000.1.26.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * helm-zsh-completion-3.13.1-150000.1.26.1 * helm-bash-completion-3.13.1-150000.1.26.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * helm-3.13.1-150000.1.26.1 * helm-debuginfo-3.13.1-150000.1.26.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * helm-zsh-completion-3.13.1-150000.1.26.1 * helm-bash-completion-3.13.1-150000.1.26.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * helm-3.13.1-150000.1.26.1 * helm-debuginfo-3.13.1-150000.1.26.1 * SUSE Enterprise Storage 7.1 (noarch) * helm-zsh-completion-3.13.1-150000.1.26.1 * helm-bash-completion-3.13.1-150000.1.26.1 ## References: * https://www.suse.com/security/cve/CVE-2022-41723.html * https://www.suse.com/security/cve/CVE-2023-25173.html * https://bugzilla.suse.com/show_bug.cgi?id=1183043 * https://bugzilla.suse.com/show_bug.cgi?id=1215588 * https://bugzilla.suse.com/show_bug.cgi?id=1215711 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 19 08:54:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2023 08:54:59 -0000 Subject: SUSE-RU-2023:4123-1: moderate: Recommended update for NetworkManager-openvpn Message-ID: <169770569989.29066.16956013649840494319@smelt2.prg2.suse.org> # Recommended update for NetworkManager-openvpn Announcement ID: SUSE-RU-2023:4123-1 Rating: moderate References: * bsc#1214415 Affected Products: * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that has one fix can now be installed. ## Description: This update for NetworkManager-openvpn fixes the following issues: * Fix importing .ovpn profiles with PKCS#12 CA (bsc#1214415) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4123=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4123=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-4123=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4123=1 ## Package List: * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x) * NetworkManager-openvpn-gnome-1.8.16-150400.3.3.2 * NetworkManager-openvpn-debugsource-1.8.16-150400.3.3.2 * NetworkManager-openvpn-1.8.16-150400.3.3.2 * NetworkManager-openvpn-debuginfo-1.8.16-150400.3.3.2 * NetworkManager-openvpn-gnome-debuginfo-1.8.16-150400.3.3.2 * SUSE Package Hub 15 15-SP4 (noarch) * NetworkManager-openvpn-lang-1.8.16-150400.3.3.2 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x) * NetworkManager-openvpn-gnome-1.8.16-150400.3.3.2 * NetworkManager-openvpn-debugsource-1.8.16-150400.3.3.2 * NetworkManager-openvpn-1.8.16-150400.3.3.2 * NetworkManager-openvpn-debuginfo-1.8.16-150400.3.3.2 * NetworkManager-openvpn-gnome-debuginfo-1.8.16-150400.3.3.2 * SUSE Package Hub 15 15-SP5 (noarch) * NetworkManager-openvpn-lang-1.8.16-150400.3.3.2 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * NetworkManager-openvpn-gnome-1.8.16-150400.3.3.2 * NetworkManager-openvpn-debugsource-1.8.16-150400.3.3.2 * NetworkManager-openvpn-1.8.16-150400.3.3.2 * NetworkManager-openvpn-debuginfo-1.8.16-150400.3.3.2 * NetworkManager-openvpn-gnome-debuginfo-1.8.16-150400.3.3.2 * SUSE Linux Enterprise Workstation Extension 15 SP4 (noarch) * NetworkManager-openvpn-lang-1.8.16-150400.3.3.2 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * NetworkManager-openvpn-gnome-1.8.16-150400.3.3.2 * NetworkManager-openvpn-debugsource-1.8.16-150400.3.3.2 * NetworkManager-openvpn-1.8.16-150400.3.3.2 * NetworkManager-openvpn-debuginfo-1.8.16-150400.3.3.2 * NetworkManager-openvpn-gnome-debuginfo-1.8.16-150400.3.3.2 * SUSE Linux Enterprise Workstation Extension 15 SP5 (noarch) * NetworkManager-openvpn-lang-1.8.16-150400.3.3.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214415 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 19 08:55:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2023 08:55:01 -0000 Subject: SUSE-RU-2023:4122-1: moderate: Recommended update for openssl-1_1 Message-ID: <169770570146.29066.15977673285865988864@smelt2.prg2.suse.org> # Recommended update for openssl-1_1 Announcement ID: SUSE-RU-2023:4122-1 Rating: moderate References: * bsc#1215215 Affected Products: * Basesystem Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * Displays "fips" in the version string (bsc#1215215) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4122=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4122=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4122=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4122=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4122=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libopenssl1_1-debuginfo-1.1.1l-150400.7.57.1 * openssl-1_1-1.1.1l-150400.7.57.1 * libopenssl-1_1-devel-1.1.1l-150400.7.57.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.57.1 * libopenssl1_1-hmac-1.1.1l-150400.7.57.1 * libopenssl1_1-1.1.1l-150400.7.57.1 * openssl-1_1-debugsource-1.1.1l-150400.7.57.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libopenssl1_1-debuginfo-1.1.1l-150400.7.57.1 * openssl-1_1-1.1.1l-150400.7.57.1 * libopenssl-1_1-devel-1.1.1l-150400.7.57.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.57.1 * libopenssl1_1-hmac-1.1.1l-150400.7.57.1 * libopenssl1_1-1.1.1l-150400.7.57.1 * openssl-1_1-debugsource-1.1.1l-150400.7.57.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libopenssl1_1-debuginfo-1.1.1l-150400.7.57.1 * openssl-1_1-1.1.1l-150400.7.57.1 * libopenssl-1_1-devel-1.1.1l-150400.7.57.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.57.1 * libopenssl1_1-hmac-1.1.1l-150400.7.57.1 * libopenssl1_1-1.1.1l-150400.7.57.1 * openssl-1_1-debugsource-1.1.1l-150400.7.57.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libopenssl1_1-debuginfo-1.1.1l-150400.7.57.1 * openssl-1_1-1.1.1l-150400.7.57.1 * libopenssl-1_1-devel-1.1.1l-150400.7.57.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.57.1 * libopenssl1_1-hmac-1.1.1l-150400.7.57.1 * libopenssl1_1-1.1.1l-150400.7.57.1 * openssl-1_1-debugsource-1.1.1l-150400.7.57.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-debuginfo-1.1.1l-150400.7.57.1 * openssl-1_1-1.1.1l-150400.7.57.1 * libopenssl-1_1-devel-1.1.1l-150400.7.57.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.57.1 * libopenssl1_1-hmac-1.1.1l-150400.7.57.1 * libopenssl1_1-1.1.1l-150400.7.57.1 * openssl-1_1-debugsource-1.1.1l-150400.7.57.1 * Basesystem Module 15-SP4 (x86_64) * libopenssl1_1-32bit-1.1.1l-150400.7.57.1 * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.57.1 * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.57.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.57.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215215 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 19 09:42:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2023 11:42:31 +0200 (CEST) Subject: SUSE-CU-2023:3465-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20231019094231.DEACAF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3465-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.297 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.297 Severity : important Type : security References : 1215286 1215891 CVE-2023-4813 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) The following package changes have been done: - glibc-locale-base-2.31-150300.63.1 updated - glibc-locale-2.31-150300.63.1 updated From sle-updates at lists.suse.com Thu Oct 19 09:42:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2023 11:42:02 +0200 (CEST) Subject: SUSE-CU-2023:3464-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20231019094202.AA328F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3464-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.475 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.475 Severity : important Type : security References : 1215286 1215891 CVE-2023-4813 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) The following package changes have been done: - glibc-locale-base-2.31-150300.63.1 updated - glibc-locale-2.31-150300.63.1 updated From sle-updates at lists.suse.com Thu Oct 19 12:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2023 12:30:03 -0000 Subject: SUSE-SU-2023:4133-1: important: Security update for nodejs18 Message-ID: <169771860314.12379.10727831135630782342@smelt2.prg2.suse.org> # Security update for nodejs18 Announcement ID: SUSE-SU-2023:4133-1 Rating: important References: * bsc#1216190 * bsc#1216205 * bsc#1216272 * bsc#1216273 Cross-References: * CVE-2023-38552 * CVE-2023-39333 * CVE-2023-44487 * CVE-2023-45143 CVSS scores: * CVE-2023-38552 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-39333 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-45143 ( SUSE ): 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L * CVE-2023-45143 ( NVD ): 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * Web and Scripting Module 15-SP4 * Web and Scripting Module 15-SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for nodejs18 fixes the following issues: * Update to version 18.18.2 * CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190) * CVE-2023-45143: Fixed a cookie leakage in undici. (bsc#1216205) * CVE-2023-38552: Fixed an integrity checks according to policies that could be circumvented. (bsc#1216272) * CVE-2023-39333: Fixed a code injection via WebAssembly export names. (bsc#1216273) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Web and Scripting Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2023-4133=1 * Web and Scripting Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP5-2023-4133=1 ## Package List: * Web and Scripting Module 15-SP4 (aarch64 ppc64le s390x x86_64) * nodejs18-18.18.2-150400.9.15.1 * npm18-18.18.2-150400.9.15.1 * nodejs18-debuginfo-18.18.2-150400.9.15.1 * nodejs18-debugsource-18.18.2-150400.9.15.1 * nodejs18-devel-18.18.2-150400.9.15.1 * Web and Scripting Module 15-SP4 (noarch) * nodejs18-docs-18.18.2-150400.9.15.1 * Web and Scripting Module 15-SP5 (aarch64 ppc64le s390x x86_64) * nodejs18-18.18.2-150400.9.15.1 * npm18-18.18.2-150400.9.15.1 * nodejs18-debuginfo-18.18.2-150400.9.15.1 * nodejs18-debugsource-18.18.2-150400.9.15.1 * nodejs18-devel-18.18.2-150400.9.15.1 * Web and Scripting Module 15-SP5 (noarch) * nodejs18-docs-18.18.2-150400.9.15.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38552.html * https://www.suse.com/security/cve/CVE-2023-39333.html * https://www.suse.com/security/cve/CVE-2023-44487.html * https://www.suse.com/security/cve/CVE-2023-45143.html * https://bugzilla.suse.com/show_bug.cgi?id=1216190 * https://bugzilla.suse.com/show_bug.cgi?id=1216205 * https://bugzilla.suse.com/show_bug.cgi?id=1216272 * https://bugzilla.suse.com/show_bug.cgi?id=1216273 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 19 12:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2023 12:30:05 -0000 Subject: SUSE-SU-2023:4132-1: important: Security update for nodejs18 Message-ID: <169771860547.12379.9415487939207739519@smelt2.prg2.suse.org> # Security update for nodejs18 Announcement ID: SUSE-SU-2023:4132-1 Rating: important References: * bsc#1216190 * bsc#1216205 * bsc#1216272 * bsc#1216273 Cross-References: * CVE-2023-38552 * CVE-2023-39333 * CVE-2023-44487 * CVE-2023-45143 CVSS scores: * CVE-2023-38552 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-39333 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-45143 ( SUSE ): 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L * CVE-2023-45143 ( NVD ): 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * Web and Scripting Module 12 An update that solves four vulnerabilities can now be installed. ## Description: This update for nodejs18 fixes the following issues: * Update to version 18.18.2 * CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190) * CVE-2023-45143: Fixed a cookie leakage in undici. (bsc#1216205) * CVE-2023-38552: Fixed an integrity checks according to policies that could be circumvented. (bsc#1216272) * CVE-2023-39333: Fixed a code injection via WebAssembly export names. (bsc#1216273) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Web and Scripting Module 12 zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2023-4132=1 ## Package List: * Web and Scripting Module 12 (aarch64 ppc64le s390x x86_64) * nodejs18-debugsource-18.18.2-8.15.1 * nodejs18-18.18.2-8.15.1 * npm18-18.18.2-8.15.1 * nodejs18-debuginfo-18.18.2-8.15.1 * nodejs18-devel-18.18.2-8.15.1 * Web and Scripting Module 12 (noarch) * nodejs18-docs-18.18.2-8.15.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38552.html * https://www.suse.com/security/cve/CVE-2023-39333.html * https://www.suse.com/security/cve/CVE-2023-44487.html * https://www.suse.com/security/cve/CVE-2023-45143.html * https://bugzilla.suse.com/show_bug.cgi?id=1216190 * https://bugzilla.suse.com/show_bug.cgi?id=1216205 * https://bugzilla.suse.com/show_bug.cgi?id=1216272 * https://bugzilla.suse.com/show_bug.cgi?id=1216273 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 19 12:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2023 12:30:07 -0000 Subject: SUSE-SU-2023:3828-2: important: Security update for python3 Message-ID: <169771860734.12379.8179141383452329593@smelt2.prg2.suse.org> # Security update for python3 Announcement ID: SUSE-SU-2023:3828-2 Rating: important References: * bsc#1214692 Cross-References: * CVE-2023-40217 CVSS scores: * CVE-2023-40217 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2023-40217 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: * SUSE Linux Enterprise Micro 5.5 An update that solves one vulnerability can now be installed. ## Description: This update for python3 fixes the following issues: * CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-3828=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * libpython3_6m1_0-debuginfo-3.6.15-150300.10.51.1 * python3-base-3.6.15-150300.10.51.1 * libpython3_6m1_0-3.6.15-150300.10.51.1 * python3-debugsource-3.6.15-150300.10.51.1 * python3-3.6.15-150300.10.51.1 * python3-base-debuginfo-3.6.15-150300.10.51.1 * python3-core-debugsource-3.6.15-150300.10.51.1 * python3-debuginfo-3.6.15-150300.10.51.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40217.html * https://bugzilla.suse.com/show_bug.cgi?id=1214692 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 19 16:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2023 16:30:06 -0000 Subject: SUSE-RU-2023:4138-1: moderate: Recommended update for systemd-rpm-macros Message-ID: <169773300684.31039.1705861882496444186@smelt2.prg2.suse.org> # Recommended update for systemd-rpm-macros Announcement ID: SUSE-RU-2023:4138-1 Rating: moderate References: Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: This update for systemd-rpm-macros fixes the following issues: * Switch to `systemd-hwdb` tool when updating the HW database. It's been introduced in systemd v219 and replaces the deprecated command `udevadm hwdb`. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4138=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4138=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4138=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4138=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4138=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4138=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4138=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4138=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4138=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4138=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * systemd-rpm-macros-14-150000.7.36.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * systemd-rpm-macros-14-150000.7.36.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * systemd-rpm-macros-14-150000.7.36.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * systemd-rpm-macros-14-150000.7.36.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * systemd-rpm-macros-14-150000.7.36.1 * Basesystem Module 15-SP4 (noarch) * systemd-rpm-macros-14-150000.7.36.1 * Basesystem Module 15-SP5 (noarch) * systemd-rpm-macros-14-150000.7.36.1 * SUSE Manager Proxy 4.2 (noarch) * systemd-rpm-macros-14-150000.7.36.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * systemd-rpm-macros-14-150000.7.36.1 * SUSE Manager Server 4.2 (noarch) * systemd-rpm-macros-14-150000.7.36.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 19 16:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2023 16:30:09 -0000 Subject: SUSE-SU-2023:4136-1: important: Security update for suse-module-tools Message-ID: <169773300912.31039.16415485546694369680@smelt2.prg2.suse.org> # Security update for suse-module-tools Announcement ID: SUSE-SU-2023:4136-1 Rating: important References: * bsc#1205767 * bsc#1210335 * jsc#PED-5731 Cross-References: * CVE-2023-1829 * CVE-2023-23559 CVSS scores: * CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23559 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L * CVE-2023-23559 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities and contains one feature can now be installed. ## Description: This update for suse-module-tools fixes the following issues: * Update to version 15.5.3: * CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier module (bsc#1210335). * CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules (bsc#1205767, jsc#PED-5731). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4136=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4136=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * suse-module-tools-15.5.3-150500.3.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * suse-module-tools-15.5.3-150500.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1829.html * https://www.suse.com/security/cve/CVE-2023-23559.html * https://bugzilla.suse.com/show_bug.cgi?id=1205767 * https://bugzilla.suse.com/show_bug.cgi?id=1210335 * https://jira.suse.com/browse/PED-5731 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 19 16:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2023 16:30:11 -0000 Subject: SUSE-SU-2023:4135-1: important: Security update for suse-module-tools Message-ID: <169773301159.31039.4689783318233356434@smelt2.prg2.suse.org> # Security update for suse-module-tools Announcement ID: SUSE-SU-2023:4135-1 Rating: important References: * bsc#1205767 * bsc#1210335 * jsc#PED-5731 Cross-References: * CVE-2023-1829 * CVE-2023-23559 CVSS scores: * CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23559 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L * CVE-2023-23559 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities and contains one feature can now be installed. ## Description: This update for suse-module-tools fixes the following issues: * Updated to version 15.4.18: * CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier module (bsc#1210335). * CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules (bsc#1205767, jsc#PED-5731). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4135=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4135=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4135=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4135=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4135=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * suse-module-tools-15.4.18-150400.3.14.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * suse-module-tools-15.4.18-150400.3.14.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * suse-module-tools-15.4.18-150400.3.14.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * suse-module-tools-15.4.18-150400.3.14.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * suse-module-tools-15.4.18-150400.3.14.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1829.html * https://www.suse.com/security/cve/CVE-2023-23559.html * https://bugzilla.suse.com/show_bug.cgi?id=1205767 * https://bugzilla.suse.com/show_bug.cgi?id=1210335 * https://jira.suse.com/browse/PED-5731 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 19 16:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Oct 2023 16:30:13 -0000 Subject: SUSE-RU-2023:4134-1: important: Recommended update for cockpit Message-ID: <169773301334.31039.16414597312510754883@smelt2.prg2.suse.org> # Recommended update for cockpit Announcement ID: SUSE-RU-2023:4134-1 Rating: important References: * bsc#1215109 Affected Products: * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that has one fix can now be installed. ## Description: This update for cockpit fixes the following issues: * Add paths in SELinux policy module since SLE Micro still uses /usr/lib (bsc#1215109) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4134=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4134=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * cockpit-debugsource-251.3-150400.6.4.1 * cockpit-bridge-251.3-150400.6.4.1 * cockpit-ws-251.3-150400.6.4.1 * cockpit-ws-debuginfo-251.3-150400.6.4.1 * cockpit-251.3-150400.6.4.1 * cockpit-bridge-debuginfo-251.3-150400.6.4.1 * cockpit-debuginfo-251.3-150400.6.4.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * cockpit-selinux-251.3-150400.6.4.1 * cockpit-networkmanager-251.3-150400.6.4.1 * cockpit-storaged-251.3-150400.6.4.1 * cockpit-system-251.3-150400.6.4.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * cockpit-debugsource-251.3-150400.6.4.1 * cockpit-bridge-251.3-150400.6.4.1 * cockpit-ws-251.3-150400.6.4.1 * cockpit-ws-debuginfo-251.3-150400.6.4.1 * cockpit-251.3-150400.6.4.1 * cockpit-bridge-debuginfo-251.3-150400.6.4.1 * cockpit-debuginfo-251.3-150400.6.4.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * cockpit-selinux-251.3-150400.6.4.1 * cockpit-networkmanager-251.3-150400.6.4.1 * cockpit-storaged-251.3-150400.6.4.1 * cockpit-system-251.3-150400.6.4.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215109 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 20 10:09:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Oct 2023 12:09:52 +0200 (CEST) Subject: SUSE-CU-2023:3470-1: Security update of rancher/elemental-teal-iso/5.4 Message-ID: <20231020100952.ECB1CF417@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-teal-iso/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3470-1 Container Tags : rancher/elemental-teal-iso/5.4:1.2.2 , rancher/elemental-teal-iso/5.4:1.2.2-3.2.1 , rancher/elemental-teal-iso/5.4:latest Container Release : 3.2.1 Severity : critical Type : security References : 1029961 1041090 1048046 1049382 1051429 1089497 1096726 1102408 1103032 1113038 1113039 1113040 1114832 1116658 1118897 1118898 1118899 1120610 1120610 1121967 1123156 1123387 1124308 1130489 1130496 1130496 1131314 1131553 1135460 1136234 1136974 1137860 1141680 1143386 1149954 1152308 1155141 1155217 1160452 1160460 1164390 1167850 1168481 1170940 1171566 1171578 1172380 1172786 1173404 1173409 1173410 1173471 1174465 1175081 1175821 1175821 1176547 1177955 1178807 1178943 1178944 1179025 1179203 1179466 1179467 1179467 1181122 1181131 1181131 1181594 1181641 1181644 1181677 1181730 1181732 1181749 1181872 1181961 1182451 1182476 1182790 1182947 1182998 1183024 1183855 1184124 1184768 1184962 1185405 1185405 1186606 1187704 1188282 1189743 1190826 1191015 1191121 1191334 1191355 1191434 1192051 1193436 1193951 1194038 1194609 1194900 1197093 1199232 1199235 1199460 1199565 1200088 1200145 1200524 1200657 1200657 1202021 1202436 1202436 1202436 1202821 1202821 1203600 1205536 1207509 1207753 1208079 1208194 1208574 1208721 1209229 1209741 1210702 1210702 1210999 1211272 1211576 1211828 1212126 1212434 1213185 1213237 1213472 1213487 1213514 1213517 1213575 1213853 1213873 1214054 1214071 CVE-2018-14679 CVE-2018-14681 CVE-2018-14682 CVE-2018-15664 CVE-2018-16873 CVE-2018-16874 CVE-2018-16875 CVE-2018-18584 CVE-2018-18585 CVE-2018-18586 CVE-2018-20482 CVE-2018-20482 CVE-2019-1010305 CVE-2019-10152 CVE-2019-16884 CVE-2019-18466 CVE-2019-19921 CVE-2019-5736 CVE-2019-6778 CVE-2019-9923 CVE-2019-9923 CVE-2020-10756 CVE-2020-1983 CVE-2020-21913 CVE-2020-29129 CVE-2020-29130 CVE-2020-29130 CVE-2021-20193 CVE-2021-20193 CVE-2021-20206 CVE-2021-21284 CVE-2021-21285 CVE-2021-21334 CVE-2021-30465 CVE-2021-30465 CVE-2021-30560 CVE-2021-32760 CVE-2021-41089 CVE-2021-41091 CVE-2021-41092 CVE-2021-41103 CVE-2021-43784 CVE-2022-1586 CVE-2022-1587 CVE-2022-29162 CVE-2022-31030 CVE-2022-41409 CVE-2022-48303 CVE-2023-31484 CVE-2023-32001 CVE-2023-3446 CVE-2023-34969 CVE-2023-36054 CVE-2023-3817 ----------------------------------------------------------------- The container rancher/elemental-teal-iso/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:495-1 Released: Tue Feb 26 16:42:35 2019 Summary: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc Type: security Severity: important References: 1048046,1051429,1114832,1118897,1118898,1118899,1121967,1124308,CVE-2018-16873,CVE-2018-16874,CVE-2018-16875,CVE-2019-5736 This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues: Security issues fixed: - CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899). - CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898). - CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897). - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967). Other changes and fixes: - Update shell completion to use Group: System/Shells. - Add daemon.json file with rotation logs configuration (bsc#1114832) - Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. - Update go requirements to >= go1.10 - Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429). - Remove the usage of 'cp -r' to reduce noise in the build logs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:748-1 Released: Tue Mar 26 14:35:56 2019 Summary: Security update for libmspack Type: security Severity: moderate References: 1113038,1113039,CVE-2018-18584,CVE-2018-18585 This update for libmspack fixes the following issues: Security issues fixed: - CVE-2018-18584: The CAB block input buffer was one byte too small for the maximal Quantum block, leading to an out-of-bounds write. (bsc#1113038) - CVE-2018-18585: chmd_read_headers accepted a filename that has '\0' as its first or second character (such as the '/\0' name). (bsc#1113039) - Fix off-by-one bounds check on CHM PMGI/PMGL chunk numbers and reject empty filenames. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:926-1 Released: Wed Apr 10 16:33:12 2019 Summary: Security update for tar Type: security Severity: moderate References: 1120610,1130496,CVE-2018-20482,CVE-2019-9923 This update for tar fixes the following issues: Security issues fixed: - CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496). - CVE-2018-20482: Fixed a denial of service when the '--sparse' option mishandles file shrinkage during read access (bsc#1120610). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2223-1 Released: Tue Aug 27 15:42:56 2019 Summary: Security update for podman, slirp4netns and libcontainers-common Type: security Severity: moderate References: 1096726,1123156,1123387,1135460,1136974,1137860,1143386,CVE-2018-15664,CVE-2019-10152,CVE-2019-6778 This is a version update for podman to version 1.4.4 (bsc#1143386). Additional changes by SUSE on top: - Remove fuse-overlayfs because it's (currently) an unsatisfied dependency on SLE (bsc#1143386) - Update libpod.conf to use correct infra_command - Update libpod.conf to use better versioned pause container - Update libpod.conf to use official kubic pause container - Update libpod.conf to match latest features set: detach_keys, lock_type, runtime_supports_json - Add podman-remote varlink client Version update podman to v1.4.4: - Features - Podman now has greatly improved support for containers using multiple OCI runtimes. Containers now remember if they were created with a different runtime using --runtime and will always use that runtime - The cached and delegated options for volume mounts are now allowed for Docker compatability (#3340) - The podman diff command now supports the --latest flag - Bugfixes - Fixed a bug where rootless Podman would attempt to use the entire root configuration if no rootless configuration was present for the user, breaking rootless Podman for new installations - Fixed a bug where rootless Podman's pause process would block SIGTERM, preventing graceful system shutdown and hanging until the system's init send SIGKILL - Fixed a bug where running Podman as root with sudo -E would not work after running rootless Podman at least once - Fixed a bug where options for tmpfs volumes added with the --tmpfs flag were being ignored - Fixed a bug where images with no layers could not properly be displayed and removed by Podman - Fixed a bug where locks were not properly freed on failure to create a container or pod - Fixed a bug where podman cp on a single file would create a directory at the target and place the file in it (#3384) - Fixed a bug where podman inspect --format '{{.Mounts}}' would print a hexadecimal address instead of a container's mounts - Fixed a bug where rootless Podman would not add an entry to container's /etc/hosts files for their own hostname (#3405) - Fixed a bug where podman ps --sync would segfault (#3411) - Fixed a bug where podman generate kube would produce an invalid ports configuration (#3408) - Misc - Updated containers/storage to v1.12.13 - Podman now performs much better on systems with heavy I/O load - The --cgroup-manager flag to podman now shows the correct default setting in help if the default was overridden by libpod.conf - For backwards compatability, setting --log-driver=json-file in podman run is now supported as an alias for --log-driver=k8s-file. This is considered deprecated, and json-file will be moved to a new implementation in the future ([#3363](https://github.com/containers/libpo\ d/issues/3363)) - Podman's default libpod.conf file now allows the crun OCI runtime to be used if it is installed Update podman to v1.4.2: - Fixed a bug where Podman could not run containers using an older version of Systemd as init - Updated vendored Buildah to v1.9.0 to resolve a critical bug with Dockerfile RUN instructions - The error message for running podman kill on containers that are not running has been improved - Podman remote client can now log to a file if syslog is not available - The podman exec command now sets its error code differently based on whether the container does not exist, and the command in the container does not exist - The podman inspect command on containers now outputs Mounts JSON that matches that of docker inspect, only including user-specified volumes and differentiating bind mounts and named volumes - The podman inspect command now reports the path to a container's OCI spec with the OCIConfigPath key (only included when the container is initialized or running) - The podman run --mount command now supports the bind-nonrecursive option for bind mounts - Fixed a bug where podman play kube would fail to create containers due to an unspecified log driver - Fixed a bug where Podman would fail to build with musl libc - Fixed a bug where rootless Podman using slirp4netns networking in an environment with no nameservers on the host other than localhost would result in nonfunctional networking - Fixed a bug where podman import would not properly set environment variables, discarding their values and retaining only keys - Fixed a bug where Podman would fail to run when built with Apparmor support but run on systems without the Apparmor kernel module loaded - Remote Podman will now default the username it uses to log in to remote systems to the username of the current user - Podman now uses JSON logging with OCI runtimes that support it, allowing for better error reporting - Updated vendored containers/image to v2.0 - Update conmon to v0.3.0 - Support OOM Monitor under cgroup V2 - Add config binary and make target for configuring conmon with a go library for importing values Updated podman to version 1.4.0 (bsc#1137860) and (bsc#1135460) - Podman checkpoint and podman restore commands can now be used to migrate containers between Podman installations on different systems. - The podman cp now supports pause flag. - The remote client now supports a configuration file for pre-configuring connections to remote Podman installations - CVE-2019-10152: Fixed an iproper dereference of symlinks of the the podman cp command which introduced in version 1.1.0 (bsc#1136974). - Fixed a bug where podman commit could improperly set environment variables that contained = characters - Fixed a bug where rootless podman would sometimes fail to start containers with forwarded ports - Fixed a bug where podman version on the remote client could segfault - Fixed a bug where podman container runlabel would use /proc/self/exe instead of the path of the Podman command when printing the command being executed - Fixed a bug where filtering images by label did not work - Fixed a bug where specifying a bing mount or tmpfs mount over an image volume would cause a container to be unable to start - Fixed a bug where podman generate kube did not work with containers with named volumes - Fixed a bug where rootless podman would receive permission denied errors accessing conmon.pid - Fixed a bug where podman cp with a folder specified as target would replace the folder, as opposed to copying into it - Fixed a bug where rootless Podman commands could double-unlock a lock, causing a crash - Fixed a bug where podman incorrectly set tmpcopyup on /dev/ mounts, causing errors when using the Kata containers runtime - Fixed a bug where podman exec would fail on older kernels - Podman commit command is now usable with the Podman remote client - Signature-policy flag has been deprecated - Updated vendored containers/storage and containers/image libraries with numerous bugfixes - Updated vendored Buildah to v1.8.3 - Podman now requires Conmon v0.2.0 - The podman cp command is now aliased as podman container cp - Rootless podman will now default init_path using root Podman's configuration files (/etc/containers/libpod.conf and /usr/share/containers/libpod.conf) if not overridden in the rootless configuration - Added fuse-overlayfs dependency to support overlay based rootless image manipulations - The podman cp command can now read input redirected to STDIN, and output to STDOUT instead of a file, using - instead of an argument. - The podman remote client now displays version information from both the client and server in podman version - The podman unshare command has been added, allowing easy entry into the user namespace set up by rootless Podman (allowing the removal of files created by rootless podman, among other things) - Fixed a bug where Podman containers with the --rm flag were removing created volumes when they were automatically removed - Fixed a bug where container and pod locks were incorrectly marked as released after a system reboot, causing errors on container and pod removal - Fixed a bug where Podman pods could not be removed if any container in the pod encountered an error during removal - Fixed a bug where Podman pods run with the cgroupfs CGroup driver would encounter a race condition during removal, potentially failing to remove the pod CGroup - Fixed a bug where the podman container checkpoint and podman container restore commands were not visible in the remote client - Fixed a bug where podman remote ps --ns would not print the container's namespaces - Fixed a bug where removing stopped containers with healthchecks could cause an error - Fixed a bug where the default libpod.conf file was causing parsing errors - Fixed a bug where pod locks were not being freed when pods were removed, potentially leading to lock exhaustion - Fixed a bug where 'podman run' with SD_NOTIFY set could, on short-running containers, create an inconsistent state rendering the container unusable - The remote Podman client now uses the Varlink bridge to establish remote connections by default - Fixed an issue with apparmor_parser (bsc#1123387) - Update to libpod v1.4.0 (bsc#1137860): - The podman checkpoint and podman restore commands can now be used to migrate containers between Podman installations on different systems - The podman cp command now supports a pause flag to pause containers while copying into them - The remote client now supports a configuration file for pre-configuring connections to remote Podman installations - Fixed CVE-2019-10152 - The podman cp command improperly dereferenced symlinks in host context - Fixed a bug where podman commit could improperly set environment variables that contained = characters - Fixed a bug where rootless Podman would sometimes fail to start containers with forwarded ports - Fixed a bug where podman version on the remote client could segfault - Fixed a bug where podman container runlabel would use /proc/self/exe instead of the path of the Podman command when printing the command being executed - Fixed a bug where filtering images by label did not work - Fixed a bug where specifying a bing mount or tmpfs mount over an image volume would cause a container to be unable to start - Fixed a bug where podman generate kube did not work with containers with named volumes - Fixed a bug where rootless Podman would receive permission denied errors accessing conmon.pid - Fixed a bug where podman cp with a folder specified as target would replace the folder, as opposed to copying into it - Fixed a bug where rootless Podman commands could double-unlock a lock, causing a crash - Fixed a bug where Podman incorrectly set tmpcopyup on /dev/ mounts, causing errors when using the Kata containers runtime - Fixed a bug where podman exec would fail on older kernels - The podman commit command is now usable with the Podman remote client - The --signature-policy flag (used with several image-related commands) has been deprecated - The podman unshare command now defines two environment variables in the spawned shell: CONTAINERS_RUNROOT and CONTAINERS_GRAPHROOT, pointing to temporary and permanent storage for rootless containers - Updated vendored containers/storage and containers/image libraries with numerous bugfixes - Updated vendored Buildah to v1.8.3 - Podman now requires Conmon v0.2.0 - The podman cp command is now aliased as podman container cp - Rootless Podman will now default init_path using root Podman's configuration files (/etc/containers/libpod.conf and /usr/share/containers/libpod.conf) if not overridden in the rootless configuration - Update to image v1.5.1 - Vendor in latest containers/storage - docker/docker_client: Drop redundant Domain(ref.ref) call - pkg/blobinfocache: Split implementations into subpackages - copy: progress bar: show messages on completion - docs: rename manpages to *.5.command - add container-certs.d.md manpage - pkg/docker/config: Bring auth tests from docker/docker_client_test - Don't allocate a sync.Mutex separately Update to storage v1.12.10: - Add function to parse out mount options from graphdriver - Merge the disparate parts of all of the Unix-like lockfiles - Fix unix-but-not-Linux compilation - Return XDG_RUNTIME_DIR as RootlessRuntimeDir if set - Cherry-pick moby/moby #39292 for CVE-2018-15664 fixes - lockfile: add RecursiveLock() API - Update generated files - Fix crash on tesing of aufs code - Let consumers know when Layers and Images came from read-only stores - chown: do not change owner for the mountpoint - locks: correctly mark updates to the layers list - CreateContainer: don't worry about mapping layers unless necessary - docs: fix manpage for containers-storage.conf - docs: sort configuration options alphabetically - docs: document OSTree file deduplication - Add missing options to man page for containers-storage - overlay: use the layer idmapping if present - vfs: prefer layer custom idmappings - layers: propagate down the idmapping settings - Recreate symlink when not found - docs: fix manpage for configuration file - docs: add special handling for manpages in sect 5 - overlay: fix single-lower test - Recreate symlink when not found - overlay: propagate errors from mountProgram - utils: root in a userns uses global conf file - Fix handling of additional stores - Correctly check permissions on rootless directory - Fix possible integer overflow on 32bit builds - Evaluate device path for lvm - lockfile test: make concurrent RW test determinisitc - lockfile test: make concurrent read tests deterministic - drivers.DirCopy: fix filemode detection - storage: move the logic to detect rootless into utils.go - Don't set (struct flock).l_pid - Improve documentation of getLockfile - Rename getLockFile to createLockerForPath, and document it - Add FILES section to containers-storage.5 man page - add digest locks - drivers/copy: add a non-cgo fallback slirp4netns was updated to 0.3.0: - CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() (bsc#1123156) This update also includes: - fuse3 and fuse-overlayfs to support rootless containers. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2810-1 Released: Tue Oct 29 14:56:44 2019 Summary: Security update for runc Type: security Severity: moderate References: 1131314,1131553,1152308,CVE-2019-16884 This update for runc fixes the following issues: Security issue fixed: - CVE-2019-16884: Fixed an LSM bypass via malicious Docker images that mount over a /proc directory. (bsc#1152308) Non-security issues fixed: - Includes upstreamed patches for regressions (bsc#1131314 bsc#1131553). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:697-1 Released: Mon Mar 16 13:17:10 2020 Summary: Security update for cni, cni-plugins, conmon, fuse-overlayfs, podman Type: security Severity: moderate References: 1155217,1160460,1164390,CVE-2019-18466 This update for cni, cni-plugins, conmon, fuse-overlayfs, podman fixes the following issues: podman was updated to 1.8.0: - CVE-2019-18466: Fixed a bug where podman cp would improperly copy files on the host when copying a symlink in the container that included a glob operator (#3829 bsc#1155217) - The name of the cni-bridge in the default config changed from 'cni0' to 'podman-cni0' with podman-1.6.0. Add a %trigger to rename the bridge in the system to the new default if it exists. The trigger is only excuted when updating podman-cni-config from something older than 1.6.0. This is mainly needed for SLE where we're updating from 1.4.4 to 1.8.0 (bsc#1160460). Update podman to v1.8.0 (bsc#1160460): * Features - The podman system service command has been added, providing a preview of Podman's new Docker-compatible API. This API is still very new, and not yet ready for production use, but is available for early testing - Rootless Podman now uses Rootlesskit for port forwarding, which should greatly improve performance and capabilities - The podman untag command has been added to remove tags from images without deleting them - The podman inspect command on images now displays previous names they used - The podman generate systemd command now supports a --new option to generate service files that create and run new containers instead of managing existing containers - Support for --log-opt tag= to set logging tags has been added to the journald log driver - Added support for using Seccomp profiles embedded in images for podman run and podman create via the new --seccomp-policy CLI flag - The podman play kube command now honors pull policy * Bugfixes - Fixed a bug where the podman cp command would not copy the contents of directories when paths ending in /. were given - Fixed a bug where the podman play kube command did not properly locate Seccomp profiles specified relative to localhost - Fixed a bug where the podman info command for remote Podman did not show registry information - Fixed a bug where the podman exec command did not support having input piped into it - Fixed a bug where the podman cp command with rootless Podman on CGroups v2 systems did not properly determine if the container could be paused while copying - Fixed a bug where the podman container prune --force command could possible remove running containers if they were started while the command was running - Fixed a bug where Podman, when run as root, would not properly configure slirp4netns networking when requested - Fixed a bug where podman run --userns=keep-id did not work when the user had a UID over 65535 - Fixed a bug where rootless podman run and podman create with the --userns=keep-id option could change permissions on /run/user/$UID and break KDE - Fixed a bug where rootless Podman could not be run in a systemd service on systems using CGroups v2 - Fixed a bug where podman inspect would show CPUShares as 0, instead of the default (1024), when it was not explicitly set - Fixed a bug where podman-remote push would segfault - Fixed a bug where image healthchecks were not shown in the output of podman inspect - Fixed a bug where named volumes created with containers from pre-1.6.3 releases of Podman would be autoremoved with their containers if the --rm flag was given, even if they were given names - Fixed a bug where podman history was not computing image sizes correctly - Fixed a bug where Podman would not error on invalid values to the --sort flag to podman images - Fixed a bug where providing a name for the image made by podman commit was mandatory, not optional as it should be - Fixed a bug where the remote Podman client would append an extra ' to %PATH - Fixed a bug where the podman build command would sometimes ignore the -f option and build the wrong Containerfile - Fixed a bug where the podman ps --filter command would only filter running containers, instead of all containers, if --all was not passed - Fixed a bug where the podman load command on compressed images would leave an extra copy on disk - Fixed a bug where the podman restart command would not properly clean up the network, causing it to function differently from podman stop; podman start - Fixed a bug where setting the --memory-swap flag to podman create and podman run to -1 (to indicate unlimited) was not supported * Misc - Initial work on version 2 of the Podman remote API has been merged, but is still in an alpha state and not ready for use. Read more here - Many formatting corrections have been made to the manpages - The changes to address (#5009) may cause anonymous volumes created by Podman versions 1.6.3 to 1.7.0 to not be removed when their container is removed - Updated vendored Buildah to v1.13.1 - Updated vendored containers/storage to v1.15.8 - Updated vendored containers/image to v5.2.0 - Add apparmor-abstractions as required runtime dependency to have `tunables/global` available. - fixed the --force flag for the 'container prune' command. (https://github.com/containers/libpod/issues/4844) Update podman to v1.7.0 * Features - Added support for setting a static MAC address for containers - Added support for creating macvlan networks with podman network create, allowing Podman containers to be attached directly to networks the host is connected to - The podman image prune and podman container prune commands now support the --filter flag to filter what will be pruned, and now prompts for confirmation when run without --force (#4410 and #4411) - Podman now creates CGroup namespaces by default on systems using CGroups v2 (#4363) - Added the podman system reset command to remove all Podman files and perform a factory reset of the Podman installation - Added the --history flag to podman images to display previous names used by images (#4566) - Added the --ignore flag to podman rm and podman stop to not error when requested containers no longer exist - Added the --cidfile flag to podman rm and podman stop to read the IDs of containers to be removed or stopped from a file - The podman play kube command now honors Seccomp annotations (#3111) - The podman play kube command now honors RunAsUser, RunAsGroup, and selinuxOptions - The output format of the podman version command has been changed to better match docker version when using the --format flag - Rootless Podman will no longer initialize containers/storage twice, removing a potential deadlock preventing Podman commands from running while an image was being pulled (#4591) - Added tmpcopyup and notmpcopyup options to the --tmpfs and --mount type=tmpfs flags to podman create and podman run to control whether the content of directories are copied into tmpfs filesystems mounted over them - Added support for disabling detaching from containers by setting empty detach keys via --detach-keys='' - The podman build command now supports the --pull and --pull-never flags to control when images are pulled during a build - The podman ps -p command now shows the name of the pod as well as its ID (#4703) - The podman inspect command on containers will now display the command used to create the container - The podman info command now displays information on registry mirrors (#4553) * Bugfixes - Fixed a bug where Podman would use an incorrect runtime directory as root, causing state to be deleted after root logged out and making Podman in systemd services not function properly - Fixed a bug where the --change flag to podman import and podman commit was not being parsed properly in many cases - Fixed a bug where detach keys specified in libpod.conf were not used by the podman attach and podman exec commands, which always used the global default ctrl-p,ctrl-q key combination (#4556) - Fixed a bug where rootless Podman was not able to run podman pod stats even on CGroups v2 enabled systems (#4634) - Fixed a bug where rootless Podman would fail on kernels without the renameat2 syscall (#4570) - Fixed a bug where containers with chained network namespace dependencies (IE, container A using --net container=B and container B using --net container=C) would not properly mount /etc/hosts and /etc/resolv.conf into the container (#4626) - Fixed a bug where podman run with the --rm flag and without -d could, when run in the background, throw a 'container does not exist' error when attempting to remove the container after it exited - Fixed a bug where named volume locks were not properly reacquired after a reboot, potentially leading to deadlocks when trying to start containers using the volume (#4605 and #4621) - Fixed a bug where Podman could not completely remove containers if sent SIGKILL during removal, leaving the container name unusable without the podman rm --storage command to complete removal (#3906) - Fixed a bug where checkpointing containers started with --rm was allowed when --export was not specified (the container, and checkpoint, would be removed after checkpointing was complete by --rm) (#3774) - Fixed a bug where the podman pod prune command would fail if containers were present in the pods and the --force flag was not passed (#4346) - Fixed a bug where containers could not set a static IP or static MAC address if they joined a non-default CNI network (#4500) - Fixed a bug where podman system renumber would always throw an error if a container was mounted when it was run - Fixed a bug where podman container restore would fail with containers using a user namespace - Fixed a bug where rootless Podman would attempt to use the journald events backend even on systems without systemd installed - Fixed a bug where podman history would sometimes not properly identify the IDs of layers in an image (#3359) - Fixed a bug where containers could not be restarted when Conmon v2.0.3 or later was used - Fixed a bug where Podman did not check image OS and Architecture against the host when starting a container - Fixed a bug where containers in pods did not function properly with the Kata OCI runtime (#4353) - Fixed a bug where `podman info --format '{{ json . }}' would not produce JSON output (#4391) - Fixed a bug where Podman would not verify if files passed to --authfile existed (#4328) - Fixed a bug where podman images --digest would not always print digests when they were available - Fixed a bug where rootless podman run could hang due to a race with reading and writing events - Fixed a bug where rootless Podman would print warning-level logs despite not be instructed to do so (#4456) - Fixed a bug where podman pull would attempt to fetch from remote registries when pulling an unqualified image using the docker-daemon transport (#4434) - Fixed a bug where podman cp would not work if STDIN was a pipe - Fixed a bug where podman exec could stop accepting input if anything was typed between the command being run and the exec session starting (#4397) - Fixed a bug where podman logs --tail 0 would print all lines of a container's logs, instead of no lines (#4396) - Fixed a bug where the timeout for slirp4netns was incorrectly set, resulting in an extremely long timeout (#4344) - Fixed a bug where the podman stats command would print CPU utilizations figures incorrectly (#4409) - Fixed a bug where the podman inspect --size command would not print the size of the container's read/write layer if the size was 0 (#4744) - Fixed a bug where the podman kill command was not properly validating signals before use (#4746) - Fixed a bug where the --quiet and --format flags to podman ps could not be used at the same time - Fixed a bug where the podman stop command was not stopping exec sessions when a container was created without a PID namespace (--pid=host) - Fixed a bug where the podman pod rm --force command was not removing anonymous volumes for containers that were removed - Fixed a bug where the podman checkpoint command would not export all changes to the root filesystem of the container if performed more than once on the same container (#4606) - Fixed a bug where containers started with --rm would not be automatically removed on being stopped if an exec session was running inside the container (#4666) * Misc - The fixes to runtime directory path as root can cause strange behavior if an upgrade is performed while containers are running - Updated vendored Buildah to v1.12.0 - Updated vendored containers/storage library to v1.15.4 - Updated vendored containers/image library to v5.1.0 - Kata Containers runtimes (kata-runtime, kata-qemu, and kata-fc) are now present in the default libpod.conf, but will not be available unless Kata containers is installed on the system - Podman previously did not allow the creation of containers with a memory limit lower than 4MB. This restriction has been removed, as the crun runtime can create containers with significantly less memory Update podman to v1.6.4 - Remove winsz FIFO on container restart to allow use with Conmon 2.03 and higher - Ensure volumes reacquire locks on system restart, preventing deadlocks when starting containers - Suppress spurious log messages when running rootless Podman - Update vendored containers/storage to v1.13.6 - Fix a deadlock related to writing events - Do not use the journald event logger when it is not available Update podman to v1.6.2 * Features - Added a --runtime flag to podman system migrate to allow the OCI runtime for all containers to be reset, to ease transition to the crun runtime on CGroups V2 systems until runc gains full support - The podman rm command can now remove containers in broken states which previously could not be removed - The podman info command, when run without root, now shows information on UID and GID mappings in the rootless user namespace - Added podman build --squash-all flag, which squashes all layers (including those of the base image) into one layer - The --systemd flag to podman run and podman create now accepts a string argument and allows a new value, always, which forces systemd support without checking if the the container entrypoint is systemd * Bugfixes - Fixed a bug where the podman top command did not work on systems using CGroups V2 (#4192) - Fixed a bug where rootless Podman could double-close a file, leading to a panic - Fixed a bug where rootless Podman could fail to retrieve some containers while refreshing the state - Fixed a bug where podman start --attach --sig-proxy=false would still proxy signals into the container - Fixed a bug where Podman would unconditionally use a non-default path for authentication credentials (auth.json), breaking podman login integration with skopeo and other tools using the containers/image library - Fixed a bug where podman ps --format=json and podman images --format=json would display null when no results were returned, instead of valid JSON - Fixed a bug where podman build --squash was incorrectly squashing all layers into one, instead of only new layers - Fixed a bug where rootless Podman would allow volumes with options to be mounted (mounting volumes requires root), creating an inconsistent state where volumes reported as mounted but were not (#4248) - Fixed a bug where volumes which failed to unmount could not be removed (#4247) - Fixed a bug where Podman incorrectly handled some errors relating to unmounted or missing containers in containers/storage - Fixed a bug where podman stats was broken on systems running CGroups V2 when run rootless (#4268) - Fixed a bug where the podman start command would print the short container ID, instead of the full ID - Fixed a bug where containers created with an OCI runtime that is no longer available (uninstalled or removed from the config file) would not appear in podman ps and could not be removed via podman rm - Fixed a bug where containers restored via podman container restore --import would retain the CGroup path of the original container, even if their container ID changed; thus, multiple containers created from the same checkpoint would all share the same CGroup * Misc - The default PID limit for containers is now set to 4096. It can be adjusted back to the old default (unlimited) by passing --pids-limit 0 to podman create and podman run - The podman start --attach command now automatically attaches STDIN if the container was created with -i - The podman network create command now validates network names using the same regular expression as container and pod names - The --systemd flag to podman run and podman create will now only enable systemd mode when the binary being run inside the container is /sbin/init, /usr/sbin/init, or ends in systemd (previously detected any path ending in init or systemd) - Updated vendored Buildah to 1.11.3 - Updated vendored containers/storage to 1.13.5 - Updated vendored containers/image to 4.0.1 Update podman to v1.6.1 * Features - The podman network create, podman network rm, podman network inspect, and podman network ls commands have been added to manage CNI networks used by Podman - The podman volume create command can now create and mount volumes with options, allowing volumes backed by NFS, tmpfs, and many other filesystems - Podman can now run containers without CGroups for better integration with systemd by using the --cgroups=disabled flag with podman create and podman run. This is presently only supported with the crun OCI runtime - The podman volume rm and podman volume inspect commands can now refer to volumes by an unambiguous partial name, in addition to full name (e.g. podman volume rm myvol to remove a volume named myvolume) (#3891) - The podman run and podman create commands now support the --pull flag to allow forced re-pulling of images (#3734) - Mounting volumes into a container using --volume, --mount, and --tmpfs now allows the suid, dev, and exec mount options (the inverse of nosuid, nodev, noexec) (#3819) - Mounting volumes into a container using --mount now allows the relabel=Z and relabel=z options to relabel mounts. - The podman push command now supports the --digestfile option to save a file containing the pushed digest - Pods can now have their hostname set via podman pod create --hostname or providing Pod YAML with a hostname set to podman play kube (#3732) - The podman image sign command now supports the --cert-dir flag - The podman run and podman create commands now support the --security-opt label=filetype:$LABEL flag to set the SELinux label for container files - The remote Podman client now supports healthchecks * Bugfixes - Fixed a bug where remote podman pull would panic if a Varlink connection was not available (#4013) - Fixed a bug where podman exec would not properly set terminal size when creating a new exec session (#3903) - Fixed a bug where podman exec would not clean up socket symlinks on the host (#3962) - Fixed a bug where Podman could not run systemd in containers that created a CGroup namespace - Fixed a bug where podman prune -a would attempt to prune images used by Buildah and CRI-O, causing errors (#3983) - Fixed a bug where improper permissions on the ~/.config directory could cause rootless Podman to use an incorrect directory for storing some files - Fixed a bug where the bash completions for podman import threw errors - Fixed a bug where Podman volumes created with podman volume create would not copy the contents of their mountpoint the first time they were mounted into a container (#3945) - Fixed a bug where rootless Podman could not run podman exec when the container was not run inside a CGroup owned by the user (#3937) - Fixed a bug where podman play kube would panic when given Pod YAML without a securityContext (#3956) - Fixed a bug where Podman would place files incorrectly when storage.conf configuration items were set to the empty string (#3952) - Fixed a bug where podman build did not correctly inherit Podman's CGroup configuration, causing crashed on CGroups V2 systems (#3938) - Fixed a bug where remote podman run --rm would exit before the container was completely removed, allowing race conditions when removing container resources (#3870) - Fixed a bug where rootless Podman would not properly handle changes to /etc/subuid and /etc/subgid after a container was launched - Fixed a bug where rootless Podman could not include some devices in a container using the --device flag (#3905) - Fixed a bug where the commit Varlink API would segfault if provided incorrect arguments (#3897) - Fixed a bug where temporary files were not properly cleaned up after a build using remote Podman (#3869) - Fixed a bug where podman remote cp crashed instead of reporting it was not yet supported (#3861) - Fixed a bug where podman exec would run as the wrong user when execing into a container was started from an image with Dockerfile USER (or a user specified via podman run --user) (#3838) - Fixed a bug where images pulled using the oci: transport would be improperly named - Fixed a bug where podman varlink would hang when managed by systemd due to SD_NOTIFY support conflicting with Varlink (#3572) - Fixed a bug where mounts to the same destination would sometimes not trigger a conflict, causing a race as to which was actually mounted - Fixed a bug where podman exec --preserve-fds caused Podman to hang (#4020) - Fixed a bug where removing an unmounted container that was unmounted might sometimes not properly clean up the container (#4033) - Fixed a bug where the Varlink server would freeze when run in a systemd unit file (#4005) - Fixed a bug where Podman would not properly set the $HOME environment variable when the OCI runtime did not set it - Fixed a bug where rootless Podman would incorrectly print warning messages when an OCI runtime was not found (#4012) - Fixed a bug where named volumes would conflict with, instead of overriding, tmpfs filesystems added by the --read-only-tmpfs flag to podman create and podman run - Fixed a bug where podman cp would incorrectly make the target directory when copying to a symlink which pointed to a nonexistent directory (#3894) - Fixed a bug where remote Podman would incorrectly read STDIN when the -i flag was not set (#4095) - Fixed a bug where podman play kube would create an empty pod when given an unsupported YAML type (#4093) - Fixed a bug where podman import --change improperly parsed CMD (#4000) - Fixed a bug where rootless Podman on systems using CGroups V2 would not function with the cgroupfs CGroups manager - Fixed a bug where rootless Podman could not correctly identify the DBus session address, causing containers to fail to start (#4162) - Fixed a bug where rootless Podman with slirp4netns networking would fail to start containers due to mount leaks * Misc - Significant changes were made to Podman volumes in this release. If you have pre-existing volumes, it is strongly recommended to run podman system renumber after upgrading. - Version 0.8.1 or greater of the CNI Plugins is now required for Podman - Version 2.0.1 or greater of Conmon is strongly recommended - Updated vendored Buildah to v1.11.2 - Updated vendored containers/storage library to v1.13.4 - Improved error messages when trying to create a pod with no name via podman play kube - Improved error messages when trying to run podman pause or podman stats on a rootless container on a system without CGroups V2 enabled - TMPDIR has been set to /var/tmp by default to better handle large temporary files - podman wait has been optimized to detect stopped containers more rapidly - Podman containers now include a ContainerManager annotation indicating they were created by libpod - The podman info command now includes information about slirp4netns and fuse-overlayfs if they are available - Podman no longer sets a default size of 65kb for tmpfs filesystems - The default Podman CNI network has been renamed in an attempt to prevent conflicts with CRI-O when both are run on the same system. This should only take effect on system restart - The output of podman volume inspect has been more closely matched to docker volume inspect - Add katacontainers as a recommended package, and include it as an additional OCI runtime in the configuration. Update podman to v1.5.1 * Features - The hostname of pods is now set to the pod's name * Bugfixes - Fixed a bug where podman run and podman create did not honor the --authfile option (#3730) - Fixed a bug where containers restored with podman container restore --import would incorrectly duplicate the Conmon PID file of the original container - Fixed a bug where podman build ignored the default OCI runtime configured in libpod.conf - Fixed a bug where podman run --rm (or force-removing any running container with podman rm --force) were not retrieving the correct exit code (#3795) - Fixed a bug where Podman would exit with an error if any configured hooks directory was not present - Fixed a bug where podman inspect and podman commit would not use the correct CMD for containers run with podman play kube - Fixed a bug created pods when using rootless Podman and CGroups V2 (#3801) - Fixed a bug where the podman events command with the --since or --until options could take a very long time to complete * Misc - Rootless Podman will now inherit OCI runtime configuration from the root configuration (#3781) - Podman now properly sets a user agent while contacting registries (#3788) - Add zsh completion for podman commands Update podman to v1.5.0 * Features - Podman containers can now join the user namespaces of other containers with --userns=container:$ID, or a user namespace at an arbitary path with --userns=ns:$PATH - Rootless Podman can experimentally squash all UIDs and GIDs in an image to a single UID and GID (which does not require use of the newuidmap and newgidmap executables) by passing --storage-opt ignore_chown_errors - The podman generate kube command now produces YAML for any bind mounts the container has created (#2303) - The podman container restore command now features a new flag, --ignore-static-ip, that can be used with --import to import a single container with a static IP multiple times on the same host - Added the ability for podman events to output JSON by specifying --format=json - If the OCI runtime or conmon binary cannot be found at the paths specified in libpod.conf, Podman will now also search for them in the calling user's path - Added the ability to use podman import with URLs (#3609) - The podman ps command now supports filtering names using regular expressions (#3394) - Rootless Podman containers with --privileged set will now mount in all host devices that the user can access - The podman create and podman run commands now support the --env-host flag to forward all environment variables from the host into the container - Rootless Podman now supports healthchecks (#3523) - The format of the HostConfig portion of the output of podman inspect on containers has been improved and synced with Docker - Podman containers now support CGroup namespaces, and can create them by passing --cgroupns=private to podman run or podman create - The podman create and podman run commands now support the --ulimit=host flag, which uses any ulimits currently set on the host for the container - The podman rm and podman rmi commands now use different exit codes to indicate 'no such container' and 'container is running' errors - Support for CGroups V2 through the crun OCI runtime has been greatly improved, allowing resource limits to be set for rootless containers when the CGroups V2 hierarchy is in use * Bugfixes - Fixed a bug where a race condition could cause podman restart to fail to start containers with ports - Fixed a bug where containers restored from a checkpoint would not properly report the time they were started at - Fixed a bug where podman search would return at most 25 results, even when the maximum number of results was set higher - Fixed a bug where podman play kube would not honor capabilities set in imported YAML (#3689) - Fixed a bug where podman run --env, when passed a single key (to use the value from the host), would set the environment variable in the container even if it was not set on the host (#3648) - Fixed a bug where podman commit --changes would not properly set environment variables - Fixed a bug where Podman could segfault while working with images with no history - Fixed a bug where podman volume rm could remove arbitrary volumes if given an ambiguous name (#3635) - Fixed a bug where podman exec invocations leaked memory by not cleaning up files in tmpfs - Fixed a bug where the --dns and --net=container flags to podman run and podman create were not mutually exclusive (#3553) - Fixed a bug where rootless Podman would be unable to run containers when less than 5 UIDs were available - Fixed a bug where containers in pods could not be removed without removing the entire pod (#3556) - Fixed a bug where Podman would not properly clean up all CGroup controllers for created cgroups when using the cgroupfs CGroup driver - Fixed a bug where Podman containers did not properly clean up files in tmpfs, resulting in a memory leak as containers stopped - Fixed a bug where healthchecks from images would not use default settings for interval, retries, timeout, and start period when they were not provided by the image (#3525) - Fixed a bug where healthchecks using the HEALTHCHECK CMD format where not properly supported (#3507) - Fixed a bug where volume mounts using relative source paths would not be properly resolved (#3504) - Fixed a bug where podman run did not use authorization credentials when a custom path was specified (#3524) - Fixed a bug where containers checkpointed with podman container checkpoint did not properly set their finished time - Fixed a bug where running podman inspect on any container not created with podman run or podman create (for example, pod infra containers) would result in a segfault (#3500) - Fixed a bug where healthcheck flags for podman create and podman run were incorrectly named (#3455) - Fixed a bug where Podman commands would fail to find targets if a partial ID was specified that was ambiguous between a container and pod (#3487) - Fixed a bug where restored containers would not have the correct SELinux label - Fixed a bug where Varlink endpoints were not working properly if more was not correctly specified - Fixed a bug where the Varlink PullImage endpoint would crash if an error occurred (#3715) - Fixed a bug where the --mount flag to podman create and podman run did not allow boolean arguments for its ro and rw options (#2980) - Fixed a bug where pods did not properly share the UTS namespace, resulting in incorrect behavior from some utilities which rely on hostname (#3547) - Fixed a bug where Podman would unconditionally append ENTRYPOINT to CMD during podman commit (and when reporting CMD in podman inspect) (#3708) - Fixed a bug where podman events with the journald events backend would incorrectly print 6 previous events when only new events were requested (#3616) - Fixed a bug where podman port would exit prematurely when a port number was specified (#3747) - Fixed a bug where passing . as an argument to the --dns-search flag to podman create and podman run was not properly clearing DNS search domains in the container * Misc - Updated vendored Buildah to v1.10.1 - Updated vendored containers/image to v3.0.2 - Updated vendored containers/storage to v1.13.1 - Podman now requires conmon v2.0.0 or higher - The podman info command now displays the events logger being in use - The podman inspect command on containers now includes the ID of the pod a container has joined and the PID of the container's conmon process - The -v short flag for podman --version has been re-added - Error messages from podman pull should be significantly clearer - The podman exec command is now available in the remote client - The podman-v1.5.0.tar.gz file attached is podman packaged for MacOS. It can be installed using Homebrew. - Update libpod.conf to support latest path discovery feature for `runc` and `conmon` binaries. conmon was included in version 2.0.10. (bsc#1160460, bsc#1164390, jsc#ECO-1048, jsc#SLE-11485, jsc#SLE-11331): fuse-overlayfs was updated to v0.7.6 (bsc#1160460) - do not look in lower layers for the ino if there is no origin xattr set - attempt to use the file path if the operation on the fd fails with ENXIO - do not expose internal xattrs through listxattr and getxattr - fix fallocate for deleted files. - ignore O_DIRECT. It causes issues with libfuse not using an aligned buffer, causing write(2) to fail with EINVAL. - on copyup, do not copy the opaque xattr. - fix a wrong lookup for whiteout files, that could happen on a double unlink. - fix possible segmentation fault in direct_fsync() - use the data store to create missing whiteouts - after a rename, force a directory reload - introduce inodes cache - correctly read inode for unix sockets - avoid hash map lookup when possible - use st_dev for the ino key - check whether writeback is supported - set_attrs: don't require write to S_IFREG - ioctl: do not reuse fi->fh for directories - fix skip whiteout deletion optimization - store the new mode after chmod - support fuse writeback cache and enable it by default - add option to disable fsync - add option to disable xattrs - add option to skip ino number check in lower layers - fix fd validity check - fix memory leak - fix read after free - fix type for flistxattr return - fix warnings reported by lgtm.com - enable parallel dirops cni was updated to 0.7.1: - Set correct CNI version for 99-loopback.conf Update to version 0.7.1 (bsc#1160460): * Library changes: + invoke : ensure custom envs of CNIArgs are prepended to process envs + add GetNetworkListCachedResult to CNI interface + delegate : allow delegation funcs override CNI_COMMAND env automatically in heritance * Documentation & Convention changes: + Update cnitool documentation for spec v0.4.0 + Add cni-route-override to CNI plugin list Update to version 0.7.0: * Spec changes: + Use more RFC2119 style language in specification (must, should...) + add notes about ADD/DEL ordering + Make the container ID required and unique. + remove the version parameter from ADD and DEL commands. + Network interface name matters + be explicit about optional and required structure members + add CHECK method + Add a well-known error for 'try again' + SPEC.md: clarify meaning of 'routes' * Library changes: + pkg/types: Makes IPAM concrete type + libcni: return error if Type is empty + skel: VERSION shouldn't block on stdin + non-pointer instances of types.Route now correctly marshal to JSON + libcni: add ValidateNetwork and ValidateNetworkList functions + pkg/skel: return error if JSON config has no network name + skel: add support for plugin version string + libcni: make exec handling an interface for better downstream testing + libcni: api now takes a Context to allow operations to be timed out or cancelled + types/version: add helper to parse PrevResult + skel: only print about message, not errors + skel,invoke,libcni: implementation of CHECK method + cnitool: Honor interface name supplied via CNI_IFNAME environment variable. + cnitool: validate correct number of args + Don't copy gw from IP4.Gateway to Route.GW When converting from 0.2.0 + add PrintTo method to Result interface + Return a better error when the plugin returns none - Install sleep binary into CNI plugin directory cni-plugins was updated to 0.8.4: Update to version 0.8.4 (bsc#1160460): * add support for mips64le * Add missing cniVersion in README example * bump go-iptables module to v0.4.5 * iptables: add idempotent functions * portmap doesn't fail if chain doesn't exist * fix portmap port forward flakiness * Add Bruce Ma and Piotr Skarmuk as owners Update to version 0.8.3: * Enhancements: * static: prioritize the input sources for IPs (#400). * tuning: send gratuitous ARP in case of MAC address update (#403). * bandwidth: use uint64 for Bandwidth value (#389). * ptp: only override DNS conf if DNS settings provided (#388). * loopback: When prevResults are not supplied to loopback plugin, create results to return (#383). * loopback support CNI CHECK and result cache (#374). * Better input validation: * vlan: add MTU validation to loadNetConf (#405). * macvlan: add MTU validation to loadNetConf (#404). * bridge: check vlan id when loading net conf (#394). * Bugfixes: * bugfix: defer after err check, or it may panic (#391). * portmap: Fix dual-stack support (#379). * firewall: don't return error in DEL if prevResult is not found (#390). * bump up libcni back to v0.7.1 (#377). * Docs: * contributing doc: revise test script name to run (#396). * contributing doc: describe cnitool installation (#397). Update plugins to v0.8.2 + New features: * Support 'args' in static and tuning * Add Loopback DSR support, allow l2tunnel networks to be used with the l2bridge plugin * host-local: return error if same ADD request is seen twice * bandwidth: fix collisions * Support ips capability in static and mac capability in tuning * pkg/veth: Make host-side veth name configurable + Bug fixes: * Fix: failed to set bridge addr: could not add IP address to 'cni0': file exists * host-device: revert name setting to make retries idempotent (#357). * Vendor update go-iptables. Vendor update go-iptables to obtain commit f1d0510cabcb710d5c5dd284096f81444b9d8d10 * Update go.mod & go.sub * Remove link Down/Up in MAC address change to prevent route flush (#364). * pkg/ip unit test: be agnostic of Linux version, on Linux 4.4 the syscall error message is 'invalid argument' not 'file exists' * bump containernetworking/cni to v0.7.1 Updated plugins to v0.8.1: + Bugs: * bridge: fix ipMasq setup to use correct source address * fix compilation error on 386 * bandwidth: get bandwidth interface in host ns through container interface + Improvements: * host-device: add pciBusID property Updated plugins to v0.8.0: + New plugins: * bandwidth - limit incoming and outgoing bandwidth * firewall - add containers to firewall rules * sbr - convert container routes to source-based routes * static - assign a fixed IP address * win-bridge, win-overlay: Windows plugins + Plugin features / changelog: * CHECK Support * macvlan: - Allow to configure empty ipam for macvlan - Make master config optional * bridge: - Add vlan tag to the bridge cni plugin - Allow the user to assign VLAN tag - L2 bridge Implementation. * dhcp: - Include Subnet Mask option parameter in DHCPREQUEST - Add systemd unit file to activate socket with systemd - Add container ifName to the dhcp clientID, making the clientID value * flannel: - Pass through runtimeConfig to delegate * host-local: - host-local: add ifname to file tracking IP address used * host-device: - Support the IPAM in the host-device - Handle empty netns in DEL for loopback and host-device * tuning: - adds 'ip link' command related feature into tuning + Bug fixes & minor changes * Correctly DEL on ipam failure for all plugins * Fix bug on ip revert if cmdAdd fails on macvlan and host-device * host-device: Ensure device is down before rename * Fix -hostprefix option * some DHCP servers expect to request for explicit router options * bridge: release IP in case of error * change source of ipmasq rule from ipn to ip from version v0.7.5: + This release takes a minor change to the portmap plugin: * Portmap: append, rather than prepend, entry rules + This fixes a potential issue where firewall rules may be bypassed by port mapping ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:821-1 Released: Tue Mar 31 13:05:59 2020 Summary: Recommended update for podman, slirp4netns Type: recommended Severity: moderate References: 1167850 This update for podman, slirp4netns fixes the following issues: slirp4netns was updated to 0.4.4 (bsc#1167850): * libslirp: Update to v4.2.0: * New API function slirp_add_unix: add a forward rule to a Unix socket. * New API function slirp_remove_guestfwd: remove a forward rule previously added by slirp_add_exec, slirp_add_unix or slirp_add_guestfwd * New SlirpConfig.outbound_addr{,6} fields to bind output socket to a specific address * socket: do not fallback on host loopback if get_dns_addr() failed or the address is in slirp network * ncsi: fix checksum OOB memory access * tcp_emu(): fix OOB accesses * tftp: restrict relative path access * state: fix loading of guestfwd state Update to 0.4.3: * api: raise an error if the socket path is too long * libslirp: update to v4.1.0: Including the fix for libslirp sends RST to app in response to arriving FIN when containerized socket is shutdown() with SHUT_WR * Fix create_sandbox error Update to 0.4.2: * Do not propagate mounts to the parent ns in sandbox Update to 0.4.1: * Support specifying netns path (slirp4netns --netns-type=path PATH TAPNAME) * Support specifying --userns-path * Vendor https://gitlab.freedesktop.org/slirp/libslirp (QEMU v4.1+) * Bring up loopback device when --configure is specified * Support sandboxing by creating a mount namespace (--enable-sandbox) * Support seccomp (--enable-seccomp) - Add new build dependencies libcap-devel and libseccomp-devel Update to 0.3.3: * Fix use-after-free in libslirp Update to 0.3.2: * Fix heap overflow in `ip_reass` on big packet input Update to 0.3.1: * Fix use-after-free Changes in podman: - Fixed dependency on slirp4netns. We need at least 0.4.0 now (bsc#1167850) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:944-1 Released: Tue Apr 7 15:49:33 2020 Summary: Security update for runc Type: security Severity: moderate References: 1149954,1160452,CVE-2019-19921 This update for runc fixes the following issues: runc was updated to v1.0.0~rc10 - CVE-2019-19921: Fixed a mount race condition with shared mounts (bsc#1160452). - Fixed an issue where podman run hangs when spawned by salt-minion process (bsc#1149954). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1197-1 Released: Wed May 6 13:52:04 2020 Summary: Security update for slirp4netns Type: security Severity: important References: 1170940,CVE-2020-1983 This update for slirp4netns fixes the following issues: Security issue fixed: - CVE-2020-1983: Fixed a use-after-free in ip_reass (bsc#1170940). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1493-1 Released: Wed May 27 18:55:51 2020 Summary: Security update for libmspack Type: security Severity: low References: 1130489,1141680,CVE-2019-1010305 This update for libmspack fixes the following issues: Security issue fixed: - CVE-2019-1010305: Fixed a buffer overflow triggered by a crafted chm file which could have led to information disclosure (bsc#1141680). Other issue addressed: - Enable build-time tests (bsc#1130489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1915-1 Released: Wed Jul 15 09:34:15 2020 Summary: Security update for slirp4netns Type: security Severity: important References: 1172380,CVE-2020-10756 This update for slirp4netns fixes the following issues: - Update to 0.4.7 (bsc#1172380) * libslirp: update to v4.3.1 (Fix CVE-2020-10756) * Fix config_from_options() to correctly enable ipv6 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2080-1 Released: Wed Jul 29 20:09:09 2020 Summary: Recommended update for libtool Type: recommended Severity: moderate References: 1171566 This update for libtool provides missing the libltdl 32bit library. (bsc#1171566) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2965-1 Released: Tue Oct 20 13:27:21 2020 Summary: Recommended update for cni, cni-plugins Type: recommended Severity: moderate References: 1172786 This update ships cni and cni-plugins to the Public Cloud Module of SUSE Linux Enterprise 15 SP2. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:927-1 Released: Tue Mar 23 14:07:06 2021 Summary: Recommended update for libreoffice Type: recommended Severity: moderate References: 1041090,1049382,1116658,1136234,1155141,1173404,1173409,1173410,1173471,1174465,1176547,1177955,1178807,1178943,1178944,1179025,1179203,1181122,1181644,1181872,1182790 This update for libreoffice provides the upgrade from version 6.4.5.2 to 7.1.1.2 (jsc#ECO-3150, bsc#1182790) libreoffice: - Image shown with different aspect ratio (bsc#1176547) - Text changes are reproducibly lost on PPTX with SmartArt (bsc#1181644) - Adjust to new Box2D and enable KDE on SUSE Linux Enterprise 15-SP3 or newer (jsc#ECO-3375) - Wrong bullet points in Impress (bsc#1174465) - SmartArt: text wrongly aligned, background boxes not quite right (bsc#1177955) - Update the SUSE color palette to reflect the new SUSE branding. (bsc#1181122, bsc#1173471) - SUSE Mint - SUSE Midnight Blue - SUSE Waterhole Blue - SUSE Persimmon - Fix a crash opening a PPTX. (bsc#1179025) - Fix text box from PowerPoint renders vertically instead of horizontally (bsc#1178807) - Shadow effects for table completely missing (bsc#1178944, bsc#1178943) - Disable firebird integration for the time being (bsc#1179203) - Fixes hang on Writer on scrolling/saving of a document (bsc#1136234) - Wrong rendering of bulleted lists in PPTX document (bsc#1155141) - Sidebar: paragraph widget: numeric fields become inactive/unaccessible after saving (bsc#1173404) - Crash of Writer opening any document having 'invalid' python file in home directory (bsc#1116658) libixion: Update to 0.16.1: - fixed a build issue on 32-bit linux platforms, caused by slicing of integer string ID values. - worked around floating point rounding errors which prevented two theoretically-equal numeric values from being evaluated as equal in test code. - added new function to allow printing of single formula tokens. - added method for setting cached results on formula cells in model_context. - changed the model_context design to ensure that all sheets are of the same size. - added an accessor method to formula_model_access interface (and implicitly in model_context) that directly returns a string value from cell. - added cell_access class for querying of cell states without knowing its type ahead of time. - added document class which provides a layer on top of model_context, to abstract away the handling of formula calculations. - deprecated model_context::erase_cell() in favor of empty_cell(). - added support for 3D references - references that contain multiple sheets. - added support for the exponent (^) and concatenation (&) operators. - fixed incorrect handling of range references containing whole columns such as A:A. - added support for unordered range references - range references whose start row or column is greater than their end position counterparts, such as A3:A1. - fixed a bug that prevented nested formula functions from working properly. - implemented Calc A1 style reference resolver. - formula results now directly store the string values when the results are of string type. They previously stored string ID values after interning the original strings. - Removed build-time dependency on spdlog. libmwaw: Update to 0.3.17: - add a parser for Jazz(Lotus) writer and spreasheet files. The writer parser can only be called if the file still contains its resource fork - add a parser for Canvas 3 and 3.5 files - AppleWorks parser: try to retrieve more Windows presentation - add a parser for Drawing Table files - add a parser for Canvas 2 files - API: add new reserved enums in MWAWDocument.hxx `MWAW_T_RESERVED10..MWAW_T_RESERVED29` and add a new define in libmwaw.hxx `MWAW_INTERFACE_VERSION` to check if these enums are defined - remove the QuarkXPress parser (must be in libqxp) - retrieve the annotation in MsWord 5 document - try to better understand RagTime 5-6 document libnumbertext: Update to 1.0.6 liborcus: Update to 0.16.1 - Add upstream changes to fix build with GCC 11 (bsc#1181872) libstaroffice: Update to 0.0.7: - fix `text:sender-lastname` when creating meta-data libwps: Update to 0.4.11: - XYWrite: add a parser to .fil v2 and v4 files - wks,wk1: correct some problems when retrieving cell's reference. glfw: New package provided on version 3.3.2: - See also: https://www.glfw.org/changelog.html - Sort list of input files to geany for reproducible builds (bsc#1049382, bsc#1041090) * Require pkgconfig(gl) for the devel package to supply needed include GL/gl.h * glfwFocusWindow could terminate on older WMs or without a WM * Creating an undecorated window could fail with BadMatch * Querying a disconnected monitor could segfault * Video modes with a duplicate screen area were discarded * The CMake files did not check for the XInput headers * Key names were not updated when the keyboard layout changed * Decorations could not be enabled after window creation * Content scale fallback value could be inconsistent * Disabled cursor mode was interrupted by indicator windows * Monitor physical dimensions could be reported as zero mm * Window position events were not emitted during resizing * Added on-demand loading of Vulkan and context creation API libraries * [X11] Bugfix: Window size limits were ignored if the minimum or maximum size was set to `GLFW_DONT_CARE` * [X11] Bugfix: Input focus was set before window was visible, causing BadMatch on some non-reparenting WMs * [X11] Bugfix: glfwGetWindowPos and glfwSetWindowPos operated on the window frame instead of the client area * [WGL] Added reporting of errors from `WGL_ARB_create_context` extension * [EGL] Added lib prefix matching between EGL and OpenGL ES library binaries * [EGL] Bugfix: Dynamically loaded entry points were not verified - Made build of geany-tags optional. Box2D: New package provided on version 2.4.1: * Extended distance joint to have a minimum and maximum limit. * `B2_USER_SETTINGS` and `b2_user_settings.h` can control user data, length units, and maximum polygon vertices. * Default user data is now uintptr_t instead of void* * b2FixtureDef::restitutionThreshold lets you set the restitution velocity threshold per fixture. * Collision * Chain and edge shape must now be one-sided to eliminate ghost collisions * Broad-phase optimizations * Added b2ShapeCast for linear shape casting * Dynamics * Joint limits are now predictive and not stateful * Experimental 2D cloth (rope) * b2Body::SetActive -> b2Body::SetEnabled * Better support for running multiple worlds * Handle zero density better * The body behaves like a static body * The body is drawn with a red color * Added translation limit to wheel joint * World dump now writes to box2d_dump.inl * Static bodies are never awake * All joints with spring-dampers now use stiffness and damping * Added utility functions to convert frequency and damping ratio to stiffness and damping * Polygon creation now computes the convex hull. * The convex hull code will merge vertices closer than dm_linearSlop. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:974-1 Released: Mon Mar 29 19:31:27 2021 Summary: Security update for tar Type: security Severity: low References: 1181131,CVE-2021-20193 This update for tar fixes the following issues: CVE-2021-20193: Memory leak in read_header() in list.c (bsc#1181131) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1954-1 Released: Fri Jun 11 10:45:09 2021 Summary: Security update for containerd, docker, runc Type: security Severity: important References: 1168481,1175081,1175821,1181594,1181641,1181677,1181730,1181732,1181749,1182451,1182476,1182947,1183024,1183855,1184768,1184962,1185405,CVE-2021-21284,CVE-2021-21285,CVE-2021-21334,CVE-2021-30465 This update for containerd, docker, runc fixes the following issues: Docker was updated to 20.10.6-ce (bsc#1184768, bsc#1182947, bsc#1181594) * Switch version to use -ce suffix rather than _ce to avoid confusing other tools (bsc#1182476). * CVE-2021-21284: Fixed a potential privilege escalation when the root user in the remapped namespace has access to the host filesystem (bsc#1181732) * CVE-2021-21285: Fixed an issue where pulling a malformed Docker image manifest crashes the dockerd daemon (bsc#1181730). * btrfs quotas being removed by Docker regularly (bsc#1183855, bsc#1175081) runc was updated to v1.0.0~rc93 (bsc#1182451, bsc#1175821 bsc#1184962). * Use the upstream runc package (bsc#1181641, bsc#1181677, bsc#1175821). * Fixed /dev/null is not available (bsc#1168481). * CVE-2021-30465: Fixed a symlink-exchange attack vulnarability (bsc#1185405). containerd was updated to v1.4.4 * CVE-2021-21334: Fixed a potential information leak through environment variables (bsc#1183397). * Handle a requirement from docker (bsc#1181594). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2193-1 Released: Mon Jun 28 18:38:43 2021 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1184124 This update for tar fixes the following issues: - Link '/var/lib/tests/tar/bin/genfile' as Position-Independent Executable (bsc#1184124) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2802-1 Released: Fri Aug 20 10:47:08 2021 Summary: Security update for libmspack Type: security Severity: moderate References: 1103032,CVE-2018-14679,CVE-2018-14681,CVE-2018-14682 This update for libmspack fixes the following issues: - CVE-2018-14681: Bad KWAJ file header extensions could cause a one or two byte overwrite. (bsc#1103032) - CVE-2018-14682: There is an off-by-one error in the TOLOWER() macro for CHM decompression. (bsc#1103032) - CVE-2018-14679: There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service. (bsc#1103032) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2895-1 Released: Tue Aug 31 19:40:32 2021 Summary: Recommended update for unixODBC Type: recommended Severity: moderate References: This update for unixODBC fixes the following issues: - ECO: Update unixODBC to 2.3.9 in SLE 15. (jsc#SLE-18004) - Fix incorrect permission for documentation files. - Update requires and baselibs for new libodbc2. - Employ shared library packaging guideline: new subpacakge libodbc2. - Update to 2.3.9: * Remove '#define UNIXODBC_SOURCE' from unixodbc_conf.h - Update to 2.3.8: * Add configure support for editline * SQLDriversW was ignoring user config * SQLDataSources Fix termination character * Fix for pooling seg fault * Make calling SQLSetStmtAttrW call the W function in the driver is its there * Try and fix race condition clearing system odbc.ini file * Remove trailing space from isql/iusql SQL * When setting connection attributes set before connect also check if the W entry poins can be used * Try calling the W error functions first if available in the driver * Add iconvperdriver configure option to allow calling unicode_setup in SQLAllocHandle * iconv handles was being lost when reusing pooled connection * Catch null copy in iniPropertyInsert * Fix a few leaks - Update to 2.3.7: * Fix for pkg-config file update on no linux platforms * Add W entry for GUI work * Various fixes for SQLBrowseConnect/W, SQLGetConnectAttr/W,and SQLSetConnectAttr/W * Fix buffer overflows in SQLConnect/W and refine behaviour of SQLGet/WritePrivateProfileString * SQLBrowseConnect/W allow disconnecting a started browse session after error * Add --with-stats-ftok-name configure option to allow the selection of a file name used to generate the IPC id when collecting stats. Default is the system odbc.ini file * Improve diag record handling with the behavior of Windows DM and export SQLCancelHandle * bug fix when SQLGetPrivateProfileString() is called to get a list of sections or a list of keys * Connection pooling: Fix liveness check for Unicode drivers ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2962-1 Released: Mon Sep 6 18:23:01 2021 Summary: Recommended update for runc Type: recommended Severity: critical References: 1189743 This update for runc fixes the following issues: - Fixed an issue when toolbox container fails to start. (bsc#1189743) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3506-1 Released: Mon Oct 25 10:20:22 2021 Summary: Security update for containerd, docker, runc Type: security Severity: important References: 1102408,1185405,1187704,1188282,1190826,1191015,1191121,1191334,1191355,1191434,CVE-2021-30465,CVE-2021-32760,CVE-2021-41089,CVE-2021-41091,CVE-2021-41092,CVE-2021-41103 This update for containerd, docker, runc fixes the following issues: Docker was updated to 20.10.9-ce. (bsc#1191355) See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. CVE-2021-41092 CVE-2021-41089 CVE-2021-41091 CVE-2021-41103 container was updated to v1.4.11, to fix CVE-2021-41103. bsc#1191355 - CVE-2021-32760: Fixed that a archive package allows chmod of file outside of unpack target directory (bsc#1188282) - Install systemd service file as well (bsc#1190826) Update to runc v1.0.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.2 * Fixed a failure to set CPU quota period in some cases on cgroup v1. * Fixed the inability to start a container with the 'adding seccomp filter rule for syscall ...' error, caused by redundant seccomp rules (i.e. those that has action equal to the default one). Such redundant rules are now skipped. * Made release builds reproducible from now on. * Fixed a rare debug log race in runc init, which can result in occasional harmful 'failed to decode ...' errors from runc run or exec. * Fixed the check in cgroup v1 systemd manager if a container needs to be frozen before Set, and add a setting to skip such freeze unconditionally. The previous fix for that issue, done in runc 1.0.1, was not working. Update to runc v1.0.1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.1 * Fixed occasional runc exec/run failure ('interrupted system call') on an Azure volume. * Fixed 'unable to find groups ... token too long' error with /etc/group containing lines longer than 64K characters. * cgroup/systemd/v1: fix leaving cgroup frozen after Set if a parent cgroup is frozen. This is a regression in 1.0.0, not affecting runc itself but some of libcontainer users (e.g Kubernetes). * cgroupv2: bpf: Ignore inaccessible existing programs in case of permission error when handling replacement of existing bpf cgroup programs. This fixes a regression in 1.0.0, where some SELinux policies would block runc from being able to run entirely. * cgroup/systemd/v2: don't freeze cgroup on Set. * cgroup/systemd/v1: avoid unnecessary freeze on Set. - fix issues with runc under openSUSE MicroOS's SELinux policy. bsc#1187704 Update to runc v1.0.0. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0 ! The usage of relative paths for mountpoints will now produce a warning (such configurations are outside of the spec, and in future runc will produce an error when given such configurations). * cgroupv2: devices: rework the filter generation to produce consistent results with cgroupv1, and always clobber any existing eBPF program(s) to fix runc update and avoid leaking eBPF programs (resulting in errors when managing containers). * cgroupv2: correctly convert 'number of IOs' statistics in a cgroupv1-compatible way. * cgroupv2: support larger than 32-bit IO statistics on 32-bit architectures. * cgroupv2: wait for freeze to finish before returning from the freezing code, optimize the method for checking whether a cgroup is frozen. * cgroups/systemd: fixed 'retry on dbus disconnect' logic introduced in rc94 * cgroups/systemd: fixed returning 'unit already exists' error from a systemd cgroup manager (regression in rc94) + cgroupv2: support SkipDevices with systemd driver + cgroup/systemd: return, not ignore, stop unit error from Destroy + Make 'runc --version' output sane even when built with go get or otherwise outside of our build scripts. + cgroups: set SkipDevices during runc update (so we don't modify cgroups at all during runc update). + cgroup1: blkio: support BFQ weights. + cgroupv2: set per-device io weights if BFQ IO scheduler is available. Update to runc v1.0.0~rc95. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc95 This release of runc contains a fix for CVE-2021-30465, and users are strongly recommended to update (especially if you are providing semi-limited access to spawn containers to untrusted users). (bsc#1185405) Update to runc v1.0.0~rc94. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc94 Breaking Changes: * cgroupv1: kernel memory limits are now always ignored, as kmemcg has been effectively deprecated by the kernel. Users should make use of regular memory cgroup controls. Regression Fixes: * seccomp: fix 32-bit compilation errors * runc init: fix a hang caused by deadlock in seccomp/ebpf loading code * runc start: fix 'chdir to cwd: permission denied' for some setups ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4171-1 Released: Thu Dec 23 09:55:13 2021 Summary: Security update for runc Type: security Severity: moderate References: 1193436,CVE-2021-43784 This update for runc fixes the following issues: Update to runc v1.0.3. * CVE-2021-43784: Fixed a potential vulnerability related to the internal usage of netlink, which is believed to not be exploitable with any released versions of runc (bsc#1193436) * Fixed inability to start a container with read-write bind mount of a read-only fuse host mount. * Fixed inability to start when read-only /dev in set in spec. * Fixed not removing sub-cgroups upon container delete, when rootless cgroup v2 is used with older systemd. * Fixed returning error from GetStats when hugetlb is unsupported (which causes excessive logging for kubernetes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:69-1 Released: Thu Jan 13 15:12:30 2022 Summary: Security update for libmspack Type: security Severity: low References: 1113040,CVE-2018-18586 This update for libmspack fixes the following issues: - CVE-2018-18586: Fixed directory traversal in chmextract by adding anti '../' and leading slash protection (bsc#1113040). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:943-1 Released: Thu Mar 24 12:52:54 2022 Summary: Security update for slirp4netns Type: security Severity: moderate References: 1179467,CVE-2020-29130 This update for slirp4netns fixes the following issues: - CVE-2020-29130: Fixed an invalid memory access while processing ARP packets (bsc#1179467). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1548-1 Released: Thu May 5 16:45:28 2022 Summary: Security update for tar Type: security Severity: moderate References: 1029961,1120610,1130496,1181131,CVE-2018-20482,CVE-2019-9923,CVE-2021-20193 This update for tar fixes the following issues: - CVE-2021-20193: Fixed a memory leak in read_header() in list.c (bsc#1181131). - CVE-2019-9923: Fixed a null-pointer dereference in pax_decode_header in sparse.c (bsc#1130496). - CVE-2018-20482: Fixed infinite read loop in sparse_dump_region in sparse.c (bsc#1120610). - Update to GNU tar 1.34: * Fix extraction over pipe * Fix memory leak in read_header (CVE-2021-20193) (bsc#1181131) * Fix extraction when . and .. are unreadable * Gracefully handle duplicate symlinks when extracting * Re-initialize supplementary groups when switching to user privileges - Update to GNU tar 1.33: * POSIX extended format headers do not include PID by default * --delay-directory-restore works for archives with reversed member ordering * Fix extraction of a symbolic link hardlinked to another symbolic link * Wildcards in exclude-vcs-ignore mode don't match slash * Fix the --no-overwrite-dir option * Fix handling of chained renames in incremental backups * Link counting works for file names supplied with -T * Accept only position-sensitive (file-selection) options in file list files - prepare usrmerge (bsc#1029961) - Update to GNU 1.32 * Fix the use of --checkpoint without explicit --checkpoint-action * Fix extraction with the -U option * Fix iconv usage on BSD-based systems * Fix possible NULL dereference (savannah bug #55369) [bsc#1130496] [CVE-2019-9923] * Improve the testsuite - Update to GNU 1.31 * Fix heap-buffer-overrun with --one-top-level, bug introduced with the addition of that option in 1.28 * Support for zstd compression * New option '--zstd' instructs tar to use zstd as compression program. When listing, extractng and comparing, zstd compressed archives are recognized automatically. When '-a' option is in effect, zstd compression is selected if the destination archive name ends in '.zst' or '.tzst'. * The -K option interacts properly with member names given in the command line. Names of members to extract can be specified along with the '-K NAME' option. In this case, tar will extract NAME and those of named members that appear in the archive after it, which is consistent with the semantics of the option. Previous versions of tar extracted NAME, those of named members that appeared before it, and everything after it. * Fix CVE-2018-20482 - When creating archives with the --sparse option, previous versions of tar would loop endlessly if a sparse file had been truncated while being archived. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2341-1 Released: Fri Jul 8 16:09:12 2022 Summary: Security update for containerd, docker and runc Type: security Severity: important References: 1192051,1199460,1199565,1200088,1200145,CVE-2022-29162,CVE-2022-31030 This update for containerd, docker and runc fixes the following issues: containerd: - CVE-2022-31030: Fixed denial of service via invocation of the ExecSync API (bsc#1200145) docker: - Update to Docker 20.10.17-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/#201017. (bsc#1200145) runc: Update to runc v1.1.3. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.3. * Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on s390 and s390x. This solves the issue where syscalls the host kernel did not support would return `-EPERM` despite the existence of the `-ENOSYS` stub code (this was due to how s390x does syscall multiplexing). * Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as intended; this fix does not affect runc binary itself but is important for libcontainer users such as Kubernetes. * Inability to compile with recent clang due to an issue with duplicate constants in libseccomp-golang. * When using systemd cgroup driver, skip adding device paths that don't exist, to stop systemd from emitting warnings about those paths. * Socket activation was failing when more than 3 sockets were used. * Various CI fixes. * Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container. - Fixed issues with newer syscalls (namely faccessat2) on older kernels on s390(x) caused by that platform's syscall multiplexing semantics. (bsc#1192051 bsc#1199565) Update to runc v1.1.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.2. Security issue fixed: - CVE-2022-29162: A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment. (bsc#1199460) - `runc spec` no longer sets any inheritable capabilities in the created example OCI spec (`config.json`) file. Update to runc v1.1.1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.1. * runc run/start can now run a container with read-only /dev in OCI spec, rather than error out. (#3355) * runc exec now ensures that --cgroup argument is a sub-cgroup. (#3403) libcontainer systemd v2 manager no longer errors out if one of the files listed in /sys/kernel/cgroup/delegate do not exist in container's cgroup. (#3387, #3404) * Loosen OCI spec validation to avoid bogus 'Intel RDT is not supported' error. (#3406) * libcontainer/cgroups no longer panics in cgroup v1 managers if stat of /sys/fs/cgroup/unified returns an error other than ENOENT. (#3435) Update to runc v1.1.0. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0. - libcontainer will now refuse to build without the nsenter package being correctly compiled (specifically this requires CGO to be enabled). This should avoid folks accidentally creating broken runc binaries (and incorrectly importing our internal libraries into their projects). (#3331) Update to runc v1.1.0~rc1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0-rc.1. + Add support for RDMA cgroup added in Linux 4.11. * runc exec now produces exit code of 255 when the exec failed. This may help in distinguishing between runc exec failures (such as invalid options, non-running container or non-existent binary etc.) and failures of the command being executed. + runc run: new --keep option to skip removal exited containers artefacts. This might be useful to check the state (e.g. of cgroup controllers) after the container has???exited. + seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD (the latter is just an alias for SCMP_ACT_KILL). + seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows users to create sophisticated seccomp filters where syscalls can be efficiently emulated by privileged processes on the host. + checkpoint/restore: add an option (--lsm-mount-context) to set a different LSM mount context on restore. + intelrdt: support ClosID parameter. + runc exec --cgroup: an option to specify a (non-top) in-container cgroup to use for the process being executed. + cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1 machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc run/exec now adds the container to the appropriate cgroup under it). + sysctl: allow slashes in sysctl names, to better match sysctl(8)'s behaviour. + mounts: add support for bind-mounts which are inaccessible after switching the user namespace. Note that this does not permit the container any additional access to the host filesystem, it simply allows containers to have bind-mounts configured for paths the user can access but have restrictive access control settings for other users. + Add support for recursive mount attributes using mount_setattr(2). These have the same names as the proposed mount(8) options -- just prepend r to the option name (such as rro). + Add runc features subcommand to allow runc users to detect what features runc has been built with. This includes critical information such as supported mount flags, hook names, and so on. Note that the output of this command is subject to change and will not be considered stable until runc 1.2 at the earliest. The runtime-spec specification for this feature is being developed in opencontainers/runtime-spec#1130. * system: improve performance of /proc/$pid/stat parsing. * cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change the ownership of certain cgroup control files (as per /sys/kernel/cgroup/delegate) to allow for proper deferral to the container process. * runc checkpoint/restore: fixed for containers with an external bind mount which destination is a symlink. * cgroup: improve openat2 handling for cgroup directory handle hardening. runc delete -f now succeeds (rather than timing out) on a paused container. * runc run/start/exec now refuses a frozen cgroup (paused container in case of exec). Users can disable this using --ignore-paused. - Update version data embedded in binary to correctly include the git commit of the release. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2360-1 Released: Tue Jul 12 12:01:39 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2566-1 Released: Wed Jul 27 15:04:49 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199235,CVE-2022-1587 This update for pcre2 fixes the following issues: - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2735-1 Released: Wed Aug 10 04:31:41 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657 This update for tar fixes the following issues: - Fix race condition while creating intermediate subdirectories (bsc#1200657) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2844-1 Released: Thu Aug 18 14:41:25 2022 Summary: Recommended update for tar Type: recommended Severity: important References: 1202436 This update for tar fixes the following issues: - A regression in a previous update lead to potential deadlocks when extracting an archive. (bsc#1202436) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3142-1 Released: Wed Sep 7 09:54:18 2022 Summary: Security update for icu Type: security Severity: moderate References: 1193951,CVE-2020-21913 This update for icu fixes the following issues: - CVE-2020-21913: Fixed a memory safetey issue that could lead to use after free (bsc#1193951). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3435-1 Released: Tue Sep 27 14:55:38 2022 Summary: Recommended update for runc Type: recommended Severity: important References: 1202821 This update for runc fixes the following issues: - Fix mounting via wrong proc fd. When the user and mount namespaces are used, and the bind mount is followed by the cgroup mount in the spec, the cgroup was mounted using the bind mount's mount fd. - Fix 'permission denied' error from runc run on noexec fs - Fix regression causing a failed 'exec' error after systemctl daemon-reload (bsc#1202821) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3927-1 Released: Wed Nov 9 14:55:47 2022 Summary: Recommended update for runc Type: recommended Severity: moderate References: 1202021,1202821 This update for runc fixes the following issues: - Update to runc v1.1.4 (bsc#1202021) - Fix failed exec after systemctl daemon-reload (bsc#1202821) - Fix mounting via wrong proc - Fix 'permission denied' error from runc run on noexec filesystem ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4312-1 Released: Fri Dec 2 11:16:47 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657,1203600 This update for tar fixes the following issues: - Fix unexpected inconsistency when making directory (bsc#1203600) - Update race condition fix (bsc#1200657) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4592-1 Released: Tue Dec 20 16:51:35 2022 Summary: Security update for cni Type: security Severity: important References: 1181961,CVE-2021-20206 This update for cni fixes the following issues: - CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:179-1 Released: Thu Jan 26 21:54:30 2023 Summary: Recommended update for tar Type: recommended Severity: low References: 1202436 This update for tar fixes the following issue: - Fix hang when unpacking test tarball (bsc#1202436) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:463-1 Released: Mon Feb 20 16:33:39 2023 Summary: Security update for tar Type: security Severity: moderate References: 1202436,1207753,CVE-2022-48303 This update for tar fixes the following issues: - CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753). Bug fixes: - Fix hang when unpacking test tarball (bsc#1202436). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:557-1 Released: Tue Feb 28 09:29:15 2023 Summary: Security update for libxslt Type: security Severity: important References: 1208574,CVE-2021-30560 This update for libxslt fixes the following issues: - CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT (bsc#1208574). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:870-1 Released: Wed Mar 22 09:44:13 2023 Summary: Security update for slirp4netns Type: security Severity: moderate References: 1179466,1179467,CVE-2020-29129,CVE-2020-29130 This update for slirp4netns fixes the following issues: - CVE-2020-29129: Fixed out-of-bounds access while processing NCSI packets (bsc#1179466). - CVE-2020-29130: Fixed out-of-bounds access while processing ARP packets (bsc#1179467). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1774-1 Released: Wed Apr 5 13:13:19 2023 Summary: Recommended update for libcontainers-common Type: recommended Severity: moderate References: 1171578,1175821,1182998,1197093,1200524,1205536,1207509 This update for libcontainers-common fixes the following issues: - Add registry.suse.com to the unqualified-search-registries (bsc#1205536) - New upstream release 20230214 - bump c/storage to 1.45.3 - bump c/image to 5.24.1 - bump c/common to 0.51.0 - containers.conf: - add commented out options containers.read_only, engine.platform_to_oci_runtime, engine.events_container_create_inspect_data, network.volume_plugin_timeout, engine.runtimes.youki, machine.provider - remove deprecated setting containers.userns_size - add youki to engine.runtime_supports_json - shortnames.conf: pull in latest upstream version - storage.conf: add commented out option storage.transient_store - correct license to APACHE-2.0 - Changes introduced to c/storage's storage.conf which adds a driver_priority attribute would break consumers of libcontainer-common as long as those packages are vendoring an older c/storage version. (bsc#1207509) - storage.conf: Unset 'driver' and set 'driver_priority' to allow podman to use 'btrfs' if available and fallback to 'overlay' if not. - .spec: rm %post script to set 'btrfs' as storage driver in storage.conf - Remove registry.suse.com from search unqualified-search-registries - add requires on util-linux-systemd for findmnt in profile script - only set storage_driver env when no libpod exists - add container-storage-driver.sh (bsc#1197093) - postinstall script: slight cleanup, no functional change - set detached sigstore attachments for the SUSE controlled registries - Fix obvious typo in containers.conf - Resync containers.conf / storage.conf with Fedora - Create /etc/containers/registries.conf.d and add 000-shortnames.conf to it. - Use $() again in %post, but with a space for POSIX compliance - Add missing Requires(post): sed (bsc#1200524) - Make %post compatible with dash - Switch registries.conf to v2 format - Reintroduce SLE specific mounts config, to avoid errors on non-SLE systems - Require util-linux-systemd for %post scripts (bsc#1182998, jsc#SLE-12122, bsc#1175821) - Update default registry (bsc#1171578) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1880-1 Released: Tue Apr 18 11:11:27 2023 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: low References: 1208079 This update for systemd-rpm-macros fixes the following issue: - Don't emit a warning when the flag file in /var/lib/systemd/migrated/ is not present as it's expected (bsc#1208079). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2307-1 Released: Mon May 29 10:29:49 2023 Summary: Recommended update for kbd Type: recommended Severity: low References: 1210702 This update for kbd fixes the following issue: - Add 'ara' vc keymap, 'ara' is slightly better than 'arabic' as it matches the name of its X11 layout counterpart. (bsc#1210702) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2482-1 Released: Mon Jun 12 07:19:53 2023 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1211272 This update for systemd-rpm-macros fixes the following issues: - Adjust functions so they are disabled when called from a chroot (bsc#1211272) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2877-1 Released: Wed Jul 19 09:43:42 2023 Summary: Security update for dbus-1 Type: security Severity: moderate References: 1212126,CVE-2023-34969 This update for dbus-1 fixes the following issues: - CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2918-1 Released: Thu Jul 20 12:00:17 2023 Summary: Recommended update for gpgme Type: recommended Severity: moderate References: 1089497 This update for gpgme fixes the following issues: gpgme: - Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497) libassuan: - Version upgrade to 2.5.5 in LTSS to address gpgme new requirements ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2962-1 Released: Tue Jul 25 09:34:53 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3275-1 Released: Fri Aug 11 10:19:36 2023 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1213472 This update for apparmor fixes the following issues: - Add pam_apparmor README (bsc#1213472) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3286-1 Released: Fri Aug 11 10:32:03 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1194900 This update for util-linux fixes the following issues: - Fix blkid for floppy drives (bsc#1194900) - Fix rpmbuild %checks fail when @ in the directory path (bsc#1194038) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3327-1 Released: Wed Aug 16 08:45:25 2023 Summary: Security update for pcre2 Type: security Severity: moderate References: 1213514,CVE-2022-41409 This update for pcre2 fixes the following issues: - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3363-1 Released: Fri Aug 18 14:54:16 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3397-1 Released: Wed Aug 23 18:35:56 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213517,1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) - Don't pass zero length input to EVP_Cipher because s390x assembler optimized AES cannot handle zero size. (bsc#1213517) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3486-1 Released: Tue Aug 29 14:25:23 2023 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1214071 This update for lvm2 fixes the following issues: - blkdeactivate calls wrong mountpoint cmd (bsc#1214071) The following package changes have been done: - kbd-legacy-2.4.0-150400.5.6.1 updated - filesystem-15.0-150400.1.1 updated - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - libuuid1-2.37.2-150400.8.20.1 updated - libudev1-249.16-150400.8.33.1 updated - libsmartcols1-2.37.2-150400.8.20.1 updated - libpcre2-8-0-10.39-150400.4.9.1 added - libblkid1-2.37.2-150400.8.20.1 updated - libaudit1-3.0.6-150400.4.13.1 updated - libapparmor1-3.0.4-150400.5.6.1 updated - libfdisk1-2.37.2-150400.8.20.1 updated - libxtables12-1.8.7-1.1 added - libmspack0-0.6-3.14.1 added - libltdl7-2.4.6-3.4.1 added - libassuan0-2.5.5-150000.4.5.2 updated - file-5.32-7.14.1 added - libmnl0-1.0.4-1.25 added - libgdbm4-1.12-1.418 added - libselinux1-3.4-150400.1.8 updated - login_defs-4.8.1-150400.1.7 updated - libsystemd0-249.16-150400.8.33.1 updated - libmount1-2.37.2-150400.8.20.1 updated - libdevmapper1_03-2.03.05_1.02.163-150400.188.1 updated - libxslt1-1.1.34-150400.3.3.1 added - libdbus-1-3-1.12.2-150400.18.8.1 updated - libicu65_1-ledata-65.1-150200.4.5.1 added - xz-5.2.3-150000.4.7.1 added - tar-1.34-150000.3.31.1 added - which-2.21-2.20 added - iproute2-5.14-150400.1.8 added - glibc-locale-base-2.31-150300.52.2 updated - gawk-4.2.1-150000.3.3.1 added - systemd-rpm-macros-13-150000.7.33.1 updated - libopenssl1_1-1.1.1l-150400.7.53.1 updated - libcryptsetup12-2.4.3-150400.3.3.1 updated - krb5-1.19.2-150400.3.6.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - hostname-3.16-2.22 added - shadow-4.8.1-150400.1.7 updated - kbd-2.4.0-150400.5.6.1 updated - dbus-1-1.12.2-150400.18.8.1 updated - util-linux-2.37.2-150400.8.20.1 updated - systemd-249.16-150400.8.33.1 updated - util-linux-systemd-2.37.2-150400.8.20.1 added - system-user-nobody-20170617-150400.22.33 added - libcontainers-common-20230214-150400.3.5.2 added - runc-1.1.4-150000.36.1 added - slirp4netns-0.4.7-150100.3.18.1 added - cni-0.7.1-150100.3.8.1 added - libicu-suse65_1-65.1-150200.4.5.1 added - container:rancher-elemental-teal-5.4-latest-- added - container:bci-bci-busybox-15.4-- added - container:bci-bci-busybox-latest-- removed - container:rancher-elemental-builder-image-5.3-latest-- removed - container:rancher-elemental-teal-5.3-latest-- removed - libcryptsetup12-hmac-2.4.3-150400.1.110 removed - libgcrypt20-hmac-1.9.4-150400.6.8.1 removed - libopenssl1_1-hmac-1.1.1l-150400.7.45.1 removed - libsemanage1-3.1-150400.1.65 removed - libsepol1-3.1-150400.1.70 removed - patterns-base-fips-20200124-150400.20.4.1 removed - systemd-presets-branding-SMO-20220103-150400.2.1 removed From sle-updates at lists.suse.com Fri Oct 20 10:09:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Oct 2023 12:09:56 +0200 (CEST) Subject: SUSE-CU-2023:3473-1: Security update of rancher/elemental-teal-rt/5.4 Message-ID: <20231020100956.BBDD0F417@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-teal-rt/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3473-1 Container Tags : rancher/elemental-teal-rt/5.4:1.2.2 , rancher/elemental-teal-rt/5.4:1.2.2-2.2.1 , rancher/elemental-teal-rt/5.4:latest Container Release : 2.2.1 Severity : critical Type : security References : 1048046 1051429 1089497 1096726 1102408 1114832 1118897 1118898 1118899 1121967 1123156 1123387 1124308 1131314 1131553 1135460 1136974 1137860 1143386 1149954 1152308 1155217 1160452 1160460 1162432 1164090 1164390 1165738 1167850 1168481 1170940 1171578 1171578 1172380 1172410 1172786 1174075 1175081 1175821 1175821 1175821 1175957 1179466 1179467 1179467 1181594 1181640 1181641 1181677 1181730 1181732 1181749 1181961 1181961 1181961 1182428 1182451 1182476 1182947 1182998 1183024 1183855 1184768 1184962 1185405 1185405 1186606 1187704 1188282 1189743 1190826 1191015 1191121 1191334 1191355 1191434 1192051 1193166 1193273 1193436 1194038 1194609 1194900 1196338 1197093 1197284 1197672 1199232 1199235 1199460 1199565 1199790 1200088 1200145 1200285 1200524 1201399 1202021 1202809 1202809 1202821 1202821 1205536 1207509 1208003 1208194 1208721 1209229 1209307 1209741 1210419 1210702 1210799 1210999 1211576 1211828 1212126 1212434 1213185 1213237 1213286 1213287 1213472 1213487 1213514 1213517 1213575 1213853 1213873 1214054 1214071 1214081 CVE-2018-15664 CVE-2018-16873 CVE-2018-16874 CVE-2018-16875 CVE-2019-10152 CVE-2019-16884 CVE-2019-18466 CVE-2019-19921 CVE-2019-5736 CVE-2019-6778 CVE-2020-10749 CVE-2020-10756 CVE-2020-1726 CVE-2020-1983 CVE-2020-29129 CVE-2020-29130 CVE-2020-29130 CVE-2021-20199 CVE-2021-20206 CVE-2021-20206 CVE-2021-20206 CVE-2021-21284 CVE-2021-21285 CVE-2021-21334 CVE-2021-30465 CVE-2021-30465 CVE-2021-32760 CVE-2021-4024 CVE-2021-41089 CVE-2021-41091 CVE-2021-41092 CVE-2021-41103 CVE-2021-41190 CVE-2021-43784 CVE-2022-1227 CVE-2022-1586 CVE-2022-1587 CVE-2022-1708 CVE-2022-21698 CVE-2022-27191 CVE-2022-27649 CVE-2022-29162 CVE-2022-2989 CVE-2022-2989 CVE-2022-31030 CVE-2022-41409 CVE-2023-2004 CVE-2023-20569 CVE-2023-20593 CVE-2023-31484 CVE-2023-32001 CVE-2023-3446 CVE-2023-34969 CVE-2023-36054 CVE-2023-3817 ----------------------------------------------------------------- The container rancher/elemental-teal-rt/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:495-1 Released: Tue Feb 26 16:42:35 2019 Summary: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc Type: security Severity: important References: 1048046,1051429,1114832,1118897,1118898,1118899,1121967,1124308,CVE-2018-16873,CVE-2018-16874,CVE-2018-16875,CVE-2019-5736 This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues: Security issues fixed: - CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899). - CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898). - CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897). - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967). Other changes and fixes: - Update shell completion to use Group: System/Shells. - Add daemon.json file with rotation logs configuration (bsc#1114832) - Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. - Update go requirements to >= go1.10 - Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429). - Remove the usage of 'cp -r' to reduce noise in the build logs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2223-1 Released: Tue Aug 27 15:42:56 2019 Summary: Security update for podman, slirp4netns and libcontainers-common Type: security Severity: moderate References: 1096726,1123156,1123387,1135460,1136974,1137860,1143386,CVE-2018-15664,CVE-2019-10152,CVE-2019-6778 This is a version update for podman to version 1.4.4 (bsc#1143386). Additional changes by SUSE on top: - Remove fuse-overlayfs because it's (currently) an unsatisfied dependency on SLE (bsc#1143386) - Update libpod.conf to use correct infra_command - Update libpod.conf to use better versioned pause container - Update libpod.conf to use official kubic pause container - Update libpod.conf to match latest features set: detach_keys, lock_type, runtime_supports_json - Add podman-remote varlink client Version update podman to v1.4.4: - Features - Podman now has greatly improved support for containers using multiple OCI runtimes. Containers now remember if they were created with a different runtime using --runtime and will always use that runtime - The cached and delegated options for volume mounts are now allowed for Docker compatability (#3340) - The podman diff command now supports the --latest flag - Bugfixes - Fixed a bug where rootless Podman would attempt to use the entire root configuration if no rootless configuration was present for the user, breaking rootless Podman for new installations - Fixed a bug where rootless Podman's pause process would block SIGTERM, preventing graceful system shutdown and hanging until the system's init send SIGKILL - Fixed a bug where running Podman as root with sudo -E would not work after running rootless Podman at least once - Fixed a bug where options for tmpfs volumes added with the --tmpfs flag were being ignored - Fixed a bug where images with no layers could not properly be displayed and removed by Podman - Fixed a bug where locks were not properly freed on failure to create a container or pod - Fixed a bug where podman cp on a single file would create a directory at the target and place the file in it (#3384) - Fixed a bug where podman inspect --format '{{.Mounts}}' would print a hexadecimal address instead of a container's mounts - Fixed a bug where rootless Podman would not add an entry to container's /etc/hosts files for their own hostname (#3405) - Fixed a bug where podman ps --sync would segfault (#3411) - Fixed a bug where podman generate kube would produce an invalid ports configuration (#3408) - Misc - Updated containers/storage to v1.12.13 - Podman now performs much better on systems with heavy I/O load - The --cgroup-manager flag to podman now shows the correct default setting in help if the default was overridden by libpod.conf - For backwards compatability, setting --log-driver=json-file in podman run is now supported as an alias for --log-driver=k8s-file. This is considered deprecated, and json-file will be moved to a new implementation in the future ([#3363](https://github.com/containers/libpo\ d/issues/3363)) - Podman's default libpod.conf file now allows the crun OCI runtime to be used if it is installed Update podman to v1.4.2: - Fixed a bug where Podman could not run containers using an older version of Systemd as init - Updated vendored Buildah to v1.9.0 to resolve a critical bug with Dockerfile RUN instructions - The error message for running podman kill on containers that are not running has been improved - Podman remote client can now log to a file if syslog is not available - The podman exec command now sets its error code differently based on whether the container does not exist, and the command in the container does not exist - The podman inspect command on containers now outputs Mounts JSON that matches that of docker inspect, only including user-specified volumes and differentiating bind mounts and named volumes - The podman inspect command now reports the path to a container's OCI spec with the OCIConfigPath key (only included when the container is initialized or running) - The podman run --mount command now supports the bind-nonrecursive option for bind mounts - Fixed a bug where podman play kube would fail to create containers due to an unspecified log driver - Fixed a bug where Podman would fail to build with musl libc - Fixed a bug where rootless Podman using slirp4netns networking in an environment with no nameservers on the host other than localhost would result in nonfunctional networking - Fixed a bug where podman import would not properly set environment variables, discarding their values and retaining only keys - Fixed a bug where Podman would fail to run when built with Apparmor support but run on systems without the Apparmor kernel module loaded - Remote Podman will now default the username it uses to log in to remote systems to the username of the current user - Podman now uses JSON logging with OCI runtimes that support it, allowing for better error reporting - Updated vendored containers/image to v2.0 - Update conmon to v0.3.0 - Support OOM Monitor under cgroup V2 - Add config binary and make target for configuring conmon with a go library for importing values Updated podman to version 1.4.0 (bsc#1137860) and (bsc#1135460) - Podman checkpoint and podman restore commands can now be used to migrate containers between Podman installations on different systems. - The podman cp now supports pause flag. - The remote client now supports a configuration file for pre-configuring connections to remote Podman installations - CVE-2019-10152: Fixed an iproper dereference of symlinks of the the podman cp command which introduced in version 1.1.0 (bsc#1136974). - Fixed a bug where podman commit could improperly set environment variables that contained = characters - Fixed a bug where rootless podman would sometimes fail to start containers with forwarded ports - Fixed a bug where podman version on the remote client could segfault - Fixed a bug where podman container runlabel would use /proc/self/exe instead of the path of the Podman command when printing the command being executed - Fixed a bug where filtering images by label did not work - Fixed a bug where specifying a bing mount or tmpfs mount over an image volume would cause a container to be unable to start - Fixed a bug where podman generate kube did not work with containers with named volumes - Fixed a bug where rootless podman would receive permission denied errors accessing conmon.pid - Fixed a bug where podman cp with a folder specified as target would replace the folder, as opposed to copying into it - Fixed a bug where rootless Podman commands could double-unlock a lock, causing a crash - Fixed a bug where podman incorrectly set tmpcopyup on /dev/ mounts, causing errors when using the Kata containers runtime - Fixed a bug where podman exec would fail on older kernels - Podman commit command is now usable with the Podman remote client - Signature-policy flag has been deprecated - Updated vendored containers/storage and containers/image libraries with numerous bugfixes - Updated vendored Buildah to v1.8.3 - Podman now requires Conmon v0.2.0 - The podman cp command is now aliased as podman container cp - Rootless podman will now default init_path using root Podman's configuration files (/etc/containers/libpod.conf and /usr/share/containers/libpod.conf) if not overridden in the rootless configuration - Added fuse-overlayfs dependency to support overlay based rootless image manipulations - The podman cp command can now read input redirected to STDIN, and output to STDOUT instead of a file, using - instead of an argument. - The podman remote client now displays version information from both the client and server in podman version - The podman unshare command has been added, allowing easy entry into the user namespace set up by rootless Podman (allowing the removal of files created by rootless podman, among other things) - Fixed a bug where Podman containers with the --rm flag were removing created volumes when they were automatically removed - Fixed a bug where container and pod locks were incorrectly marked as released after a system reboot, causing errors on container and pod removal - Fixed a bug where Podman pods could not be removed if any container in the pod encountered an error during removal - Fixed a bug where Podman pods run with the cgroupfs CGroup driver would encounter a race condition during removal, potentially failing to remove the pod CGroup - Fixed a bug where the podman container checkpoint and podman container restore commands were not visible in the remote client - Fixed a bug where podman remote ps --ns would not print the container's namespaces - Fixed a bug where removing stopped containers with healthchecks could cause an error - Fixed a bug where the default libpod.conf file was causing parsing errors - Fixed a bug where pod locks were not being freed when pods were removed, potentially leading to lock exhaustion - Fixed a bug where 'podman run' with SD_NOTIFY set could, on short-running containers, create an inconsistent state rendering the container unusable - The remote Podman client now uses the Varlink bridge to establish remote connections by default - Fixed an issue with apparmor_parser (bsc#1123387) - Update to libpod v1.4.0 (bsc#1137860): - The podman checkpoint and podman restore commands can now be used to migrate containers between Podman installations on different systems - The podman cp command now supports a pause flag to pause containers while copying into them - The remote client now supports a configuration file for pre-configuring connections to remote Podman installations - Fixed CVE-2019-10152 - The podman cp command improperly dereferenced symlinks in host context - Fixed a bug where podman commit could improperly set environment variables that contained = characters - Fixed a bug where rootless Podman would sometimes fail to start containers with forwarded ports - Fixed a bug where podman version on the remote client could segfault - Fixed a bug where podman container runlabel would use /proc/self/exe instead of the path of the Podman command when printing the command being executed - Fixed a bug where filtering images by label did not work - Fixed a bug where specifying a bing mount or tmpfs mount over an image volume would cause a container to be unable to start - Fixed a bug where podman generate kube did not work with containers with named volumes - Fixed a bug where rootless Podman would receive permission denied errors accessing conmon.pid - Fixed a bug where podman cp with a folder specified as target would replace the folder, as opposed to copying into it - Fixed a bug where rootless Podman commands could double-unlock a lock, causing a crash - Fixed a bug where Podman incorrectly set tmpcopyup on /dev/ mounts, causing errors when using the Kata containers runtime - Fixed a bug where podman exec would fail on older kernels - The podman commit command is now usable with the Podman remote client - The --signature-policy flag (used with several image-related commands) has been deprecated - The podman unshare command now defines two environment variables in the spawned shell: CONTAINERS_RUNROOT and CONTAINERS_GRAPHROOT, pointing to temporary and permanent storage for rootless containers - Updated vendored containers/storage and containers/image libraries with numerous bugfixes - Updated vendored Buildah to v1.8.3 - Podman now requires Conmon v0.2.0 - The podman cp command is now aliased as podman container cp - Rootless Podman will now default init_path using root Podman's configuration files (/etc/containers/libpod.conf and /usr/share/containers/libpod.conf) if not overridden in the rootless configuration - Update to image v1.5.1 - Vendor in latest containers/storage - docker/docker_client: Drop redundant Domain(ref.ref) call - pkg/blobinfocache: Split implementations into subpackages - copy: progress bar: show messages on completion - docs: rename manpages to *.5.command - add container-certs.d.md manpage - pkg/docker/config: Bring auth tests from docker/docker_client_test - Don't allocate a sync.Mutex separately Update to storage v1.12.10: - Add function to parse out mount options from graphdriver - Merge the disparate parts of all of the Unix-like lockfiles - Fix unix-but-not-Linux compilation - Return XDG_RUNTIME_DIR as RootlessRuntimeDir if set - Cherry-pick moby/moby #39292 for CVE-2018-15664 fixes - lockfile: add RecursiveLock() API - Update generated files - Fix crash on tesing of aufs code - Let consumers know when Layers and Images came from read-only stores - chown: do not change owner for the mountpoint - locks: correctly mark updates to the layers list - CreateContainer: don't worry about mapping layers unless necessary - docs: fix manpage for containers-storage.conf - docs: sort configuration options alphabetically - docs: document OSTree file deduplication - Add missing options to man page for containers-storage - overlay: use the layer idmapping if present - vfs: prefer layer custom idmappings - layers: propagate down the idmapping settings - Recreate symlink when not found - docs: fix manpage for configuration file - docs: add special handling for manpages in sect 5 - overlay: fix single-lower test - Recreate symlink when not found - overlay: propagate errors from mountProgram - utils: root in a userns uses global conf file - Fix handling of additional stores - Correctly check permissions on rootless directory - Fix possible integer overflow on 32bit builds - Evaluate device path for lvm - lockfile test: make concurrent RW test determinisitc - lockfile test: make concurrent read tests deterministic - drivers.DirCopy: fix filemode detection - storage: move the logic to detect rootless into utils.go - Don't set (struct flock).l_pid - Improve documentation of getLockfile - Rename getLockFile to createLockerForPath, and document it - Add FILES section to containers-storage.5 man page - add digest locks - drivers/copy: add a non-cgo fallback slirp4netns was updated to 0.3.0: - CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() (bsc#1123156) This update also includes: - fuse3 and fuse-overlayfs to support rootless containers. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2810-1 Released: Tue Oct 29 14:56:44 2019 Summary: Security update for runc Type: security Severity: moderate References: 1131314,1131553,1152308,CVE-2019-16884 This update for runc fixes the following issues: Security issue fixed: - CVE-2019-16884: Fixed an LSM bypass via malicious Docker images that mount over a /proc directory. (bsc#1152308) Non-security issues fixed: - Includes upstreamed patches for regressions (bsc#1131314 bsc#1131553). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:697-1 Released: Mon Mar 16 13:17:10 2020 Summary: Security update for cni, cni-plugins, conmon, fuse-overlayfs, podman Type: security Severity: moderate References: 1155217,1160460,1164390,CVE-2019-18466 This update for cni, cni-plugins, conmon, fuse-overlayfs, podman fixes the following issues: podman was updated to 1.8.0: - CVE-2019-18466: Fixed a bug where podman cp would improperly copy files on the host when copying a symlink in the container that included a glob operator (#3829 bsc#1155217) - The name of the cni-bridge in the default config changed from 'cni0' to 'podman-cni0' with podman-1.6.0. Add a %trigger to rename the bridge in the system to the new default if it exists. The trigger is only excuted when updating podman-cni-config from something older than 1.6.0. This is mainly needed for SLE where we're updating from 1.4.4 to 1.8.0 (bsc#1160460). Update podman to v1.8.0 (bsc#1160460): * Features - The podman system service command has been added, providing a preview of Podman's new Docker-compatible API. This API is still very new, and not yet ready for production use, but is available for early testing - Rootless Podman now uses Rootlesskit for port forwarding, which should greatly improve performance and capabilities - The podman untag command has been added to remove tags from images without deleting them - The podman inspect command on images now displays previous names they used - The podman generate systemd command now supports a --new option to generate service files that create and run new containers instead of managing existing containers - Support for --log-opt tag= to set logging tags has been added to the journald log driver - Added support for using Seccomp profiles embedded in images for podman run and podman create via the new --seccomp-policy CLI flag - The podman play kube command now honors pull policy * Bugfixes - Fixed a bug where the podman cp command would not copy the contents of directories when paths ending in /. were given - Fixed a bug where the podman play kube command did not properly locate Seccomp profiles specified relative to localhost - Fixed a bug where the podman info command for remote Podman did not show registry information - Fixed a bug where the podman exec command did not support having input piped into it - Fixed a bug where the podman cp command with rootless Podman on CGroups v2 systems did not properly determine if the container could be paused while copying - Fixed a bug where the podman container prune --force command could possible remove running containers if they were started while the command was running - Fixed a bug where Podman, when run as root, would not properly configure slirp4netns networking when requested - Fixed a bug where podman run --userns=keep-id did not work when the user had a UID over 65535 - Fixed a bug where rootless podman run and podman create with the --userns=keep-id option could change permissions on /run/user/$UID and break KDE - Fixed a bug where rootless Podman could not be run in a systemd service on systems using CGroups v2 - Fixed a bug where podman inspect would show CPUShares as 0, instead of the default (1024), when it was not explicitly set - Fixed a bug where podman-remote push would segfault - Fixed a bug where image healthchecks were not shown in the output of podman inspect - Fixed a bug where named volumes created with containers from pre-1.6.3 releases of Podman would be autoremoved with their containers if the --rm flag was given, even if they were given names - Fixed a bug where podman history was not computing image sizes correctly - Fixed a bug where Podman would not error on invalid values to the --sort flag to podman images - Fixed a bug where providing a name for the image made by podman commit was mandatory, not optional as it should be - Fixed a bug where the remote Podman client would append an extra ' to %PATH - Fixed a bug where the podman build command would sometimes ignore the -f option and build the wrong Containerfile - Fixed a bug where the podman ps --filter command would only filter running containers, instead of all containers, if --all was not passed - Fixed a bug where the podman load command on compressed images would leave an extra copy on disk - Fixed a bug where the podman restart command would not properly clean up the network, causing it to function differently from podman stop; podman start - Fixed a bug where setting the --memory-swap flag to podman create and podman run to -1 (to indicate unlimited) was not supported * Misc - Initial work on version 2 of the Podman remote API has been merged, but is still in an alpha state and not ready for use. Read more here - Many formatting corrections have been made to the manpages - The changes to address (#5009) may cause anonymous volumes created by Podman versions 1.6.3 to 1.7.0 to not be removed when their container is removed - Updated vendored Buildah to v1.13.1 - Updated vendored containers/storage to v1.15.8 - Updated vendored containers/image to v5.2.0 - Add apparmor-abstractions as required runtime dependency to have `tunables/global` available. - fixed the --force flag for the 'container prune' command. (https://github.com/containers/libpod/issues/4844) Update podman to v1.7.0 * Features - Added support for setting a static MAC address for containers - Added support for creating macvlan networks with podman network create, allowing Podman containers to be attached directly to networks the host is connected to - The podman image prune and podman container prune commands now support the --filter flag to filter what will be pruned, and now prompts for confirmation when run without --force (#4410 and #4411) - Podman now creates CGroup namespaces by default on systems using CGroups v2 (#4363) - Added the podman system reset command to remove all Podman files and perform a factory reset of the Podman installation - Added the --history flag to podman images to display previous names used by images (#4566) - Added the --ignore flag to podman rm and podman stop to not error when requested containers no longer exist - Added the --cidfile flag to podman rm and podman stop to read the IDs of containers to be removed or stopped from a file - The podman play kube command now honors Seccomp annotations (#3111) - The podman play kube command now honors RunAsUser, RunAsGroup, and selinuxOptions - The output format of the podman version command has been changed to better match docker version when using the --format flag - Rootless Podman will no longer initialize containers/storage twice, removing a potential deadlock preventing Podman commands from running while an image was being pulled (#4591) - Added tmpcopyup and notmpcopyup options to the --tmpfs and --mount type=tmpfs flags to podman create and podman run to control whether the content of directories are copied into tmpfs filesystems mounted over them - Added support for disabling detaching from containers by setting empty detach keys via --detach-keys='' - The podman build command now supports the --pull and --pull-never flags to control when images are pulled during a build - The podman ps -p command now shows the name of the pod as well as its ID (#4703) - The podman inspect command on containers will now display the command used to create the container - The podman info command now displays information on registry mirrors (#4553) * Bugfixes - Fixed a bug where Podman would use an incorrect runtime directory as root, causing state to be deleted after root logged out and making Podman in systemd services not function properly - Fixed a bug where the --change flag to podman import and podman commit was not being parsed properly in many cases - Fixed a bug where detach keys specified in libpod.conf were not used by the podman attach and podman exec commands, which always used the global default ctrl-p,ctrl-q key combination (#4556) - Fixed a bug where rootless Podman was not able to run podman pod stats even on CGroups v2 enabled systems (#4634) - Fixed a bug where rootless Podman would fail on kernels without the renameat2 syscall (#4570) - Fixed a bug where containers with chained network namespace dependencies (IE, container A using --net container=B and container B using --net container=C) would not properly mount /etc/hosts and /etc/resolv.conf into the container (#4626) - Fixed a bug where podman run with the --rm flag and without -d could, when run in the background, throw a 'container does not exist' error when attempting to remove the container after it exited - Fixed a bug where named volume locks were not properly reacquired after a reboot, potentially leading to deadlocks when trying to start containers using the volume (#4605 and #4621) - Fixed a bug where Podman could not completely remove containers if sent SIGKILL during removal, leaving the container name unusable without the podman rm --storage command to complete removal (#3906) - Fixed a bug where checkpointing containers started with --rm was allowed when --export was not specified (the container, and checkpoint, would be removed after checkpointing was complete by --rm) (#3774) - Fixed a bug where the podman pod prune command would fail if containers were present in the pods and the --force flag was not passed (#4346) - Fixed a bug where containers could not set a static IP or static MAC address if they joined a non-default CNI network (#4500) - Fixed a bug where podman system renumber would always throw an error if a container was mounted when it was run - Fixed a bug where podman container restore would fail with containers using a user namespace - Fixed a bug where rootless Podman would attempt to use the journald events backend even on systems without systemd installed - Fixed a bug where podman history would sometimes not properly identify the IDs of layers in an image (#3359) - Fixed a bug where containers could not be restarted when Conmon v2.0.3 or later was used - Fixed a bug where Podman did not check image OS and Architecture against the host when starting a container - Fixed a bug where containers in pods did not function properly with the Kata OCI runtime (#4353) - Fixed a bug where `podman info --format '{{ json . }}' would not produce JSON output (#4391) - Fixed a bug where Podman would not verify if files passed to --authfile existed (#4328) - Fixed a bug where podman images --digest would not always print digests when they were available - Fixed a bug where rootless podman run could hang due to a race with reading and writing events - Fixed a bug where rootless Podman would print warning-level logs despite not be instructed to do so (#4456) - Fixed a bug where podman pull would attempt to fetch from remote registries when pulling an unqualified image using the docker-daemon transport (#4434) - Fixed a bug where podman cp would not work if STDIN was a pipe - Fixed a bug where podman exec could stop accepting input if anything was typed between the command being run and the exec session starting (#4397) - Fixed a bug where podman logs --tail 0 would print all lines of a container's logs, instead of no lines (#4396) - Fixed a bug where the timeout for slirp4netns was incorrectly set, resulting in an extremely long timeout (#4344) - Fixed a bug where the podman stats command would print CPU utilizations figures incorrectly (#4409) - Fixed a bug where the podman inspect --size command would not print the size of the container's read/write layer if the size was 0 (#4744) - Fixed a bug where the podman kill command was not properly validating signals before use (#4746) - Fixed a bug where the --quiet and --format flags to podman ps could not be used at the same time - Fixed a bug where the podman stop command was not stopping exec sessions when a container was created without a PID namespace (--pid=host) - Fixed a bug where the podman pod rm --force command was not removing anonymous volumes for containers that were removed - Fixed a bug where the podman checkpoint command would not export all changes to the root filesystem of the container if performed more than once on the same container (#4606) - Fixed a bug where containers started with --rm would not be automatically removed on being stopped if an exec session was running inside the container (#4666) * Misc - The fixes to runtime directory path as root can cause strange behavior if an upgrade is performed while containers are running - Updated vendored Buildah to v1.12.0 - Updated vendored containers/storage library to v1.15.4 - Updated vendored containers/image library to v5.1.0 - Kata Containers runtimes (kata-runtime, kata-qemu, and kata-fc) are now present in the default libpod.conf, but will not be available unless Kata containers is installed on the system - Podman previously did not allow the creation of containers with a memory limit lower than 4MB. This restriction has been removed, as the crun runtime can create containers with significantly less memory Update podman to v1.6.4 - Remove winsz FIFO on container restart to allow use with Conmon 2.03 and higher - Ensure volumes reacquire locks on system restart, preventing deadlocks when starting containers - Suppress spurious log messages when running rootless Podman - Update vendored containers/storage to v1.13.6 - Fix a deadlock related to writing events - Do not use the journald event logger when it is not available Update podman to v1.6.2 * Features - Added a --runtime flag to podman system migrate to allow the OCI runtime for all containers to be reset, to ease transition to the crun runtime on CGroups V2 systems until runc gains full support - The podman rm command can now remove containers in broken states which previously could not be removed - The podman info command, when run without root, now shows information on UID and GID mappings in the rootless user namespace - Added podman build --squash-all flag, which squashes all layers (including those of the base image) into one layer - The --systemd flag to podman run and podman create now accepts a string argument and allows a new value, always, which forces systemd support without checking if the the container entrypoint is systemd * Bugfixes - Fixed a bug where the podman top command did not work on systems using CGroups V2 (#4192) - Fixed a bug where rootless Podman could double-close a file, leading to a panic - Fixed a bug where rootless Podman could fail to retrieve some containers while refreshing the state - Fixed a bug where podman start --attach --sig-proxy=false would still proxy signals into the container - Fixed a bug where Podman would unconditionally use a non-default path for authentication credentials (auth.json), breaking podman login integration with skopeo and other tools using the containers/image library - Fixed a bug where podman ps --format=json and podman images --format=json would display null when no results were returned, instead of valid JSON - Fixed a bug where podman build --squash was incorrectly squashing all layers into one, instead of only new layers - Fixed a bug where rootless Podman would allow volumes with options to be mounted (mounting volumes requires root), creating an inconsistent state where volumes reported as mounted but were not (#4248) - Fixed a bug where volumes which failed to unmount could not be removed (#4247) - Fixed a bug where Podman incorrectly handled some errors relating to unmounted or missing containers in containers/storage - Fixed a bug where podman stats was broken on systems running CGroups V2 when run rootless (#4268) - Fixed a bug where the podman start command would print the short container ID, instead of the full ID - Fixed a bug where containers created with an OCI runtime that is no longer available (uninstalled or removed from the config file) would not appear in podman ps and could not be removed via podman rm - Fixed a bug where containers restored via podman container restore --import would retain the CGroup path of the original container, even if their container ID changed; thus, multiple containers created from the same checkpoint would all share the same CGroup * Misc - The default PID limit for containers is now set to 4096. It can be adjusted back to the old default (unlimited) by passing --pids-limit 0 to podman create and podman run - The podman start --attach command now automatically attaches STDIN if the container was created with -i - The podman network create command now validates network names using the same regular expression as container and pod names - The --systemd flag to podman run and podman create will now only enable systemd mode when the binary being run inside the container is /sbin/init, /usr/sbin/init, or ends in systemd (previously detected any path ending in init or systemd) - Updated vendored Buildah to 1.11.3 - Updated vendored containers/storage to 1.13.5 - Updated vendored containers/image to 4.0.1 Update podman to v1.6.1 * Features - The podman network create, podman network rm, podman network inspect, and podman network ls commands have been added to manage CNI networks used by Podman - The podman volume create command can now create and mount volumes with options, allowing volumes backed by NFS, tmpfs, and many other filesystems - Podman can now run containers without CGroups for better integration with systemd by using the --cgroups=disabled flag with podman create and podman run. This is presently only supported with the crun OCI runtime - The podman volume rm and podman volume inspect commands can now refer to volumes by an unambiguous partial name, in addition to full name (e.g. podman volume rm myvol to remove a volume named myvolume) (#3891) - The podman run and podman create commands now support the --pull flag to allow forced re-pulling of images (#3734) - Mounting volumes into a container using --volume, --mount, and --tmpfs now allows the suid, dev, and exec mount options (the inverse of nosuid, nodev, noexec) (#3819) - Mounting volumes into a container using --mount now allows the relabel=Z and relabel=z options to relabel mounts. - The podman push command now supports the --digestfile option to save a file containing the pushed digest - Pods can now have their hostname set via podman pod create --hostname or providing Pod YAML with a hostname set to podman play kube (#3732) - The podman image sign command now supports the --cert-dir flag - The podman run and podman create commands now support the --security-opt label=filetype:$LABEL flag to set the SELinux label for container files - The remote Podman client now supports healthchecks * Bugfixes - Fixed a bug where remote podman pull would panic if a Varlink connection was not available (#4013) - Fixed a bug where podman exec would not properly set terminal size when creating a new exec session (#3903) - Fixed a bug where podman exec would not clean up socket symlinks on the host (#3962) - Fixed a bug where Podman could not run systemd in containers that created a CGroup namespace - Fixed a bug where podman prune -a would attempt to prune images used by Buildah and CRI-O, causing errors (#3983) - Fixed a bug where improper permissions on the ~/.config directory could cause rootless Podman to use an incorrect directory for storing some files - Fixed a bug where the bash completions for podman import threw errors - Fixed a bug where Podman volumes created with podman volume create would not copy the contents of their mountpoint the first time they were mounted into a container (#3945) - Fixed a bug where rootless Podman could not run podman exec when the container was not run inside a CGroup owned by the user (#3937) - Fixed a bug where podman play kube would panic when given Pod YAML without a securityContext (#3956) - Fixed a bug where Podman would place files incorrectly when storage.conf configuration items were set to the empty string (#3952) - Fixed a bug where podman build did not correctly inherit Podman's CGroup configuration, causing crashed on CGroups V2 systems (#3938) - Fixed a bug where remote podman run --rm would exit before the container was completely removed, allowing race conditions when removing container resources (#3870) - Fixed a bug where rootless Podman would not properly handle changes to /etc/subuid and /etc/subgid after a container was launched - Fixed a bug where rootless Podman could not include some devices in a container using the --device flag (#3905) - Fixed a bug where the commit Varlink API would segfault if provided incorrect arguments (#3897) - Fixed a bug where temporary files were not properly cleaned up after a build using remote Podman (#3869) - Fixed a bug where podman remote cp crashed instead of reporting it was not yet supported (#3861) - Fixed a bug where podman exec would run as the wrong user when execing into a container was started from an image with Dockerfile USER (or a user specified via podman run --user) (#3838) - Fixed a bug where images pulled using the oci: transport would be improperly named - Fixed a bug where podman varlink would hang when managed by systemd due to SD_NOTIFY support conflicting with Varlink (#3572) - Fixed a bug where mounts to the same destination would sometimes not trigger a conflict, causing a race as to which was actually mounted - Fixed a bug where podman exec --preserve-fds caused Podman to hang (#4020) - Fixed a bug where removing an unmounted container that was unmounted might sometimes not properly clean up the container (#4033) - Fixed a bug where the Varlink server would freeze when run in a systemd unit file (#4005) - Fixed a bug where Podman would not properly set the $HOME environment variable when the OCI runtime did not set it - Fixed a bug where rootless Podman would incorrectly print warning messages when an OCI runtime was not found (#4012) - Fixed a bug where named volumes would conflict with, instead of overriding, tmpfs filesystems added by the --read-only-tmpfs flag to podman create and podman run - Fixed a bug where podman cp would incorrectly make the target directory when copying to a symlink which pointed to a nonexistent directory (#3894) - Fixed a bug where remote Podman would incorrectly read STDIN when the -i flag was not set (#4095) - Fixed a bug where podman play kube would create an empty pod when given an unsupported YAML type (#4093) - Fixed a bug where podman import --change improperly parsed CMD (#4000) - Fixed a bug where rootless Podman on systems using CGroups V2 would not function with the cgroupfs CGroups manager - Fixed a bug where rootless Podman could not correctly identify the DBus session address, causing containers to fail to start (#4162) - Fixed a bug where rootless Podman with slirp4netns networking would fail to start containers due to mount leaks * Misc - Significant changes were made to Podman volumes in this release. If you have pre-existing volumes, it is strongly recommended to run podman system renumber after upgrading. - Version 0.8.1 or greater of the CNI Plugins is now required for Podman - Version 2.0.1 or greater of Conmon is strongly recommended - Updated vendored Buildah to v1.11.2 - Updated vendored containers/storage library to v1.13.4 - Improved error messages when trying to create a pod with no name via podman play kube - Improved error messages when trying to run podman pause or podman stats on a rootless container on a system without CGroups V2 enabled - TMPDIR has been set to /var/tmp by default to better handle large temporary files - podman wait has been optimized to detect stopped containers more rapidly - Podman containers now include a ContainerManager annotation indicating they were created by libpod - The podman info command now includes information about slirp4netns and fuse-overlayfs if they are available - Podman no longer sets a default size of 65kb for tmpfs filesystems - The default Podman CNI network has been renamed in an attempt to prevent conflicts with CRI-O when both are run on the same system. This should only take effect on system restart - The output of podman volume inspect has been more closely matched to docker volume inspect - Add katacontainers as a recommended package, and include it as an additional OCI runtime in the configuration. Update podman to v1.5.1 * Features - The hostname of pods is now set to the pod's name * Bugfixes - Fixed a bug where podman run and podman create did not honor the --authfile option (#3730) - Fixed a bug where containers restored with podman container restore --import would incorrectly duplicate the Conmon PID file of the original container - Fixed a bug where podman build ignored the default OCI runtime configured in libpod.conf - Fixed a bug where podman run --rm (or force-removing any running container with podman rm --force) were not retrieving the correct exit code (#3795) - Fixed a bug where Podman would exit with an error if any configured hooks directory was not present - Fixed a bug where podman inspect and podman commit would not use the correct CMD for containers run with podman play kube - Fixed a bug created pods when using rootless Podman and CGroups V2 (#3801) - Fixed a bug where the podman events command with the --since or --until options could take a very long time to complete * Misc - Rootless Podman will now inherit OCI runtime configuration from the root configuration (#3781) - Podman now properly sets a user agent while contacting registries (#3788) - Add zsh completion for podman commands Update podman to v1.5.0 * Features - Podman containers can now join the user namespaces of other containers with --userns=container:$ID, or a user namespace at an arbitary path with --userns=ns:$PATH - Rootless Podman can experimentally squash all UIDs and GIDs in an image to a single UID and GID (which does not require use of the newuidmap and newgidmap executables) by passing --storage-opt ignore_chown_errors - The podman generate kube command now produces YAML for any bind mounts the container has created (#2303) - The podman container restore command now features a new flag, --ignore-static-ip, that can be used with --import to import a single container with a static IP multiple times on the same host - Added the ability for podman events to output JSON by specifying --format=json - If the OCI runtime or conmon binary cannot be found at the paths specified in libpod.conf, Podman will now also search for them in the calling user's path - Added the ability to use podman import with URLs (#3609) - The podman ps command now supports filtering names using regular expressions (#3394) - Rootless Podman containers with --privileged set will now mount in all host devices that the user can access - The podman create and podman run commands now support the --env-host flag to forward all environment variables from the host into the container - Rootless Podman now supports healthchecks (#3523) - The format of the HostConfig portion of the output of podman inspect on containers has been improved and synced with Docker - Podman containers now support CGroup namespaces, and can create them by passing --cgroupns=private to podman run or podman create - The podman create and podman run commands now support the --ulimit=host flag, which uses any ulimits currently set on the host for the container - The podman rm and podman rmi commands now use different exit codes to indicate 'no such container' and 'container is running' errors - Support for CGroups V2 through the crun OCI runtime has been greatly improved, allowing resource limits to be set for rootless containers when the CGroups V2 hierarchy is in use * Bugfixes - Fixed a bug where a race condition could cause podman restart to fail to start containers with ports - Fixed a bug where containers restored from a checkpoint would not properly report the time they were started at - Fixed a bug where podman search would return at most 25 results, even when the maximum number of results was set higher - Fixed a bug where podman play kube would not honor capabilities set in imported YAML (#3689) - Fixed a bug where podman run --env, when passed a single key (to use the value from the host), would set the environment variable in the container even if it was not set on the host (#3648) - Fixed a bug where podman commit --changes would not properly set environment variables - Fixed a bug where Podman could segfault while working with images with no history - Fixed a bug where podman volume rm could remove arbitrary volumes if given an ambiguous name (#3635) - Fixed a bug where podman exec invocations leaked memory by not cleaning up files in tmpfs - Fixed a bug where the --dns and --net=container flags to podman run and podman create were not mutually exclusive (#3553) - Fixed a bug where rootless Podman would be unable to run containers when less than 5 UIDs were available - Fixed a bug where containers in pods could not be removed without removing the entire pod (#3556) - Fixed a bug where Podman would not properly clean up all CGroup controllers for created cgroups when using the cgroupfs CGroup driver - Fixed a bug where Podman containers did not properly clean up files in tmpfs, resulting in a memory leak as containers stopped - Fixed a bug where healthchecks from images would not use default settings for interval, retries, timeout, and start period when they were not provided by the image (#3525) - Fixed a bug where healthchecks using the HEALTHCHECK CMD format where not properly supported (#3507) - Fixed a bug where volume mounts using relative source paths would not be properly resolved (#3504) - Fixed a bug where podman run did not use authorization credentials when a custom path was specified (#3524) - Fixed a bug where containers checkpointed with podman container checkpoint did not properly set their finished time - Fixed a bug where running podman inspect on any container not created with podman run or podman create (for example, pod infra containers) would result in a segfault (#3500) - Fixed a bug where healthcheck flags for podman create and podman run were incorrectly named (#3455) - Fixed a bug where Podman commands would fail to find targets if a partial ID was specified that was ambiguous between a container and pod (#3487) - Fixed a bug where restored containers would not have the correct SELinux label - Fixed a bug where Varlink endpoints were not working properly if more was not correctly specified - Fixed a bug where the Varlink PullImage endpoint would crash if an error occurred (#3715) - Fixed a bug where the --mount flag to podman create and podman run did not allow boolean arguments for its ro and rw options (#2980) - Fixed a bug where pods did not properly share the UTS namespace, resulting in incorrect behavior from some utilities which rely on hostname (#3547) - Fixed a bug where Podman would unconditionally append ENTRYPOINT to CMD during podman commit (and when reporting CMD in podman inspect) (#3708) - Fixed a bug where podman events with the journald events backend would incorrectly print 6 previous events when only new events were requested (#3616) - Fixed a bug where podman port would exit prematurely when a port number was specified (#3747) - Fixed a bug where passing . as an argument to the --dns-search flag to podman create and podman run was not properly clearing DNS search domains in the container * Misc - Updated vendored Buildah to v1.10.1 - Updated vendored containers/image to v3.0.2 - Updated vendored containers/storage to v1.13.1 - Podman now requires conmon v2.0.0 or higher - The podman info command now displays the events logger being in use - The podman inspect command on containers now includes the ID of the pod a container has joined and the PID of the container's conmon process - The -v short flag for podman --version has been re-added - Error messages from podman pull should be significantly clearer - The podman exec command is now available in the remote client - The podman-v1.5.0.tar.gz file attached is podman packaged for MacOS. It can be installed using Homebrew. - Update libpod.conf to support latest path discovery feature for `runc` and `conmon` binaries. conmon was included in version 2.0.10. (bsc#1160460, bsc#1164390, jsc#ECO-1048, jsc#SLE-11485, jsc#SLE-11331): fuse-overlayfs was updated to v0.7.6 (bsc#1160460) - do not look in lower layers for the ino if there is no origin xattr set - attempt to use the file path if the operation on the fd fails with ENXIO - do not expose internal xattrs through listxattr and getxattr - fix fallocate for deleted files. - ignore O_DIRECT. It causes issues with libfuse not using an aligned buffer, causing write(2) to fail with EINVAL. - on copyup, do not copy the opaque xattr. - fix a wrong lookup for whiteout files, that could happen on a double unlink. - fix possible segmentation fault in direct_fsync() - use the data store to create missing whiteouts - after a rename, force a directory reload - introduce inodes cache - correctly read inode for unix sockets - avoid hash map lookup when possible - use st_dev for the ino key - check whether writeback is supported - set_attrs: don't require write to S_IFREG - ioctl: do not reuse fi->fh for directories - fix skip whiteout deletion optimization - store the new mode after chmod - support fuse writeback cache and enable it by default - add option to disable fsync - add option to disable xattrs - add option to skip ino number check in lower layers - fix fd validity check - fix memory leak - fix read after free - fix type for flistxattr return - fix warnings reported by lgtm.com - enable parallel dirops cni was updated to 0.7.1: - Set correct CNI version for 99-loopback.conf Update to version 0.7.1 (bsc#1160460): * Library changes: + invoke : ensure custom envs of CNIArgs are prepended to process envs + add GetNetworkListCachedResult to CNI interface + delegate : allow delegation funcs override CNI_COMMAND env automatically in heritance * Documentation & Convention changes: + Update cnitool documentation for spec v0.4.0 + Add cni-route-override to CNI plugin list Update to version 0.7.0: * Spec changes: + Use more RFC2119 style language in specification (must, should...) + add notes about ADD/DEL ordering + Make the container ID required and unique. + remove the version parameter from ADD and DEL commands. + Network interface name matters + be explicit about optional and required structure members + add CHECK method + Add a well-known error for 'try again' + SPEC.md: clarify meaning of 'routes' * Library changes: + pkg/types: Makes IPAM concrete type + libcni: return error if Type is empty + skel: VERSION shouldn't block on stdin + non-pointer instances of types.Route now correctly marshal to JSON + libcni: add ValidateNetwork and ValidateNetworkList functions + pkg/skel: return error if JSON config has no network name + skel: add support for plugin version string + libcni: make exec handling an interface for better downstream testing + libcni: api now takes a Context to allow operations to be timed out or cancelled + types/version: add helper to parse PrevResult + skel: only print about message, not errors + skel,invoke,libcni: implementation of CHECK method + cnitool: Honor interface name supplied via CNI_IFNAME environment variable. + cnitool: validate correct number of args + Don't copy gw from IP4.Gateway to Route.GW When converting from 0.2.0 + add PrintTo method to Result interface + Return a better error when the plugin returns none - Install sleep binary into CNI plugin directory cni-plugins was updated to 0.8.4: Update to version 0.8.4 (bsc#1160460): * add support for mips64le * Add missing cniVersion in README example * bump go-iptables module to v0.4.5 * iptables: add idempotent functions * portmap doesn't fail if chain doesn't exist * fix portmap port forward flakiness * Add Bruce Ma and Piotr Skarmuk as owners Update to version 0.8.3: * Enhancements: * static: prioritize the input sources for IPs (#400). * tuning: send gratuitous ARP in case of MAC address update (#403). * bandwidth: use uint64 for Bandwidth value (#389). * ptp: only override DNS conf if DNS settings provided (#388). * loopback: When prevResults are not supplied to loopback plugin, create results to return (#383). * loopback support CNI CHECK and result cache (#374). * Better input validation: * vlan: add MTU validation to loadNetConf (#405). * macvlan: add MTU validation to loadNetConf (#404). * bridge: check vlan id when loading net conf (#394). * Bugfixes: * bugfix: defer after err check, or it may panic (#391). * portmap: Fix dual-stack support (#379). * firewall: don't return error in DEL if prevResult is not found (#390). * bump up libcni back to v0.7.1 (#377). * Docs: * contributing doc: revise test script name to run (#396). * contributing doc: describe cnitool installation (#397). Update plugins to v0.8.2 + New features: * Support 'args' in static and tuning * Add Loopback DSR support, allow l2tunnel networks to be used with the l2bridge plugin * host-local: return error if same ADD request is seen twice * bandwidth: fix collisions * Support ips capability in static and mac capability in tuning * pkg/veth: Make host-side veth name configurable + Bug fixes: * Fix: failed to set bridge addr: could not add IP address to 'cni0': file exists * host-device: revert name setting to make retries idempotent (#357). * Vendor update go-iptables. Vendor update go-iptables to obtain commit f1d0510cabcb710d5c5dd284096f81444b9d8d10 * Update go.mod & go.sub * Remove link Down/Up in MAC address change to prevent route flush (#364). * pkg/ip unit test: be agnostic of Linux version, on Linux 4.4 the syscall error message is 'invalid argument' not 'file exists' * bump containernetworking/cni to v0.7.1 Updated plugins to v0.8.1: + Bugs: * bridge: fix ipMasq setup to use correct source address * fix compilation error on 386 * bandwidth: get bandwidth interface in host ns through container interface + Improvements: * host-device: add pciBusID property Updated plugins to v0.8.0: + New plugins: * bandwidth - limit incoming and outgoing bandwidth * firewall - add containers to firewall rules * sbr - convert container routes to source-based routes * static - assign a fixed IP address * win-bridge, win-overlay: Windows plugins + Plugin features / changelog: * CHECK Support * macvlan: - Allow to configure empty ipam for macvlan - Make master config optional * bridge: - Add vlan tag to the bridge cni plugin - Allow the user to assign VLAN tag - L2 bridge Implementation. * dhcp: - Include Subnet Mask option parameter in DHCPREQUEST - Add systemd unit file to activate socket with systemd - Add container ifName to the dhcp clientID, making the clientID value * flannel: - Pass through runtimeConfig to delegate * host-local: - host-local: add ifname to file tracking IP address used * host-device: - Support the IPAM in the host-device - Handle empty netns in DEL for loopback and host-device * tuning: - adds 'ip link' command related feature into tuning + Bug fixes & minor changes * Correctly DEL on ipam failure for all plugins * Fix bug on ip revert if cmdAdd fails on macvlan and host-device * host-device: Ensure device is down before rename * Fix -hostprefix option * some DHCP servers expect to request for explicit router options * bridge: release IP in case of error * change source of ipmasq rule from ipn to ip from version v0.7.5: + This release takes a minor change to the portmap plugin: * Portmap: append, rather than prepend, entry rules + This fixes a potential issue where firewall rules may be bypassed by port mapping ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:821-1 Released: Tue Mar 31 13:05:59 2020 Summary: Recommended update for podman, slirp4netns Type: recommended Severity: moderate References: 1167850 This update for podman, slirp4netns fixes the following issues: slirp4netns was updated to 0.4.4 (bsc#1167850): * libslirp: Update to v4.2.0: * New API function slirp_add_unix: add a forward rule to a Unix socket. * New API function slirp_remove_guestfwd: remove a forward rule previously added by slirp_add_exec, slirp_add_unix or slirp_add_guestfwd * New SlirpConfig.outbound_addr{,6} fields to bind output socket to a specific address * socket: do not fallback on host loopback if get_dns_addr() failed or the address is in slirp network * ncsi: fix checksum OOB memory access * tcp_emu(): fix OOB accesses * tftp: restrict relative path access * state: fix loading of guestfwd state Update to 0.4.3: * api: raise an error if the socket path is too long * libslirp: update to v4.1.0: Including the fix for libslirp sends RST to app in response to arriving FIN when containerized socket is shutdown() with SHUT_WR * Fix create_sandbox error Update to 0.4.2: * Do not propagate mounts to the parent ns in sandbox Update to 0.4.1: * Support specifying netns path (slirp4netns --netns-type=path PATH TAPNAME) * Support specifying --userns-path * Vendor https://gitlab.freedesktop.org/slirp/libslirp (QEMU v4.1+) * Bring up loopback device when --configure is specified * Support sandboxing by creating a mount namespace (--enable-sandbox) * Support seccomp (--enable-seccomp) - Add new build dependencies libcap-devel and libseccomp-devel Update to 0.3.3: * Fix use-after-free in libslirp Update to 0.3.2: * Fix heap overflow in `ip_reass` on big packet input Update to 0.3.1: * Fix use-after-free Changes in podman: - Fixed dependency on slirp4netns. We need at least 0.4.0 now (bsc#1167850) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:944-1 Released: Tue Apr 7 15:49:33 2020 Summary: Security update for runc Type: security Severity: moderate References: 1149954,1160452,CVE-2019-19921 This update for runc fixes the following issues: runc was updated to v1.0.0~rc10 - CVE-2019-19921: Fixed a mount race condition with shared mounts (bsc#1160452). - Fixed an issue where podman run hangs when spawned by salt-minion process (bsc#1149954). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1197-1 Released: Wed May 6 13:52:04 2020 Summary: Security update for slirp4netns Type: security Severity: important References: 1170940,CVE-2020-1983 This update for slirp4netns fixes the following issues: Security issue fixed: - CVE-2020-1983: Fixed a use-after-free in ip_reass (bsc#1170940). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1915-1 Released: Wed Jul 15 09:34:15 2020 Summary: Security update for slirp4netns Type: security Severity: important References: 1172380,CVE-2020-10756 This update for slirp4netns fixes the following issues: - Update to 0.4.7 (bsc#1172380) * libslirp: update to v4.3.1 (Fix CVE-2020-10756) * Fix config_from_options() to correctly enable ipv6 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1957-1 Released: Mon Jul 20 13:47:31 2020 Summary: Security update for cni-plugins Type: security Severity: moderate References: 1172410,CVE-2020-10749 This update for cni-plugins fixes the following issues: cni-plugins updated to version 0.8.6 - CVE-2020-10749: Fixed a potential Man-in-the-Middle attacks in IPv4 clusters by spoofing IPv6 router advertisements (bsc#1172410). Release notes: https://github.com/containernetworking/plugins/releases/tag/v0.8.6 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2731-1 Released: Thu Sep 24 07:42:32 2020 Summary: Security update for conmon, fuse-overlayfs, libcontainers-common, podman Type: security Severity: moderate References: 1162432,1164090,1165738,1171578,1174075,1175821,1175957,CVE-2020-1726 This update for conmon, fuse-overlayfs, libcontainers-common, podman fixes the following issues: podman was updated to v2.0.6 (bsc#1175821) - install missing systemd units for the new Rest API (bsc#1175957) and a few man-pages that where missing before - Drop varlink API related bits (in favor of the new API) - fix install location for zsh completions * Fixed a bug where running systemd in a container on a cgroups v1 system would fail. * Fixed a bug where /etc/passwd could be re-created every time a container is restarted if the container's /etc/passwd did not contain an entry for the user the container was started as. * Fixed a bug where containers without an /etc/passwd file specifying a non-root user would not start. * Fixed a bug where the --remote flag would sometimes not make remote connections and would instead attempt to run Podman locally. Update to v2.0.6: * Features - Rootless Podman will now add an entry to /etc/passwd for the user who ran Podman if run with --userns=keep-id. - The podman system connection command has been reworked to support multiple connections, and reenabled for use! - Podman now has a new global flag, --connection, to specify a connection to a remote Podman API instance. * Changes - Podman's automatic systemd integration (activated by the --systemd=true flag, set by default) will now activate for containers using /usr/local/sbin/init as their command, instead of just /usr/sbin/init and /sbin/init (and any path ending in systemd). - Seccomp profiles specified by the --security-opt seccomp=... flag to podman create and podman run will now be honored even if the container was created using --privileged. * Bugfixes - Fixed a bug where the podman play kube would not honor the hostIP field for port forwarding (#5964). - Fixed a bug where the podman generate systemd command would panic on an invalid restart policy being specified (#7271). - Fixed a bug where the podman images command could take a very long time (several minutes) to complete when a large number of images were present. - Fixed a bug where the podman logs command with the --tail flag would not work properly when a large amount of output would be printed ((#7230)[https://github.com//issues/7230]). - Fixed a bug where the podman exec command with remote Podman would not return a non-zero exit code when the exec session failed to start (e.g. invoking a non-existent command) (#6893). - Fixed a bug where the podman load command with remote Podman would did not honor user-specified tags (#7124). - Fixed a bug where the podman system service command, when run as a non-root user by Systemd, did not properly handle the Podman pause process and would not restart properly as a result (#7180). - Fixed a bug where the --publish flag to podman create, podman run, and podman pod create did not properly handle a host IP of 0.0.0.0 (attempting to bind to literal 0.0.0.0, instead of all IPs on the system) (#7104). - Fixed a bug where the podman start --attach command would not print the container's exit code when the command exited due to the container exiting. - Fixed a bug where the podman rm command with remote Podman would not remove volumes, even if the --volumes flag was specified (#7128). - Fixed a bug where the podman run command with remote Podman and the --rm flag could exit before the container was fully removed. - Fixed a bug where the --pod new:... flag to podman run and podman create would create a pod that did not share any namespaces. - Fixed a bug where the --preserve-fds flag to podman run and podman exec could close the wrong file descriptors while trying to close user-provided descriptors after passing them into the container. - Fixed a bug where default environment variables ($PATH and $TERM) were not set in containers when not provided by the image. - Fixed a bug where pod infra containers were not properly unmounted after exiting. - Fixed a bug where networks created with podman network create with an IPv6 subnet did not properly set an IPv6 default route. - Fixed a bug where the podman save command would not work properly when its output was piped to another command (#7017). - Fixed a bug where containers using a systemd init on a cgroups v1 system could leak mounts under /sys/fs/cgroup/systemd to the host. - Fixed a bug where podman build would not generate an event on completion (#7022). - Fixed a bug where the podman history command with remote Podman printed incorrect creation times for layers (#7122). - Fixed a bug where Podman would not create working directories specified by the container image if they did not exist. - Fixed a bug where Podman did not clear CMD from the container image if the user overrode ENTRYPOINT (#7115). - Fixed a bug where error parsing image names were not fully reported (part of the error message containing the exact issue was dropped). - Fixed a bug where the podman images command with remote Podman did not support printing image tags in Go templates supplied to the --format flag (#7123). - Fixed a bug where the podman rmi --force command would not attempt to unmount containers it was removing, which could cause a failure to remove the image. - Fixed a bug where the podman generate systemd --new command could incorrectly quote arguments to Podman that contained whitespace, leading to nonfunctional unit files (#7285). - Fixed a bug where the podman version command did not properly include build time and Git commit. - Fixed a bug where running systemd in a Podman container on a system that did not use the systemd cgroup manager would fail (#6734). - Fixed a bug where capabilities from --cap-add were not properly added when a container was started as a non-root user via --user. - Fixed a bug where Pod infra containers were not properly cleaned up when they stopped, causing networking issues (#7103). * API - Fixed a bug where the libpod and compat Build endpoints did not accept the application/tar content type (instead only accepting application/x-tar) (#7185). - Fixed a bug where the libpod Exists endpoint would attempt to write a second header in some error conditions (#7197). - Fixed a bug where compat and libpod Network Inspect and Network Remove endpoints would return a 500 instead of 404 when the requested network was not found. - Added a versioned _ping endpoint (e.g. http://localhost/v1.40/_ping). - Fixed a bug where containers started through a systemd-managed instance of the REST API would be shut down when podman system service shut down due to its idle timeout (#7294). - Added stronger parameter verification for the libpod Network Create endpoint to ensure subnet mask is a valid value. - The Pod URL parameter to the Libpod Container List endpoint has been deprecated; the information previously gated by the Pod boolean will now be included in the response unconditionally. - Change hard requires for AppArmor to Recommends. They are not needed for runtime or with SELinux but already installed if AppArmor is used [jsc#SMO-15] - Add BuildRequires for pkg-config(libselinux) to build with SELinux support [jsc#SMO-15] Update to v2.0.4 * Fixed a bug where the output of podman image search did not populate the Description field as it was mistakenly assigned to the ID field. * Fixed a bug where podman build - and podman build on an HTTP target would fail. * Fixed a bug where rootless Podman would improperly chown the copied-up contents of anonymous volumes (#7130). * Fixed a bug where Podman would sometimes HTML-escape special characters in its CLI output. * Fixed a bug where the podman start --attach --interactive command would print the container ID of the container attached to when exiting (#7068). * Fixed a bug where podman run --ipc=host --pid=host would only set --pid=host and not --ipc=host (#7100). * Fixed a bug where the --publish argument to podman run, podman create and podman pod create would not allow binding the same container port to more than one host port (#7062). * Fixed a bug where incorrect arguments to podman images --format could cause Podman to segfault. * Fixed a bug where podman rmi --force on an image ID with more than one name and at least one container using the image would not completely remove containers using the image (#7153). * Fixed a bug where memory usage in bytes and memory use percentage were swapped in the output of podman stats --format=json. * Fixed a bug where the libpod and compat events endpoints would fail if no filters were specified (#7078). * Fixed a bug where the CgroupVersion field in responses from the compat Info endpoint was prefixed by 'v' (instead of just being '1' or '2', as is documented). - Suggest katacontainers instead of recommending it. It's not enabled by default, so it's just bloat Update to v2.0.3 * Fix handling of entrypoint * log API: add context to allow for cancelling * fix API: Create container with an invalid configuration * Remove all instances of named return 'err' from Libpod * Fix: Correct connection counters for hijacked connections * Fix: Hijacking v2 endpoints to follow rfc 7230 semantics * Remove hijacked connections from active connections list * version/info: format: allow more json variants * Correctly print STDOUT on non-terminal remote exec * Fix container and pod create commands for remote create * Mask out /sys/dev to prevent information leak from the host * Ensure sig-proxy default is propagated in start * Add SystemdMode to inspect for containers * When determining systemd mode, use full command * Fix lint * Populate remaining unused fields in `pod inspect` * Include infra container information in `pod inspect` * play-kube: add suport for 'IfNotPresent' pull type * docs: user namespace can't be shared in pods * Fix 'Error: unrecognized protocol \'TCP\' in port mapping' * Error on rootless mac and ip addresses * Fix & add notes regarding problematic language in codebase * abi: set default umask and rlimits * Used reference package with errors for parsing tag * fix: system df error when an image has no name * Fix Generate API title/description * Add noop function disable-content-trust * fix play kube doesn't override dockerfile ENTRYPOINT * Support default profile for apparmor * Bump github.com/containers/common to v0.14.6 * events endpoint: backwards compat to old type * events endpoint: fix panic and race condition * Switch references from libpod.conf to containers.conf * podman.service: set type to simple * podman.service: set doc to podman-system-service * podman.service: use default registries.conf * podman.service: use default killmode * podman.service: remove stop timeout * systemd: symlink user->system * vendor golang.org/x/text at v0.3.3 * Fix a bug where --pids-limit was parsed incorrectly * search: allow wildcards * [CI:DOCS]Do not copy policy.json into gating image * Fix systemd pid 1 test * Cirrus: Rotate keys post repo. rename * The libpod.conf(5) man page got removed and all references are now pointing towards containers.conf(5), which will be part of the libcontainers-common package. Update to podman v2.0.2 * fix race condition in `libpod.GetEvents(...)` * Fix bug where `podman mount` didn't error as rootless * remove podman system connection * Fix imports to ensure v2 is used with libpod * Update release notes for v2.0.2 * specgen: fix order for setting rlimits * Ensure umask is set appropriately for 'system service' * generate systemd: improve pod-flags filter * Fix a bug with APIv2 compat network remove to log an ErrNetworkNotFound instead of nil * Fixes --remote flag issues * Pids-limit should only be set if the user set it * Set console mode for windows * Allow empty host port in --publish flag * Add a note on the APIs supported by `system service` * fix: Don't override entrypoint if it's `nil` * Set TMPDIR to /var/tmp by default if not set * test: add tests for --user and volumes * container: move volume chown after spec generation * libpod: volume copyup honors namespace mappings * Fix `system service` panic from early hangup in events * stop podman service in e2e tests * Print errors from individual containers in pods * auto-update: clarify systemd-unit requirements * podman ps truncate the command * move go module to v2 * Vendor containers/common v0.14.4 * Bump to imagebuilder v1.1.6 on v2 branch * Account for non-default port number in image name - Changes since v2.0.1 * Update release notes with further v2.0.1 changes * Fix inspect to display multiple label: changes * Set syslog for exit commands on log-level=debug * Friendly amendment for pr 6751 * podman run/create: support all transports * systemd generate: allow manual restart of container units in pods * Revert sending --remote flag to containers * Print port mappings in `ps` for ctrs sharing network * vendor github.com/containers/common at v0.14.3 * Update release notes for v2.0.1 * utils: drop default mapping when running uid!=0 * Set stop signal to 15 when not explicitly set * podman untag: error if tag doesn't exist * Reformat inspect network settings * APIv2: Return `StatusCreated` from volume creation * APIv2:fix: Remove `/json` from compat network EPs * Fix ssh-agent support * libpod: specify mappings to the storage * APIv2:doc: Fix swagger doc to refer to volumes * Add podman network to bash command completions * Fix typo in manpage for `podman auto update`. * Add JSON output field for ps * V2 podman system connection * image load: no args required * Re-add PODMAN_USERNS environment variable * Fix conflicts between privileged and other flags * Bump required go version to 1.13 * Add explicit command to alpine container in test case. * Use POLL_DURATION for timer * Stop following logs using timers * 'pod' was being truncated to 'po' in the names of the generated systemd unit files. * rootless_linux: improve error message * Fix podman build handling of --http-proxy flag * correct the absolute path of `rm` executable * Makefile: allow customizable GO_BUILD * Cirrus: Change DEST_BRANCH to v2.0 Update to podman v2.0.0 * The `podman generate systemd` command now supports the `--new` flag when used with pods, allowing portable services for pods to be created. * The `podman play kube` command now supports running Kubernetes Deployment YAML. * The `podman exec` command now supports the `--detach` flag to run commands in the container in the background. * The `-p` flag to `podman run` and `podman create` now supports forwarding ports to IPv6 addresses. * The `podman run`, `podman create` and `podman pod create` command now support a `--replace` flag to remove and replace any existing container (or, for `pod create`, pod) with the same name * The `--restart-policy` flag to `podman run` and `podman create` now supports the `unless-stopped` restart policy. * The `--log-driver` flag to `podman run` and `podman create` now supports the `none` driver, which does not log the container's output. * The `--mount` flag to `podman run` and `podman create` now accepts `readonly` option as an alias to `ro`. * The `podman generate systemd` command now supports the `--container-prefix`, `--pod-prefix`, and `--separator` arguments to control the name of generated unit files. * The `podman network ls` command now supports the `--filter` flag to filter results. * The `podman auto-update` command now supports specifying an authfile to use when pulling new images on a per-container basis using the `io.containers.autoupdate.authfile` label. * Fixed a bug where the `podman exec` command would log to journald when run in containers loggined to journald ([#6555](https://github.com/containers/libpod/issues/6555)). * Fixed a bug where the `podman auto-update` command would not preserve the OS and architecture of the original image when pulling a replacement ([#6613](https://github.com/containers/libpod/issues/6613)). * Fixed a bug where the `podman cp` command could create an extra `merged` directory when copying into an existing directory ([#6596](https://github.com/containers/libpod/issues/6596)). * Fixed a bug where the `podman pod stats` command would crash on pods run with `--network=host` ([#5652](https://github.com/containers/libpod/issues/5652)). * Fixed a bug where containers logs written to journald did not include the name of the container. * Fixed a bug where the `podman network inspect` and `podman network rm` commands did not properly handle non-default CNI configuration paths ([#6212](https://github.com/containers/libpod/issues/6212)). * Fixed a bug where Podman did not properly remove containers when using the Kata containers OCI runtime. * Fixed a bug where `podman inspect` would sometimes incorrectly report the network mode of containers started with `--net=none`. * Podman is now better able to deal with cases where `conmon` is killed before the container it is monitoring. Update to podman v1.9.3: * Fixed a bug where, on FIPS enabled hosts, FIPS mode secrets were not properly mounted into containers * Fixed a bug where builds run over Varlink would hang * Fixed a bug where podman save would fail when the target image was specified by digest * Fixed a bug where rootless containers with ports forwarded to them could panic and dump core due to a concurrency issue (#6018) * Fixed a bug where rootless Podman could race when opening the rootless user namespace, resulting in commands failing to run * Fixed a bug where HTTP proxy environment variables forwarded into the container by the --http-proxy flag could not be overridden by --env or --env-file * Fixed a bug where rootless Podman was setting resource limits on cgroups v2 systems that were not using systemd-managed cgroups (and thus did not support resource limits), resulting in containers failing to start Update podman to v1.9.1: * Bugfixes - Fixed a bug where healthchecks could become nonfunctional if container log paths were manually set with --log-path and multiple container logs were placed in the same directory - Fixed a bug where rootless Podman could, when using an older libpod.conf, print numerous warning messages about an invalid CGroup manager config - Fixed a bug where rootless Podman would sometimes fail to close the rootless user namespace when joining it Update podman to v1.9.0: * Features - Experimental support has been added for podman run --userns=auto, which automatically allocates a unique UID and GID range for the new container's user namespace - The podman play kube command now has a --network flag to place the created pod in one or more CNI networks - The podman commit command now supports an --iidfile flag to write the ID of the committed image to a file - Initial support for the new containers.conf configuration file has been added. containers.conf allows for much more detailed configuration of some Podman functionality * Changes - There has been a major cleanup of the podman info command resulting in breaking changes. Many fields have been renamed to better suit usage with APIv2 - All uses of the --timeout flag have been switched to prefer the alternative --time. The --timeout flag will continue to work, but man pages and --help will use the --time flag instead * Bugfixes - Fixed a bug where some volume mounts from the host would sometimes not properly determine the flags they should use when mounting - Fixed a bug where Podman was not propagating $PATH to Conmon and the OCI runtime, causing issues for some OCI runtimes that required it - Fixed a bug where rootless Podman would print error messages about missing support for systemd cgroups when run in a container with no cgroup support - Fixed a bug where podman play kube would not properly handle container-only port mappings (#5610) - Fixed a bug where the podman container prune command was not pruning containers in the created and configured states - Fixed a bug where Podman was not properly removing CNI IP address allocations after a reboot (#5433) - Fixed a bug where Podman was not properly applying the default Seccomp profile when --security-opt was not given at the command line * HTTP API - Many Libpod API endpoints have been added, including Changes, Checkpoint, Init, and Restore - Resolved issues where the podman system service command would time out and exit while there were still active connections - Stability overall has greatly improved as we prepare the API for a beta release soon with Podman 2.0 * Misc - The default infra image for pods has been upgraded to k8s.gcr.io/pause:3.2 (from 3.1) to address a bug in the architecture metadata for non-AMD64 images - The slirp4netns networking utility in rootless Podman now uses Seccomp filtering where available for improved security - Updated Buildah to v1.14.8 - Updated containers/storage to v1.18.2 - Updated containers/image to v5.4.3 - Updated containers/common to v0.8.1 - Add 'systemd' BUILDFLAGS to build with support for journald logging (bsc#1162432) Update podman to v1.8.2: * Features - Initial support for automatically updating containers managed via Systemd unit files has been merged. This allows containers to automatically upgrade if a newer version of their image becomes available * Bugfixes - Fixed a bug where unit files generated by podman generate systemd --new would not force containers to detach, causing the unit to time out when trying to start - Fixed a bug where podman system reset could delete important system directories if run as rootless on installations created by older Podman (#4831) - Fixed a bug where image built by podman build would not properly set the OS and Architecture they were built with (#5503) - Fixed a bug where attached podman run with --sig-proxy enabled (the default), when built with Go 1.14, would repeatedly send signal 23 to the process in the container and could generate errors when the container stopped (#5483) - Fixed a bug where rootless podman run commands could hang when forwarding ports - Fixed a bug where rootless Podman would not work when /proc was mounted with the hidepid option set - Fixed a bug where the podman system service command would use large amounts of CPU when --timeout was set to 0 (#5531) * HTTP API - Initial support for Libpod endpoints related to creating and operating on image manifest lists has been added - The Libpod Healthcheck and Events API endpoints are now supported - The Swagger endpoint can now handle cases where no Swagger documentation has been generated Update podman to v1.8.1: * Features - Many networking-related flags have been added to podman pod create to enable customization of pod networks, including --add-host, --dns, --dns-opt, --dns-search, --ip, --mac-address, --network, and --no-hosts - The podman ps --format=json command now includes the ID of the image containers were created with - The podman run and podman create commands now feature an --rmi flag to remove the image the container was using after it exits (if no other containers are using said image) ([#4628](https://github.com/containers/libpod/issues/4628)) - The podman create and podman run commands now support the --device-cgroup-rule flag (#4876) - While the HTTP API remains in alpha, many fixes and additions have landed. These are documented in a separate subsection below - The podman create and podman run commands now feature a --no-healthcheck flag to disable healthchecks for a container (#5299) - Containers now recognize the io.containers.capabilities label, which specifies a list of capabilities required by the image to run. These capabilities will be used as long as they are more restrictive than the default capabilities used - YAML produced by the podman generate kube command now includes SELinux configuration passed into the container via --security-opt label=... (#4950) * Bugfixes - Fixed CVE-2020-1726, a security issue where volumes manually populated before first being mounted into a container could have those contents overwritten on first being mounted into a container - Fixed a bug where Podman containers with user namespaces in CNI networks with the DNS plugin enabled would not have the DNS plugin's nameserver added to their resolv.conf ([#5256](https://github.com/containers/libpod/issues/5256)) - Fixed a bug where trailing / characters in image volume definitions could cause them to not be overridden by a user-specified mount at the same location ([#5219](https://github.com/containers/libpod/issues/5219)) - Fixed a bug where the label option in libpod.conf, used to disable SELinux by default, was not being respected (#5087) - Fixed a bug where the podman login and podman logout commands required the registry to log into be specified (#5146) - Fixed a bug where detached rootless Podman containers could not forward ports (#5167) - Fixed a bug where rootless Podman could fail to run if the pause process had died - Fixed a bug where Podman ignored labels that were specified with only a key and no value (#3854) - Fixed a bug where Podman would fail to create named volumes when the backing filesystem did not support SELinux labelling (#5200) - Fixed a bug where --detach-keys='' would not disable detaching from a container (#5166) - Fixed a bug where the podman ps command was too aggressive when filtering containers and would force --all on in too many situations - Fixed a bug where the podman play kube command was ignoring image configuration, including volumes, working directory, labels, and stop signal (#5174) - Fixed a bug where the Created and CreatedTime fields in podman images --format=json were misnamed, which also broke Go template output for those fields ([#5110](https://github.com/containers/libpod/issues/5110)) - Fixed a bug where rootless Podman containers with ports forwarded could hang when started (#5182) - Fixed a bug where podman pull could fail to parse registry names including port numbers - Fixed a bug where Podman would incorrectly attempt to validate image OS and architecture when starting containers - Fixed a bug where Bash completion for podman build -f would not list available files that could be built (#3878) - Fixed a bug where podman commit --change would perform incorrect validation, resulting in valid changes being rejected (#5148) - Fixed a bug where podman logs --tail could take large amounts of memory when the log file for a container was large (#5131) - Fixed a bug where Podman would sometimes incorrectly generate firewall rules on systems using firewalld - Fixed a bug where the podman inspect command would not display network information for containers properly if a container joined multiple CNI networks ([#4907](https://github.com/containers/libpod/issues/4907)) - Fixed a bug where the --uts flag to podman create and podman run would only allow specifying containers by full ID (#5289) - Fixed a bug where rootless Podman could segfault when passed a large number of file descriptors - Fixed a bug where the podman port command was incorrectly interpreting additional arguments as container names, instead of port numbers - Fixed a bug where units created by podman generate systemd did not depend on network targets, and so could start before the system network was ready (#4130) - Fixed a bug where exec sessions in containers which did not specify a user would not inherit supplemental groups added to the container via --group-add - Fixed a bug where Podman would not respect the $TMPDIR environment variable for placing large temporary files during some operations (e.g. podman pull) ([#5411](https://github.com/containers/libpod/issues/5411)) * HTTP API - Initial support for secure connections to servers via SSH tunneling has been added - Initial support for the libpod create and logs endpoints for containers has been added - Added a /swagger/ endpoint to serve API documentation - The json endpoint for containers has received many fixes - Filtering images and containers has been greatly improved, with many bugs fixed and documentation improved - Image creation endpoints (commit, pull, etc) have seen many fixes - Server timeout has been fixed so that long operations will no longer trigger the timeout and shut the server down - The stats endpoint for containers has seen major fixes and now provides accurate output - Handling the HTTP 304 status code has been fixed for all endpoints - Many fixes have been made to API documentation to ensure it matches the code * Misc - The Created field to podman images --format=json has been renamed to CreatedSince as part of the fix for (#5110). Go templates using the old name shou ld still work - The CreatedTime field to podman images --format=json has been renamed to CreatedAt as part of the fix for (#5110). Go templates using the old name should still work - The before filter to podman images has been renamed to since for Docker compatibility. Using before will still work, but documentation has been changed to use the new since filter - Using the --password flag to podman login now warns that passwords are being passed in plaintext - Some common cases where Podman would deadlock have been fixed to warn the user that podman system renumber must be run to resolve the deadlock - Configure br_netfilter for podman automatically (bsc#1165738) The trigger is only excuted when updating podman-cni-config while the command was running conmon was update to v2.0.20 (bsc#1175821) - journald: fix logging container name - container logging: Implement none driver - 'off', 'null' or 'none' all work. - ctrl: warn if we fail to unlink - Drop fsync calls - Reap PIDs before running exit command - Fix log path parsing - Add --sync option to prevent conmon from double forking - Add --no-sync-log option to instruct conmon to not sync the logs of the containers upon shutting down. This feature fixes a regression where we unconditionally dropped the log sync. It is possible the container logs could be corrupted on a sudden power-off. If you need container logs to remain in consistent state after a sudden shutdown, please update from v2.0.19 to v2.0.20 - Update to v2.0.17: - Add option to delay execution of exit command - Update to v2.0.16: - tty: flush pending data when fd is ready - Enable support for journald logging (bsc#1162432) - Update to v2.0.15: - store status while waiting for pid - Update to v2.0.14: - drop usage of splice(2) - avoid hanging on stdin - stdio: sometimes quit main loop after io is done - ignore sigpipe - Update to v2.0.12 - oom: fix potential race between verification steps - Update to v2.0.11 - log: reject --log-tag with k8s-file - chmod std files pipes - adjust score to -1000 to prevent conmon from ever being OOM killed - container OOM: verify cgroup hasn't been cleaned up before reporting OOM - journal logging: write to /dev/null instead of -1 fuse-overlayfs was updated to 1.1.2 (bsc#1175821): - fix memory leak when creating whiteout files. - fix lookup for overflow uid when it is different than the overflow gid. - use openat2(2) when available. - accept 'ro' as mount option. - fix set mtime for a symlink. - fix some issues reported by static analysis. - fix potential infinite loop on a short read. - fix creating a directory if the destination already exists in the upper layer. - report correctly the number of links for a directory also for subsequent stat calls - stop looking up the ino in the lower layers if the file could not be opened - make sure the destination is deleted before doing a rename(2). It prevents a left over directory to cause delete to fail with EEXIST. - honor --debug. libcontainers-common was updated to fix: - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Added containers/common tarball for containers.conf(5) man page - Install containers.conf default configuration in /usr/share/containers - libpod repository on github got renamed to podman - Update to image 5.5.1 - Add documentation for credHelpera - Add defaults for using the rootless policy path - Update libpod/podman to 2.0.3 - docs: user namespace can't be shared in pods - Switch references from libpod.conf to containers.conf - Allow empty host port in --publish flag - update document login see config.json as valid - Update storage to 1.20.2 - Add back skip_mount_home - Remove remaining difference between SLE and openSUSE package and ship the some mounts.conf default configuration on both platforms. As the sources for the mount point do not exist on openSUSE by default this config will basically have no effect on openSUSE. (jsc#SLE-12122, bsc#1175821) - Update to image 5.4.4 - Remove registries.conf VERSION 2 references from man page - Intial authfile man page - Add $HOME/.config/containers/certs.d to perHostCertDirPath - Add $HOME/.config/containers/registries.conf to config path - registries.conf.d: add stances for the registries.conf - update to libpod 1.9.3 - userns: support --userns=auto - Switch to using --time as opposed to --timeout to better match Docker - Add support for specifying CNI networks in podman play kube - man pages: fix inconsistencies - Update to storage 1.19.1 - userns: add support for auto - store: change the default user to containers - config: honor XDG_CONFIG_HOME - Remove the /var/lib/ca-certificates/pem/SUSE.pem workaround again. It never ended up in SLES and a different way to fix the underlying problem is being worked on. - Add registry.opensuse.org as default registry [bsc#1171578] - Add /var/lib/ca-certificates/pem/SUSE.pem to the SLES mounts. This for making container-suseconnect working in the public cloud on-demand images. It needs that file for being able to verify the server certificates of the RMT servers hosted in the public cloud. (https://github.com/SUSE/container-suseconnect/issues/41) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2965-1 Released: Tue Oct 20 13:27:21 2020 Summary: Recommended update for cni, cni-plugins Type: recommended Severity: moderate References: 1172786 This update ships cni and cni-plugins to the Public Cloud Module of SUSE Linux Enterprise 15 SP2. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1954-1 Released: Fri Jun 11 10:45:09 2021 Summary: Security update for containerd, docker, runc Type: security Severity: important References: 1168481,1175081,1175821,1181594,1181641,1181677,1181730,1181732,1181749,1182451,1182476,1182947,1183024,1183855,1184768,1184962,1185405,CVE-2021-21284,CVE-2021-21285,CVE-2021-21334,CVE-2021-30465 This update for containerd, docker, runc fixes the following issues: Docker was updated to 20.10.6-ce (bsc#1184768, bsc#1182947, bsc#1181594) * Switch version to use -ce suffix rather than _ce to avoid confusing other tools (bsc#1182476). * CVE-2021-21284: Fixed a potential privilege escalation when the root user in the remapped namespace has access to the host filesystem (bsc#1181732) * CVE-2021-21285: Fixed an issue where pulling a malformed Docker image manifest crashes the dockerd daemon (bsc#1181730). * btrfs quotas being removed by Docker regularly (bsc#1183855, bsc#1175081) runc was updated to v1.0.0~rc93 (bsc#1182451, bsc#1175821 bsc#1184962). * Use the upstream runc package (bsc#1181641, bsc#1181677, bsc#1175821). * Fixed /dev/null is not available (bsc#1168481). * CVE-2021-30465: Fixed a symlink-exchange attack vulnarability (bsc#1185405). containerd was updated to v1.4.4 * CVE-2021-21334: Fixed a potential information leak through environment variables (bsc#1183397). * Handle a requirement from docker (bsc#1181594). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2962-1 Released: Mon Sep 6 18:23:01 2021 Summary: Recommended update for runc Type: recommended Severity: critical References: 1189743 This update for runc fixes the following issues: - Fixed an issue when toolbox container fails to start. (bsc#1189743) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3506-1 Released: Mon Oct 25 10:20:22 2021 Summary: Security update for containerd, docker, runc Type: security Severity: important References: 1102408,1185405,1187704,1188282,1190826,1191015,1191121,1191334,1191355,1191434,CVE-2021-30465,CVE-2021-32760,CVE-2021-41089,CVE-2021-41091,CVE-2021-41092,CVE-2021-41103 This update for containerd, docker, runc fixes the following issues: Docker was updated to 20.10.9-ce. (bsc#1191355) See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. CVE-2021-41092 CVE-2021-41089 CVE-2021-41091 CVE-2021-41103 container was updated to v1.4.11, to fix CVE-2021-41103. bsc#1191355 - CVE-2021-32760: Fixed that a archive package allows chmod of file outside of unpack target directory (bsc#1188282) - Install systemd service file as well (bsc#1190826) Update to runc v1.0.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.2 * Fixed a failure to set CPU quota period in some cases on cgroup v1. * Fixed the inability to start a container with the 'adding seccomp filter rule for syscall ...' error, caused by redundant seccomp rules (i.e. those that has action equal to the default one). Such redundant rules are now skipped. * Made release builds reproducible from now on. * Fixed a rare debug log race in runc init, which can result in occasional harmful 'failed to decode ...' errors from runc run or exec. * Fixed the check in cgroup v1 systemd manager if a container needs to be frozen before Set, and add a setting to skip such freeze unconditionally. The previous fix for that issue, done in runc 1.0.1, was not working. Update to runc v1.0.1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.1 * Fixed occasional runc exec/run failure ('interrupted system call') on an Azure volume. * Fixed 'unable to find groups ... token too long' error with /etc/group containing lines longer than 64K characters. * cgroup/systemd/v1: fix leaving cgroup frozen after Set if a parent cgroup is frozen. This is a regression in 1.0.0, not affecting runc itself but some of libcontainer users (e.g Kubernetes). * cgroupv2: bpf: Ignore inaccessible existing programs in case of permission error when handling replacement of existing bpf cgroup programs. This fixes a regression in 1.0.0, where some SELinux policies would block runc from being able to run entirely. * cgroup/systemd/v2: don't freeze cgroup on Set. * cgroup/systemd/v1: avoid unnecessary freeze on Set. - fix issues with runc under openSUSE MicroOS's SELinux policy. bsc#1187704 Update to runc v1.0.0. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0 ! The usage of relative paths for mountpoints will now produce a warning (such configurations are outside of the spec, and in future runc will produce an error when given such configurations). * cgroupv2: devices: rework the filter generation to produce consistent results with cgroupv1, and always clobber any existing eBPF program(s) to fix runc update and avoid leaking eBPF programs (resulting in errors when managing containers). * cgroupv2: correctly convert 'number of IOs' statistics in a cgroupv1-compatible way. * cgroupv2: support larger than 32-bit IO statistics on 32-bit architectures. * cgroupv2: wait for freeze to finish before returning from the freezing code, optimize the method for checking whether a cgroup is frozen. * cgroups/systemd: fixed 'retry on dbus disconnect' logic introduced in rc94 * cgroups/systemd: fixed returning 'unit already exists' error from a systemd cgroup manager (regression in rc94) + cgroupv2: support SkipDevices with systemd driver + cgroup/systemd: return, not ignore, stop unit error from Destroy + Make 'runc --version' output sane even when built with go get or otherwise outside of our build scripts. + cgroups: set SkipDevices during runc update (so we don't modify cgroups at all during runc update). + cgroup1: blkio: support BFQ weights. + cgroupv2: set per-device io weights if BFQ IO scheduler is available. Update to runc v1.0.0~rc95. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc95 This release of runc contains a fix for CVE-2021-30465, and users are strongly recommended to update (especially if you are providing semi-limited access to spawn containers to untrusted users). (bsc#1185405) Update to runc v1.0.0~rc94. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc94 Breaking Changes: * cgroupv1: kernel memory limits are now always ignored, as kmemcg has been effectively deprecated by the kernel. Users should make use of regular memory cgroup controls. Regression Fixes: * seccomp: fix 32-bit compilation errors * runc init: fix a hang caused by deadlock in seccomp/ebpf loading code * runc start: fix 'chdir to cwd: permission denied' for some setups ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4171-1 Released: Thu Dec 23 09:55:13 2021 Summary: Security update for runc Type: security Severity: moderate References: 1193436,CVE-2021-43784 This update for runc fixes the following issues: Update to runc v1.0.3. * CVE-2021-43784: Fixed a potential vulnerability related to the internal usage of netlink, which is believed to not be exploitable with any released versions of runc (bsc#1193436) * Fixed inability to start a container with read-write bind mount of a read-only fuse host mount. * Fixed inability to start when read-only /dev in set in spec. * Fixed not removing sub-cgroups upon container delete, when rootless cgroup v2 is used with older systemd. * Fixed returning error from GetStats when hugetlb is unsupported (which causes excessive logging for kubernetes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:943-1 Released: Thu Mar 24 12:52:54 2022 Summary: Security update for slirp4netns Type: security Severity: moderate References: 1179467,CVE-2020-29130 This update for slirp4netns fixes the following issues: - CVE-2020-29130: Fixed an invalid memory access while processing ARP packets (bsc#1179467). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2341-1 Released: Fri Jul 8 16:09:12 2022 Summary: Security update for containerd, docker and runc Type: security Severity: important References: 1192051,1199460,1199565,1200088,1200145,CVE-2022-29162,CVE-2022-31030 This update for containerd, docker and runc fixes the following issues: containerd: - CVE-2022-31030: Fixed denial of service via invocation of the ExecSync API (bsc#1200145) docker: - Update to Docker 20.10.17-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/#201017. (bsc#1200145) runc: Update to runc v1.1.3. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.3. * Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on s390 and s390x. This solves the issue where syscalls the host kernel did not support would return `-EPERM` despite the existence of the `-ENOSYS` stub code (this was due to how s390x does syscall multiplexing). * Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as intended; this fix does not affect runc binary itself but is important for libcontainer users such as Kubernetes. * Inability to compile with recent clang due to an issue with duplicate constants in libseccomp-golang. * When using systemd cgroup driver, skip adding device paths that don't exist, to stop systemd from emitting warnings about those paths. * Socket activation was failing when more than 3 sockets were used. * Various CI fixes. * Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container. - Fixed issues with newer syscalls (namely faccessat2) on older kernels on s390(x) caused by that platform's syscall multiplexing semantics. (bsc#1192051 bsc#1199565) Update to runc v1.1.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.2. Security issue fixed: - CVE-2022-29162: A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment. (bsc#1199460) - `runc spec` no longer sets any inheritable capabilities in the created example OCI spec (`config.json`) file. Update to runc v1.1.1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.1. * runc run/start can now run a container with read-only /dev in OCI spec, rather than error out. (#3355) * runc exec now ensures that --cgroup argument is a sub-cgroup. (#3403) libcontainer systemd v2 manager no longer errors out if one of the files listed in /sys/kernel/cgroup/delegate do not exist in container's cgroup. (#3387, #3404) * Loosen OCI spec validation to avoid bogus 'Intel RDT is not supported' error. (#3406) * libcontainer/cgroups no longer panics in cgroup v1 managers if stat of /sys/fs/cgroup/unified returns an error other than ENOENT. (#3435) Update to runc v1.1.0. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0. - libcontainer will now refuse to build without the nsenter package being correctly compiled (specifically this requires CGO to be enabled). This should avoid folks accidentally creating broken runc binaries (and incorrectly importing our internal libraries into their projects). (#3331) Update to runc v1.1.0~rc1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0-rc.1. + Add support for RDMA cgroup added in Linux 4.11. * runc exec now produces exit code of 255 when the exec failed. This may help in distinguishing between runc exec failures (such as invalid options, non-running container or non-existent binary etc.) and failures of the command being executed. + runc run: new --keep option to skip removal exited containers artefacts. This might be useful to check the state (e.g. of cgroup controllers) after the container has???exited. + seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD (the latter is just an alias for SCMP_ACT_KILL). + seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows users to create sophisticated seccomp filters where syscalls can be efficiently emulated by privileged processes on the host. + checkpoint/restore: add an option (--lsm-mount-context) to set a different LSM mount context on restore. + intelrdt: support ClosID parameter. + runc exec --cgroup: an option to specify a (non-top) in-container cgroup to use for the process being executed. + cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1 machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc run/exec now adds the container to the appropriate cgroup under it). + sysctl: allow slashes in sysctl names, to better match sysctl(8)'s behaviour. + mounts: add support for bind-mounts which are inaccessible after switching the user namespace. Note that this does not permit the container any additional access to the host filesystem, it simply allows containers to have bind-mounts configured for paths the user can access but have restrictive access control settings for other users. + Add support for recursive mount attributes using mount_setattr(2). These have the same names as the proposed mount(8) options -- just prepend r to the option name (such as rro). + Add runc features subcommand to allow runc users to detect what features runc has been built with. This includes critical information such as supported mount flags, hook names, and so on. Note that the output of this command is subject to change and will not be considered stable until runc 1.2 at the earliest. The runtime-spec specification for this feature is being developed in opencontainers/runtime-spec#1130. * system: improve performance of /proc/$pid/stat parsing. * cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change the ownership of certain cgroup control files (as per /sys/kernel/cgroup/delegate) to allow for proper deferral to the container process. * runc checkpoint/restore: fixed for containers with an external bind mount which destination is a symlink. * cgroup: improve openat2 handling for cgroup directory handle hardening. runc delete -f now succeeds (rather than timing out) on a paused container. * runc run/start/exec now refuses a frozen cgroup (paused container in case of exec). Users can disable this using --ignore-paused. - Update version data embedded in binary to correctly include the git commit of the release. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2360-1 Released: Tue Jul 12 12:01:39 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2566-1 Released: Wed Jul 27 15:04:49 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199235,CVE-2022-1587 This update for pcre2 fixes the following issues: - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2834-1 Released: Wed Aug 17 16:51:55 2022 Summary: Security update for podman Type: security Severity: important References: 1182428,1196338,1197284,CVE-2022-1227,CVE-2022-21698,CVE-2022-27191 This update for podman fixes the following issues: Updated to version 3.4.7: - CVE-2022-1227: Fixed an issue that could allow an attacker to publish a malicious image to a public registry and run arbitrary code in the victim's context via the 'podman top' command (bsc#1182428). - CVE-2022-27191: Fixed a potential crash via SSH under specific configurations (bsc#1197284). - CVE-2022-21698: Fixed a potential denial of service that affected servers that used Prometheus instrumentation (bsc#1196338). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3435-1 Released: Tue Sep 27 14:55:38 2022 Summary: Recommended update for runc Type: recommended Severity: important References: 1202821 This update for runc fixes the following issues: - Fix mounting via wrong proc fd. When the user and mount namespaces are used, and the bind mount is followed by the cgroup mount in the spec, the cgroup was mounted using the bind mount's mount fd. - Fix 'permission denied' error from runc run on noexec fs - Fix regression causing a failed 'exec' error after systemctl daemon-reload (bsc#1202821) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3820-1 Released: Mon Oct 31 12:52:56 2022 Summary: Security update for podman Type: security Severity: moderate References: 1202809,CVE-2022-2989 This update for podman fixes the following issues: - CVE-2022-2989: Fixed possible information disclosure and modification (bsc#1202809). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3927-1 Released: Wed Nov 9 14:55:47 2022 Summary: Recommended update for runc Type: recommended Severity: moderate References: 1202021,1202821 This update for runc fixes the following issues: - Update to runc v1.1.4 (bsc#1202021) - Fix failed exec after systemctl daemon-reload (bsc#1202821) - Fix mounting via wrong proc - Fix 'permission denied' error from runc run on noexec filesystem ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4592-1 Released: Tue Dec 20 16:51:35 2022 Summary: Security update for cni Type: security Severity: important References: 1181961,CVE-2021-20206 This update for cni fixes the following issues: - CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4593-1 Released: Tue Dec 20 16:55:16 2022 Summary: Security update for cni-plugins Type: security Severity: important References: 1181961,CVE-2021-20206 This update for cni-plugins fixes the following issues: - CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4618-1 Released: Fri Dec 23 13:02:31 2022 Summary: Recommended update for catatonit Type: recommended Severity: moderate References: This update for catatonit fixes the following issues: Update to catatonit v0.1.7: - This release adds the ability for catatonit to be used as the only process in a pause container, by passing the -P flag (in this mode no subprocess is spawned and thus no signal forwarding is done). Update to catatonit v0.1.6: - which fixes a few bugs -- mainly ones related to socket activation or features somewhat adjacent to socket activation (such as passing file descriptors). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4635-1 Released: Thu Dec 29 12:31:19 2022 Summary: Security update for conmon Type: security Severity: moderate References: 1200285,CVE-2022-1708 This update for conmon fixes the following issues: conmon was updated to version 2.1.5: * don't leak syslog_identifier * logging: do not read more that the buf size * logging: fix error handling * Makefile: Fix install for FreeBSD * signal: Track changes to get_signal_descriptor in the FreeBSD version * Packit: initial enablement Update to version 2.1.4: * Fix a bug where conmon crashed when it got a SIGCHLD update to 2.1.3: * Stop using g_unix_signal_add() to avoid threads * Rename CLI optionlog-size-global-max to log-global-size-max Update to version 2.1.2: * add log-global-size-max option to limit the total output conmon processes (CVE-2022-1708 bsc#1200285) * journald: print tag and name if both are specified * drop some logs to debug level Update to version 2.1.0 * logging: buffer partial messages to journald * exit: close all fds >= 3 * fix: cgroup: Free memory_cgroup_file_path if open fails. Update to version 2.0.32 * Fix: Avoid mainfd_std{in,out} sharing the same file descriptor. * exit_command: Fix: unset subreaper attribute before running exit command Update to version 2.0.31 * logging: new mode -l passthrough * ctr_logs: use container name or ID as SYSLOG_IDENTIFIER for journald * conmon: Fix: free userdata files before exec cleanup ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:187-1 Released: Fri Jan 27 11:26:55 2023 Summary: Security update for podman Type: security Severity: important References: 1181640,1181961,1193166,1193273,1197672,1199790,1202809,CVE-2021-20199,CVE-2021-20206,CVE-2021-4024,CVE-2021-41190,CVE-2022-27649,CVE-2022-2989 This update for podman fixes the following issues: podman was updated to version 4.3.1: 4.3.1: * Bugfixes - Fixed a deadlock between the `podman ps` and `podman container inspect` commands * Misc - Updated the containers/image library to v5.23.1 4.3.0: * Features - A new command, `podman generate spec`, has been added, which creates a JSON struct based on a given container that can be used with the Podman REST API to create containers. - A new command, `podman update`, has been added,which makes changes to the resource limits of existing containers. Please note that these changes do not persist if the container is restarted - A new command, `podman kube down`, has been added, which removes pods and containers created by the given Kubernetes YAML (functionality is identical to `podman kube play --down`, but it now has its own command). - The `podman kube play` command now supports Kubernetes secrets using Podman's secrets backend. - Systemd-managed pods created by the `podman kube play` command now integrate with sd-notify, using the `io.containers.sdnotify` annotation (or `io.containers.sdnotify/$name` for specific containers). - Systemd-managed pods created by `podman kube play` can now be auto-updated, using the `io.containers.auto-update` annotation (or `io.containers.auto-update/$name` for specific containers). - The `podman kube play` command can now read YAML from URLs, e.g. `podman kube play https://example.com/demo.yml` - The `podman kube play` command now supports the `emptyDir` volume type - The `podman kube play` command now supports the `HostUsers` field in the pod spec. - The `podman play kube` command now supports `binaryData` in ConfigMaps. - The `podman pod create` command can now set additional resource limits for pods using the new `--memory-swap`, `--cpuset-mems`, `--device-read-bps`, `--device-write-bps`, `--blkio-weight`, `--blkio-weight-device`, and `--cpu-shares` options. - The `podman machine init` command now supports a new option, `--username`, to set the username that will be used to connect to the VM as a non-root user - The `podman volume create` command's `-o timeout=` option can now set a timeout of 0, indicating volume plugin operations will never time out. - Added support for a new volume driver, `image`, which allows volumes to be created that are backed by images. - The `podman run` and `podman create` commands support a new option, `--env-merge`, allowing environment variables to be specified relative to other environment variables in the image (e.g. `podman run --env-merge 'PATH=$PATH:/my/app' ...`) - The `podman run` and `podman create` commands support a new option, `--on-failure`, to allow action to be taken when a container fails health checks, with the following supported actions: `none` (take no action, the default), `kill` (kill the container), `restart` (restart the container), and `stop` (stop the container). - The `--keep-id` option to `podman create` and `podman run` now supports new options, `uid` and `gid`, to set the UID and GID of the user in the container that will be mapped to the user running Podman (e.g. `--userns=keep-id:uid=11` will made the user running Podman to UID 11 in the container) - The `podman generate systemd` command now supports a new option, `--env`/`-e`, to set environment variables in the generated unit file - The `podman pause` and `podman unpause` commands now support the `--latest`, `--cidfile`, and `--filter` options. - The `podman restart` command now supports the `--cidfile` and `--filter` options. - The `podman rm` command now supports the `--filter` option to select which containers will be removed. - The `podman rmi` command now supports a new option, `--no-prune`, to prevent the removal of dangling parents of removed images. - The `--dns-opt` option to `podman create`, `podman run`, and `podman pod create` has received a new alias, `--dns-option`, to improve Docker compatibility. - The `podman` command now features a new global flag, `--debug`/`-D`, which enables debug-level logging (identical to `--log-level=debug`), improving Docker compatibility. - The `podman` command now features a new global flag, `--config`. This flag is ignored, and is only included for Docker compatibility - The `podman manifest create` command now accepts a new option, `--amend`/`-a`. - The `podman manifest create`, `podman manifest add` and `podman manifest push` commands now accept a new option, `--insecure` (identical to `--tls-verify=false`), improving Docker compatibility. - The `podman secret create` command's `--driver` and `--format` options now have new aliases, `-d` for `--driver` and `-f` for `--format`. - The `podman secret create` command now supports a new option, `--label`/`-l`, to add labels to created secrets. - The `podman secret ls` command now accepts the `--quiet`/`-q` option. - The `podman secret inspect` command now accepts a new option, `--pretty`, to print output in human-readable format. - The `podman stats` command now accepts the `--no-trunc` option. - The `podman save` command now accepts the `--signature-policy` option - The `podman pod inspect` command now allows multiple arguments to be passed. If so, it will return a JSON array of the inspected pods - A series of new hidden commands have been added under `podman context` as aliases to existing `podman system connection` commands, to improve Docker compatibility. - The remote Podman client now supports proxying signals for attach sessions when the `--sig-proxy` option is set ### Changes - Duplicate volume mounts are now allowed with the `-v` option to `podman run`, `podman create`, and `podman pod create`, so long as source, destination, and options all match - The `podman generate kube` and `podman play kube` commands have been renamed to `podman kube generate` and `podman kube play` to group Kubernetes-related commands. Aliases have been added to ensure the old command names still function. - A number of Podman commands (`podman init`, `podman container checkpoint`, `podman container restore`, `podman container cleanup`) now print the user-inputted name of the container, instead of its full ID, on success. - When an unsupported option (e.g. resource limit) is specified for a rootless container on a cgroups v1 system, a warning message is now printed that the limit will not be honored. - The installer for the Windows Podman client has been improved. - The `--cpu-rt-period` and `--cpu-rt-runtime` options to `podman run` and `podman create` now print a warning and are ignored on cgroups v2 systems (cgroups v2 having dropped support for these controllers) - Privileged containers running systemd will no longer mount `/dev/tty*` devices other than `/dev/tty` itself into the container - Events for containers that are part of a pod now include the ID of the pod in the event. - SSH functionality for `podman machine` commands has seen a thorough rework, addressing many issues about authentication. - The `--network` option to `podman kube play` now allows passing `host` to set the pod to use host networking, even if the YAML does not request this. - The `podman inspect` command on containers now includes the digest of the image used to create the container. - Pods created by `podman play kube` are now, by default, placed into a network named `podman-kube`. If the `podman-kube` network does not exist, it will be created. This ensures pods can connect to each other by their names, as the network has DNS enabled. Update to version 4.2.0: * Features - Podman now supports the Gitlab Runner (using the Docker executor), allowing its use in Gitlab CI/CD pipelines. - A new command has been added, podman pod clone, to create a copy of an existing pod. It supports several options, including --start to start the new pod, --destroy to remove the original pod, and --name to change the name of the new pod - A new command has been added, podman volume reload, to sync changes in state between Podman's database and any configured volume plugins - A new command has been added, podman machine info, which displays information about the host and the versions of various machine components. - Pods created by podman play kube can now be managed by systemd unit files. This can be done via a new systemd service, podman-kube at .service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the Kubernetes pod or deployment contained in my.yaml under systemd. - The podman play kube command now honors the RunAsUser, RunAsGroup, and SupplementalGroups setting from the Kubernetes pod's security context. - The podman play kube command now supports volumes with the BlockDevice and CharDevice types - The podman play kube command now features a new flag, --userns, to set the user namespace of created pods. Two values are allowed at present: host and auto - The podman play kube command now supports setting the type of created init containers via the io.podman.annotations.init.container.type annotation. - Pods now have include an exit policy (configurable via the --exit-policy option to podman pod create), which determines what will happen to the pod's infra container when the entire pod stops. The default, continue, acts as Podman currently does, while a new option, stop, stops the infra container after the last container in the pod stops, and is used by default for pods from podman play kube - The podman pod create command now allows the pod's name to be specified as an argument, instead of using the --name option - for example, podman pod create mypod instead of the prior podman pod create --name mypod. Please note that the --name option is not deprecated and will continue to work. - The podman pod create command's --share option now supports adding namespaces to the set by prefacing them with + (as opposed to specifying all namespaces that should be shared) - The podman pod create command has a new option, --shm-size, to specify the size of the /dev/shm mount that will be shared if the pod shares its UTS namespace (#14609). - The podman pod create command has a new option, --uts, to configure the UTS namespace that will be shared by containers in the pod. - The podman pod create command now supports setting pod-level resource limits via the --cpus, --cpuset-cpus, and --memory options. These will set a limit for all containers in the pod, while individual containers within the pod are allowed to set further limits. Look forward to more options for resource limits in our next release! - The podman create and podman run commands now include the -c short option for the --cpu-shares option. - The podman create and podman run commands can now create containers from a manifest list (and not an image) as long as the --platform option is specified (#14773). - The podman build command now supports a new option, --cpp-flag, to specify options for the C preprocessor when using Containerfile.in files that require preprocessing. - The podman build command now supports a new option, --build-context, allowing the user to specify an additional build context. - The podman machine inspect command now prints the location of the VM's Podman API socket on the host (#14231). - The podman machine init command on Windows now fetches an image with packages pre-installed (#14698). - Unused, cached Podman machine VM images are now cleaned up automatically. Note that because Podman now caches in a different directory, this will not clean up old images pulled before this change (#14697). - The default for the --image-volume option to podman run and podman create can now have its default set through the image_volume_mode setting in containers.conf (#14230). - Overlay volumes now support two new options, workdir and upperdir, to allow multiple overlay volumes from different containers to reuse the same workdir or upperdir (#14427). - The podman volume create command now supports two new options, copy and nocopy, to control whether contents from the overmounted folder in a container will be copied into the newly-created named volume (copy-up). - Volumes created using a volume plugin can now specify a timeout for all operations that contact the volume plugin (replacing the standard 5 second timeout) via the --opt o=timeout= option to podman volume create (BZ 2080458). - The podman volume ls command's --filter name= option now supports regular expression matching for volume names (#14583). - When used with a podman machine VM, volumes now support specification of the 9p security model using the security_model option to podman create -v and podman run -v. - The remote Podman client's podman push command now supports the --remove-signatures option (#14558). - The remote Podman client now supports the podman image scp command. - The podman image scp command now supports tagging the transferred image with a new name. - The podman network ls command supports a new filter, --filter dangling=, to list networks not presently used by any containers (#14595). - The --condition option to podman wait can now be specified multiple times to wait on any one of multiple conditions. - The podman events command now includes the -f short option for the --filter option. - The podman pull command now includes the -a short option for the --all-tags option. - The podman stop command now includes a new flag, --filter, to filter which containers will be stopped (e.g. podman stop --all --filter label=COM.MY.APP). - The Podman global option --url now has two aliases: -H and --host. - The podman network create command now supports a new option with the default bridge driver, --opt isolate=, which isolates the network by blocking any traffic from it to any other network with the isolate option enabled. This option is enabled by default for networks created using the Docker-compatible API. - Added the ability to create sigstore signatures in podman push and podman manifest push. - Added an option to read image signing passphrase from a file. * Changes - Paused containers can now be killed with the podman kill command. - The podman system prune command now removes unused networks. - The --userns=keep-id and --userns=nomap options to the podman run and podman create commands are no longer allowed (instead of simply being ignored) with root Podman. - If the /run directory for a container is part of a volume, Podman will not create the /run/.containerenv file (#14577). - The podman machine stop command on macOS now waits for the machine to be completely stopped to exit (#14148). - All podman machine commands now only support being run as rootless, given that VMs only functioned when run rootless. - The podman unpause --all command will now only attempt to unpause containers that are paused, not all containers. - Init containers created with podman play kube now default to the once type (#14877). - Pods created with no shared namespaces will no longer create an infra container unless one is explicitly requested (#15048). - The podman create, podman run, and podman cp commands can now autocomplete paths in the image or container via the shell completion. - The libpod/common package has been removed as it's not used anywhere. - The --userns option to podman create and podman run is no longer accepted when an explicit UID or GID mapping is specified (#15233). * Misc - Podman will now check for nameservers in /run/NetworkManager/no-stub-resolv.conf if the /etc/resolv.conf file only contains a localhost server. - The podman build command now supports caching with builds that specify --squash-all by allowing the --layers flag to be used at the same time. - Podman Machine support for QEMU installations at non-default paths has been improved. - The podman machine ssh command no longer prints spurious warnings every time it is run. - When accessing the WSL prompt on Windows, the rootless user will be preferred. - The podman info command now includes a field for information on supported authentication plugins for improved Docker compatibility. Authentication plugins are not presently supported by Podman, so this field is always empty. - The podman system prune command now no longer prints the Deleted Images header if no images were pruned. - The podman system service command now automatically creates and moves to a sub-cgroup when running in the root cgroup (#14573). - Updated Buildah to v1.27.0 (fixes CVE-2022-21698 / bsc#1196338) - Updated the containers/image library to v5.22.0 - Updated the containers/storage library to v1.42.0 (fixes bsc#1196751) - Updated the containers/common library to v0.49.1 - Podman will automatically create a sub-cgroup and move itself into it when it detects that it is running inside a container (#14884). - Fixed an incorrect release note about regexp. - A new MacOS installer (via pkginstaller) is now supported. Update to version 4.1.1: * The output of the podman load command now mirrors that of docker load. * Podman now supports Docker Compose v2.2 and higher. Please note that it may be necessary to disable the use of Buildkit by setting the environment variable DOCKER_BUILDKIT=0. * A new container command has been added, podman container clone. This command makes a copy of an existing container, with the ability to change some settings (e.g. resource limits) while doing so. * Podman now supports sending JSON events related to machines to a Unix socket named machine_events.*\.sock in XDG_RUNTIME_DIR/podman or to a socket whose path is set in the PODMAN_MACHINE_EVENTS_SOCK environment variable. * Two new volume commands have been added, podman volume mount and podman volume unmount. These allow for Podman-managed named volumes to be mounted and accessed from outside containers. * The podman container checkpoint and podman container restore options now support checkpointing to and restoring from OCI images. This allows checkpoints to be distributed via standard image registries. * The podman play kube command now supports environment variables that are specified using the fieldRef and resourceFieldRef sources. * The podman play kube command will now set default resource limits when the provided YAML does not include them. * The podman play kube command now supports a new option, --annotation, to add annotations to created containers. * The podman play kube --build command now supports a new option, --context-dir, which allows the user to specify the context directory to use when building the Containerfile. * The podman container commit command now supports a new option, --squash, which squashes the generated image into a single layer. * The podman pod logs command now supports two new options, --names, which identifies which container generated a log message by name, instead of ID and --color, which colors messages based on what container generated them. * The podman rmi command now supports a new option, --ignore, which will ignore errors caused by missing images. * The podman network create command now features a new option, --ipam-driver, to specify details about how IP addresses are assigned to containers in the network. * The podman machine list command now features a new option, --quiet, to print only the names of configured VMs and no other information. * The --ipc option to the podman create, podman run, and podman pod create commands now supports three new modes: none, private, and shareable. The default IPC mode is now shareable, indicating the the IPC namespace can be shared with other containers. * The --mount option to the podman create and podman run commands can now set options for created named volumes via the volume-opt parameter. * The --mount option to the podman create and podman run commands now allows parameters to be passed in CSV format. * The --userns option to the podman create and podman run commands now supports a new option, nomap, that (only for rootless containers) does not map the UID of the user that started the container into the container, increasing security. * The podman import command now supports three new options, --arch, --os, and --variant, to specify what system the imported image was built for. * The podman inspect command now includes information on the network configuration of containers that joined a pre-configured network namespace with the --net ns: option to podman run, podman create, and podman pod create. * The podman run and podman create commands now support a new option, --chrootdirs, which specifies additional locations where container-specific files managed by Podman (e.g. /etc/hosts, `/etc/resolv.conf, etc) will be mounted inside the container (#12961). * The podman run and podman create commands now support a new option, --passwd-entry, allowing entries to be added to the container's /etc/passwd file. * The podman images --format command now accepts two new format directives: {{.CreatedAt}} and {{.CreatedSince}}. * The podman volume create command's -o option now accepts a new argument, o=noquota, to disable XFS quotas entirely and avoid potential issues when Podman is run on an XFS filesystem with existing quotas defined. * The podman info command now includes additional information on the machine Podman is running on, including disk utilization on the drive Podman is storing containers and images on, and CPU utilization. * Fix CVE-2022-27191 / bsc#1197284 - Require catatonit >= 0.1.7 for pause functionality needed by pods Update to version 4.0.3: * Security - This release fixes CVE-2022-27649, where containers run by Podman would have excess inheritable capabilities set. * Changes - The podman machine rm --force command will now remove running machines as well (such machines are shut down first, then removed) (#13448). - When a podman machine VM is started that is using a too-old VM image, it will now start in a reduced functionality mode, and provide instructions on how to recreate it (previously, VMs were effectively unusable) (#13510). - Updated the containers/common library to v0.47.5 - This release addresses CVE-2021-4024 / bsc#1193166, where the podman machine command opened the gvproxy API (used to forward ports to podman machine VMs) to the public internet on port 7777. - This release addresses CVE-2021-41190 / bsc#1193273, where incomplete specification of behavior regarding image manifests could lead to inconsistent decoding on different clients. Update to version 3.1.0: (bsc#1181961, CVE-2021-20206) - A fix for CVE-2021-20199 / bsc#1181640 is included. Podman between v1.8.0 and v2.2.1 used 127.0.0.1 as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:870-1 Released: Wed Mar 22 09:44:13 2023 Summary: Security update for slirp4netns Type: security Severity: moderate References: 1179466,1179467,CVE-2020-29129,CVE-2020-29130 This update for slirp4netns fixes the following issues: - CVE-2020-29129: Fixed out-of-bounds access while processing NCSI packets (bsc#1179466). - CVE-2020-29130: Fixed out-of-bounds access while processing ARP packets (bsc#1179467). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1774-1 Released: Wed Apr 5 13:13:19 2023 Summary: Recommended update for libcontainers-common Type: recommended Severity: moderate References: 1171578,1175821,1182998,1197093,1200524,1205536,1207509 This update for libcontainers-common fixes the following issues: - Add registry.suse.com to the unqualified-search-registries (bsc#1205536) - New upstream release 20230214 - bump c/storage to 1.45.3 - bump c/image to 5.24.1 - bump c/common to 0.51.0 - containers.conf: - add commented out options containers.read_only, engine.platform_to_oci_runtime, engine.events_container_create_inspect_data, network.volume_plugin_timeout, engine.runtimes.youki, machine.provider - remove deprecated setting containers.userns_size - add youki to engine.runtime_supports_json - shortnames.conf: pull in latest upstream version - storage.conf: add commented out option storage.transient_store - correct license to APACHE-2.0 - Changes introduced to c/storage's storage.conf which adds a driver_priority attribute would break consumers of libcontainer-common as long as those packages are vendoring an older c/storage version. (bsc#1207509) - storage.conf: Unset 'driver' and set 'driver_priority' to allow podman to use 'btrfs' if available and fallback to 'overlay' if not. - .spec: rm %post script to set 'btrfs' as storage driver in storage.conf - Remove registry.suse.com from search unqualified-search-registries - add requires on util-linux-systemd for findmnt in profile script - only set storage_driver env when no libpod exists - add container-storage-driver.sh (bsc#1197093) - postinstall script: slight cleanup, no functional change - set detached sigstore attachments for the SUSE controlled registries - Fix obvious typo in containers.conf - Resync containers.conf / storage.conf with Fedora - Create /etc/containers/registries.conf.d and add 000-shortnames.conf to it. - Use $() again in %post, but with a space for POSIX compliance - Add missing Requires(post): sed (bsc#1200524) - Make %post compatible with dash - Switch registries.conf to v2 format - Reintroduce SLE specific mounts config, to avoid errors on non-SLE systems - Require util-linux-systemd for %post scripts (bsc#1182998, jsc#SLE-12122, bsc#1175821) - Update default registry (bsc#1171578) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1796-1 Released: Fri Apr 7 11:06:47 2023 Summary: Security update for conmon Type: security Severity: moderate References: 1209307 This update for conmon fixes the following issues: - rebuild against supported go 1.19 (bsc#1209307) - no functional changes. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2877-1 Released: Wed Jul 19 09:43:42 2023 Summary: Security update for dbus-1 Type: security Severity: moderate References: 1212126,CVE-2023-34969 This update for dbus-1 fixes the following issues: - CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2918-1 Released: Thu Jul 20 12:00:17 2023 Summary: Recommended update for gpgme Type: recommended Severity: moderate References: 1089497 This update for gpgme fixes the following issues: gpgme: - Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497) libassuan: - Version upgrade to 2.5.5 in LTSS to address gpgme new requirements ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2962-1 Released: Tue Jul 25 09:34:53 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3022-1 Released: Fri Jul 28 21:44:59 2023 Summary: Security update for kernel-firmware Type: security Severity: moderate References: 1213286,CVE-2023-20593 This update for kernel-firmware fixes the following issues: - CVE-2023-20593: Fixed AMD ucode for ZenBleed vulnerability (bsc#1213286). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3170-1 Released: Thu Aug 3 08:02:27 2023 Summary: Recommended update for perl-Bootloader Type: recommended Severity: moderate References: 1201399,1208003,1210799 This update for perl-Bootloader fixes the following issues: - Use signed grub EFI binary when updating grub in default EFI location (bsc#1210799) - UEFI: update also default location, if it is controlled by SUSE (bsc#1210799, bsc#1201399) - Use `fw_platform_size` to distinguish between 32 bit and 64 bit UEFI platforms (bsc#1208003) - Add basic support for systemd-boot ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3275-1 Released: Fri Aug 11 10:19:36 2023 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1213472 This update for apparmor fixes the following issues: - Add pam_apparmor README (bsc#1213472) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3286-1 Released: Fri Aug 11 10:32:03 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1194900 This update for util-linux fixes the following issues: - Fix blkid for floppy drives (bsc#1194900) - Fix rpmbuild %checks fail when @ in the directory path (bsc#1194038) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3327-1 Released: Wed Aug 16 08:45:25 2023 Summary: Security update for pcre2 Type: security Severity: moderate References: 1213514,CVE-2022-41409 This update for pcre2 fixes the following issues: - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3360-1 Released: Fri Aug 18 14:48:55 2023 Summary: Security update for kernel-firmware Type: security Severity: moderate References: 1213287,CVE-2023-20569 This update for kernel-firmware fixes the following issues: - CVE-2023-20569: Fixed AMD 19h ucode to mitigate a side channel vulnerability in some of the AMD CPUs. (bsc#1213287) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3363-1 Released: Fri Aug 18 14:54:16 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3397-1 Released: Wed Aug 23 18:35:56 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213517,1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) - Don't pass zero length input to EVP_Cipher because s390x assembler optimized AES cannot handle zero size. (bsc#1213517) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3461-1 Released: Mon Aug 28 17:25:09 2023 Summary: Security update for freetype2 Type: security Severity: moderate References: 1210419,CVE-2023-2004 This update for freetype2 fixes the following issues: - CVE-2023-2004: Fixed integer overflow in tt_hvadvance_adjust (bsc#1210419). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3486-1 Released: Tue Aug 29 14:25:23 2023 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1214071 This update for lvm2 fixes the following issues: - blkdeactivate calls wrong mountpoint cmd (bsc#1214071) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3538-1 Released: Tue Sep 5 16:37:14 2023 Summary: Recommended update for dracut Type: recommended Severity: important References: 1214081 This update for dracut fixes the following issues: - Protect against broken links pointing to themselves - Exit if resolving executable dependencies fails (bsc#1214081) The following package changes have been done: - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - libuuid1-2.37.2-150400.8.20.1 updated - libudev1-249.16-150400.8.33.1 updated - libsmartcols1-2.37.2-150400.8.20.1 updated - libpcre2-8-0-10.39-150400.4.9.1 added - libblkid1-2.37.2-150400.8.20.1 updated - libaudit1-3.0.6-150400.4.13.1 updated - libapparmor1-3.0.4-150400.5.6.1 updated - libfdisk1-2.37.2-150400.8.20.1 updated - libip6tc2-1.8.7-1.1 added - libassuan0-2.5.5-150000.4.5.2 updated - libfreetype6-2.10.4-150000.4.15.1 updated - libnfnetlink0-1.0.1-2.11 added - elemental-updater-1.2.2-150400.1.1 updated - libnftnl11-1.2.0-150400.1.6 added - libselinux1-3.4-150400.1.8 updated - login_defs-4.8.1-150400.1.7 updated - libsystemd0-249.16-150400.8.33.1 updated - libmount1-2.37.2-150400.8.20.1 updated - liblvm2cmd2_03-2.03.05-150400.188.1 updated - libdevmapper1_03-2.03.05_1.02.163-150400.188.1 updated - libdbus-1-3-1.12.2-150400.18.8.1 updated - libdevmapper-event1_03-2.03.05_1.02.163-150400.188.1 updated - sysconfig-0.85.7-150400.1.2 updated - sysconfig-netconfig-0.85.7-150400.1.2 updated - catatonit-0.1.7-150300.10.3.1 added - conmon-2.1.5-150400.3.6.1 added - elemental-dracut-config-0.11.1-150400.1.1 updated - elemental-system-agent-0.3.3-150400.2.1 updated - fillup-1.42-2.18 added - libparted0-3.2-150300.21.3.1 updated - libnetfilter_conntrack3-1.0.7-1.38 added - xtables-plugins-1.8.7-1.1 added - parted-3.2-150300.21.3.1 updated - glibc-locale-base-2.31-150300.52.2 updated - gawk-4.2.1-150000.3.3.1 updated - perl-Bootloader-0.944-150400.3.6.1 updated - device-mapper-2.03.05_1.02.163-150400.188.1 updated - iptables-1.8.7-1.1 added - libopenssl1_1-1.1.1l-150400.7.53.1 updated - libcryptsetup12-2.4.3-150400.3.3.1 updated - krb5-1.19.2-150400.3.6.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - shadow-4.8.1-150400.1.7 updated - dbus-1-1.12.2-150400.18.8.1 updated - libnm0-1.38.2-150400.3.3.1 updated - util-linux-2.37.2-150400.8.20.1 updated - systemd-249.16-150400.8.33.1 updated - udev-249.16-150400.8.33.1 updated - util-linux-systemd-2.37.2-150400.8.20.1 updated - systemd-sysvinit-249.16-150400.8.33.1 updated - dracut-055+suse.347.gdcb9bdbf-150400.3.28.1 updated - lvm2-2.03.05-150400.188.1 updated - kernel-firmware-usb-network-20220509-150400.4.22.1 updated - kernel-firmware-realtek-20220509-150400.4.22.1 updated - kernel-firmware-qlogic-20220509-150400.4.22.1 updated - kernel-firmware-platform-20220509-150400.4.22.1 updated - kernel-firmware-network-20220509-150400.4.22.1 updated - kernel-firmware-mellanox-20220509-150400.4.22.1 updated - kernel-firmware-mediatek-20220509-150400.4.22.1 updated - kernel-firmware-marvell-20220509-150400.4.22.1 updated - kernel-firmware-liquidio-20220509-150400.4.22.1 updated - kernel-firmware-iwlwifi-20220509-150400.4.22.1 updated - kernel-firmware-intel-20220509-150400.4.22.1 updated - kernel-firmware-i915-20220509-150400.4.22.1 updated - kernel-firmware-chelsio-20220509-150400.4.22.1 updated - kernel-firmware-bnx2-20220509-150400.4.22.1 updated - elemental-grub-config-0.11.1-150400.1.1 updated - elemental-immutable-rootfs-0.11.1-150400.1.1 updated - elemental-register-1.3.4-150400.2.1 updated - elemental-support-1.3.4-150400.2.1 updated - libburn4-1.5.6-150400.2.1 added - libcontainers-common-20230214-150400.3.5.2 added - libfuse3-3-3.10.5-150400.1.7 added - libisofs6-1.5.6-150400.2.1 added - mtools-4.0.35-150400.1.11 added - runc-1.1.4-150000.36.1 added - slirp4netns-0.4.7-150100.3.18.1 added - cni-0.7.1-150100.3.8.1 added - cni-plugins-0.8.6-150100.3.11.1 added - fuse-overlayfs-1.1.2-3.9.1 added - libisoburn1-1.5.6-150400.1.1 added - podman-4.3.1-150400.4.11.1 added - xorriso-1.5.6-150400.1.1 added - elemental-cli-0.11.1-150400.2.1 updated - elemental-init-setup-0.11.1-150400.1.1 updated - elemental-init-services-0.11.1-150400.1.1 updated - elemental-init-recovery-0.11.1-150400.1.1 updated - elemental-init-network-0.11.1-150400.1.1 updated - elemental-init-live-0.11.1-150400.1.1 updated - elemental-init-boot-assessment-0.11.1-150400.1.1 updated - elemental-init-config-0.11.1-150400.1.1 updated - elemental-toolkit-0.11.1-150400.1.1 updated - elemental-1.2.2-150400.1.1 updated - k9s-0.27.4-150400.2.1 updated - NetworkManager-1.38.2-150400.3.3.1 updated - container:suse-sle-micro-rancher-5.4-latest-- added - container:suse-sle-micro-rancher-5.3-latest-- removed - libsemanage1-3.1-150400.1.65 removed - libsepol1-3.1-150400.1.70 removed From sle-updates at lists.suse.com Fri Oct 20 10:09:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Oct 2023 12:09:59 +0200 (CEST) Subject: SUSE-CU-2023:3475-1: Security update of rancher/elemental-teal/5.4 Message-ID: <20231020100959.762DDF417@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-teal/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3475-1 Container Tags : rancher/elemental-teal/5.4:1.2.2 , rancher/elemental-teal/5.4:1.2.2-3.2.1 , rancher/elemental-teal/5.4:latest Container Release : 3.2.1 Severity : critical Type : security References : 1048046 1051429 1089497 1096726 1102408 1114832 1118897 1118898 1118899 1121967 1123156 1123387 1124308 1131314 1131553 1135460 1136974 1137860 1143386 1149954 1152308 1155217 1160452 1160460 1162432 1164090 1164390 1165738 1167850 1168481 1170940 1171578 1171578 1172380 1172410 1172786 1174075 1175081 1175821 1175821 1175821 1175957 1179466 1179467 1179467 1181594 1181640 1181641 1181677 1181730 1181732 1181749 1181961 1181961 1181961 1182428 1182451 1182476 1182947 1182998 1183024 1183855 1184768 1184962 1185405 1185405 1186606 1187704 1188282 1189743 1190826 1191015 1191121 1191334 1191355 1191434 1192051 1193166 1193273 1193436 1194038 1194609 1194900 1196338 1197093 1197284 1197672 1199232 1199235 1199460 1199565 1199790 1200088 1200145 1200285 1200524 1201399 1202021 1202809 1202809 1202821 1202821 1205536 1207509 1208003 1208194 1208721 1209229 1209307 1209741 1210419 1210702 1210799 1210999 1211576 1211828 1212126 1212434 1213185 1213237 1213286 1213287 1213472 1213487 1213514 1213517 1213575 1213853 1213873 1214054 1214071 1214081 CVE-2018-15664 CVE-2018-16873 CVE-2018-16874 CVE-2018-16875 CVE-2019-10152 CVE-2019-16884 CVE-2019-18466 CVE-2019-19921 CVE-2019-5736 CVE-2019-6778 CVE-2020-10749 CVE-2020-10756 CVE-2020-1726 CVE-2020-1983 CVE-2020-29129 CVE-2020-29130 CVE-2020-29130 CVE-2021-20199 CVE-2021-20206 CVE-2021-20206 CVE-2021-20206 CVE-2021-21284 CVE-2021-21285 CVE-2021-21334 CVE-2021-30465 CVE-2021-30465 CVE-2021-32760 CVE-2021-4024 CVE-2021-41089 CVE-2021-41091 CVE-2021-41092 CVE-2021-41103 CVE-2021-41190 CVE-2021-43784 CVE-2022-1227 CVE-2022-1586 CVE-2022-1587 CVE-2022-1708 CVE-2022-21698 CVE-2022-27191 CVE-2022-27649 CVE-2022-29162 CVE-2022-2989 CVE-2022-2989 CVE-2022-31030 CVE-2022-41409 CVE-2023-2004 CVE-2023-20569 CVE-2023-20593 CVE-2023-31484 CVE-2023-32001 CVE-2023-3446 CVE-2023-34969 CVE-2023-36054 CVE-2023-3817 ----------------------------------------------------------------- The container rancher/elemental-teal/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:495-1 Released: Tue Feb 26 16:42:35 2019 Summary: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc Type: security Severity: important References: 1048046,1051429,1114832,1118897,1118898,1118899,1121967,1124308,CVE-2018-16873,CVE-2018-16874,CVE-2018-16875,CVE-2019-5736 This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues: Security issues fixed: - CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899). - CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898). - CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897). - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967). Other changes and fixes: - Update shell completion to use Group: System/Shells. - Add daemon.json file with rotation logs configuration (bsc#1114832) - Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. - Update go requirements to >= go1.10 - Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429). - Remove the usage of 'cp -r' to reduce noise in the build logs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2223-1 Released: Tue Aug 27 15:42:56 2019 Summary: Security update for podman, slirp4netns and libcontainers-common Type: security Severity: moderate References: 1096726,1123156,1123387,1135460,1136974,1137860,1143386,CVE-2018-15664,CVE-2019-10152,CVE-2019-6778 This is a version update for podman to version 1.4.4 (bsc#1143386). Additional changes by SUSE on top: - Remove fuse-overlayfs because it's (currently) an unsatisfied dependency on SLE (bsc#1143386) - Update libpod.conf to use correct infra_command - Update libpod.conf to use better versioned pause container - Update libpod.conf to use official kubic pause container - Update libpod.conf to match latest features set: detach_keys, lock_type, runtime_supports_json - Add podman-remote varlink client Version update podman to v1.4.4: - Features - Podman now has greatly improved support for containers using multiple OCI runtimes. Containers now remember if they were created with a different runtime using --runtime and will always use that runtime - The cached and delegated options for volume mounts are now allowed for Docker compatability (#3340) - The podman diff command now supports the --latest flag - Bugfixes - Fixed a bug where rootless Podman would attempt to use the entire root configuration if no rootless configuration was present for the user, breaking rootless Podman for new installations - Fixed a bug where rootless Podman's pause process would block SIGTERM, preventing graceful system shutdown and hanging until the system's init send SIGKILL - Fixed a bug where running Podman as root with sudo -E would not work after running rootless Podman at least once - Fixed a bug where options for tmpfs volumes added with the --tmpfs flag were being ignored - Fixed a bug where images with no layers could not properly be displayed and removed by Podman - Fixed a bug where locks were not properly freed on failure to create a container or pod - Fixed a bug where podman cp on a single file would create a directory at the target and place the file in it (#3384) - Fixed a bug where podman inspect --format '{{.Mounts}}' would print a hexadecimal address instead of a container's mounts - Fixed a bug where rootless Podman would not add an entry to container's /etc/hosts files for their own hostname (#3405) - Fixed a bug where podman ps --sync would segfault (#3411) - Fixed a bug where podman generate kube would produce an invalid ports configuration (#3408) - Misc - Updated containers/storage to v1.12.13 - Podman now performs much better on systems with heavy I/O load - The --cgroup-manager flag to podman now shows the correct default setting in help if the default was overridden by libpod.conf - For backwards compatability, setting --log-driver=json-file in podman run is now supported as an alias for --log-driver=k8s-file. This is considered deprecated, and json-file will be moved to a new implementation in the future ([#3363](https://github.com/containers/libpo\ d/issues/3363)) - Podman's default libpod.conf file now allows the crun OCI runtime to be used if it is installed Update podman to v1.4.2: - Fixed a bug where Podman could not run containers using an older version of Systemd as init - Updated vendored Buildah to v1.9.0 to resolve a critical bug with Dockerfile RUN instructions - The error message for running podman kill on containers that are not running has been improved - Podman remote client can now log to a file if syslog is not available - The podman exec command now sets its error code differently based on whether the container does not exist, and the command in the container does not exist - The podman inspect command on containers now outputs Mounts JSON that matches that of docker inspect, only including user-specified volumes and differentiating bind mounts and named volumes - The podman inspect command now reports the path to a container's OCI spec with the OCIConfigPath key (only included when the container is initialized or running) - The podman run --mount command now supports the bind-nonrecursive option for bind mounts - Fixed a bug where podman play kube would fail to create containers due to an unspecified log driver - Fixed a bug where Podman would fail to build with musl libc - Fixed a bug where rootless Podman using slirp4netns networking in an environment with no nameservers on the host other than localhost would result in nonfunctional networking - Fixed a bug where podman import would not properly set environment variables, discarding their values and retaining only keys - Fixed a bug where Podman would fail to run when built with Apparmor support but run on systems without the Apparmor kernel module loaded - Remote Podman will now default the username it uses to log in to remote systems to the username of the current user - Podman now uses JSON logging with OCI runtimes that support it, allowing for better error reporting - Updated vendored containers/image to v2.0 - Update conmon to v0.3.0 - Support OOM Monitor under cgroup V2 - Add config binary and make target for configuring conmon with a go library for importing values Updated podman to version 1.4.0 (bsc#1137860) and (bsc#1135460) - Podman checkpoint and podman restore commands can now be used to migrate containers between Podman installations on different systems. - The podman cp now supports pause flag. - The remote client now supports a configuration file for pre-configuring connections to remote Podman installations - CVE-2019-10152: Fixed an iproper dereference of symlinks of the the podman cp command which introduced in version 1.1.0 (bsc#1136974). - Fixed a bug where podman commit could improperly set environment variables that contained = characters - Fixed a bug where rootless podman would sometimes fail to start containers with forwarded ports - Fixed a bug where podman version on the remote client could segfault - Fixed a bug where podman container runlabel would use /proc/self/exe instead of the path of the Podman command when printing the command being executed - Fixed a bug where filtering images by label did not work - Fixed a bug where specifying a bing mount or tmpfs mount over an image volume would cause a container to be unable to start - Fixed a bug where podman generate kube did not work with containers with named volumes - Fixed a bug where rootless podman would receive permission denied errors accessing conmon.pid - Fixed a bug where podman cp with a folder specified as target would replace the folder, as opposed to copying into it - Fixed a bug where rootless Podman commands could double-unlock a lock, causing a crash - Fixed a bug where podman incorrectly set tmpcopyup on /dev/ mounts, causing errors when using the Kata containers runtime - Fixed a bug where podman exec would fail on older kernels - Podman commit command is now usable with the Podman remote client - Signature-policy flag has been deprecated - Updated vendored containers/storage and containers/image libraries with numerous bugfixes - Updated vendored Buildah to v1.8.3 - Podman now requires Conmon v0.2.0 - The podman cp command is now aliased as podman container cp - Rootless podman will now default init_path using root Podman's configuration files (/etc/containers/libpod.conf and /usr/share/containers/libpod.conf) if not overridden in the rootless configuration - Added fuse-overlayfs dependency to support overlay based rootless image manipulations - The podman cp command can now read input redirected to STDIN, and output to STDOUT instead of a file, using - instead of an argument. - The podman remote client now displays version information from both the client and server in podman version - The podman unshare command has been added, allowing easy entry into the user namespace set up by rootless Podman (allowing the removal of files created by rootless podman, among other things) - Fixed a bug where Podman containers with the --rm flag were removing created volumes when they were automatically removed - Fixed a bug where container and pod locks were incorrectly marked as released after a system reboot, causing errors on container and pod removal - Fixed a bug where Podman pods could not be removed if any container in the pod encountered an error during removal - Fixed a bug where Podman pods run with the cgroupfs CGroup driver would encounter a race condition during removal, potentially failing to remove the pod CGroup - Fixed a bug where the podman container checkpoint and podman container restore commands were not visible in the remote client - Fixed a bug where podman remote ps --ns would not print the container's namespaces - Fixed a bug where removing stopped containers with healthchecks could cause an error - Fixed a bug where the default libpod.conf file was causing parsing errors - Fixed a bug where pod locks were not being freed when pods were removed, potentially leading to lock exhaustion - Fixed a bug where 'podman run' with SD_NOTIFY set could, on short-running containers, create an inconsistent state rendering the container unusable - The remote Podman client now uses the Varlink bridge to establish remote connections by default - Fixed an issue with apparmor_parser (bsc#1123387) - Update to libpod v1.4.0 (bsc#1137860): - The podman checkpoint and podman restore commands can now be used to migrate containers between Podman installations on different systems - The podman cp command now supports a pause flag to pause containers while copying into them - The remote client now supports a configuration file for pre-configuring connections to remote Podman installations - Fixed CVE-2019-10152 - The podman cp command improperly dereferenced symlinks in host context - Fixed a bug where podman commit could improperly set environment variables that contained = characters - Fixed a bug where rootless Podman would sometimes fail to start containers with forwarded ports - Fixed a bug where podman version on the remote client could segfault - Fixed a bug where podman container runlabel would use /proc/self/exe instead of the path of the Podman command when printing the command being executed - Fixed a bug where filtering images by label did not work - Fixed a bug where specifying a bing mount or tmpfs mount over an image volume would cause a container to be unable to start - Fixed a bug where podman generate kube did not work with containers with named volumes - Fixed a bug where rootless Podman would receive permission denied errors accessing conmon.pid - Fixed a bug where podman cp with a folder specified as target would replace the folder, as opposed to copying into it - Fixed a bug where rootless Podman commands could double-unlock a lock, causing a crash - Fixed a bug where Podman incorrectly set tmpcopyup on /dev/ mounts, causing errors when using the Kata containers runtime - Fixed a bug where podman exec would fail on older kernels - The podman commit command is now usable with the Podman remote client - The --signature-policy flag (used with several image-related commands) has been deprecated - The podman unshare command now defines two environment variables in the spawned shell: CONTAINERS_RUNROOT and CONTAINERS_GRAPHROOT, pointing to temporary and permanent storage for rootless containers - Updated vendored containers/storage and containers/image libraries with numerous bugfixes - Updated vendored Buildah to v1.8.3 - Podman now requires Conmon v0.2.0 - The podman cp command is now aliased as podman container cp - Rootless Podman will now default init_path using root Podman's configuration files (/etc/containers/libpod.conf and /usr/share/containers/libpod.conf) if not overridden in the rootless configuration - Update to image v1.5.1 - Vendor in latest containers/storage - docker/docker_client: Drop redundant Domain(ref.ref) call - pkg/blobinfocache: Split implementations into subpackages - copy: progress bar: show messages on completion - docs: rename manpages to *.5.command - add container-certs.d.md manpage - pkg/docker/config: Bring auth tests from docker/docker_client_test - Don't allocate a sync.Mutex separately Update to storage v1.12.10: - Add function to parse out mount options from graphdriver - Merge the disparate parts of all of the Unix-like lockfiles - Fix unix-but-not-Linux compilation - Return XDG_RUNTIME_DIR as RootlessRuntimeDir if set - Cherry-pick moby/moby #39292 for CVE-2018-15664 fixes - lockfile: add RecursiveLock() API - Update generated files - Fix crash on tesing of aufs code - Let consumers know when Layers and Images came from read-only stores - chown: do not change owner for the mountpoint - locks: correctly mark updates to the layers list - CreateContainer: don't worry about mapping layers unless necessary - docs: fix manpage for containers-storage.conf - docs: sort configuration options alphabetically - docs: document OSTree file deduplication - Add missing options to man page for containers-storage - overlay: use the layer idmapping if present - vfs: prefer layer custom idmappings - layers: propagate down the idmapping settings - Recreate symlink when not found - docs: fix manpage for configuration file - docs: add special handling for manpages in sect 5 - overlay: fix single-lower test - Recreate symlink when not found - overlay: propagate errors from mountProgram - utils: root in a userns uses global conf file - Fix handling of additional stores - Correctly check permissions on rootless directory - Fix possible integer overflow on 32bit builds - Evaluate device path for lvm - lockfile test: make concurrent RW test determinisitc - lockfile test: make concurrent read tests deterministic - drivers.DirCopy: fix filemode detection - storage: move the logic to detect rootless into utils.go - Don't set (struct flock).l_pid - Improve documentation of getLockfile - Rename getLockFile to createLockerForPath, and document it - Add FILES section to containers-storage.5 man page - add digest locks - drivers/copy: add a non-cgo fallback slirp4netns was updated to 0.3.0: - CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() (bsc#1123156) This update also includes: - fuse3 and fuse-overlayfs to support rootless containers. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2810-1 Released: Tue Oct 29 14:56:44 2019 Summary: Security update for runc Type: security Severity: moderate References: 1131314,1131553,1152308,CVE-2019-16884 This update for runc fixes the following issues: Security issue fixed: - CVE-2019-16884: Fixed an LSM bypass via malicious Docker images that mount over a /proc directory. (bsc#1152308) Non-security issues fixed: - Includes upstreamed patches for regressions (bsc#1131314 bsc#1131553). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:697-1 Released: Mon Mar 16 13:17:10 2020 Summary: Security update for cni, cni-plugins, conmon, fuse-overlayfs, podman Type: security Severity: moderate References: 1155217,1160460,1164390,CVE-2019-18466 This update for cni, cni-plugins, conmon, fuse-overlayfs, podman fixes the following issues: podman was updated to 1.8.0: - CVE-2019-18466: Fixed a bug where podman cp would improperly copy files on the host when copying a symlink in the container that included a glob operator (#3829 bsc#1155217) - The name of the cni-bridge in the default config changed from 'cni0' to 'podman-cni0' with podman-1.6.0. Add a %trigger to rename the bridge in the system to the new default if it exists. The trigger is only excuted when updating podman-cni-config from something older than 1.6.0. This is mainly needed for SLE where we're updating from 1.4.4 to 1.8.0 (bsc#1160460). Update podman to v1.8.0 (bsc#1160460): * Features - The podman system service command has been added, providing a preview of Podman's new Docker-compatible API. This API is still very new, and not yet ready for production use, but is available for early testing - Rootless Podman now uses Rootlesskit for port forwarding, which should greatly improve performance and capabilities - The podman untag command has been added to remove tags from images without deleting them - The podman inspect command on images now displays previous names they used - The podman generate systemd command now supports a --new option to generate service files that create and run new containers instead of managing existing containers - Support for --log-opt tag= to set logging tags has been added to the journald log driver - Added support for using Seccomp profiles embedded in images for podman run and podman create via the new --seccomp-policy CLI flag - The podman play kube command now honors pull policy * Bugfixes - Fixed a bug where the podman cp command would not copy the contents of directories when paths ending in /. were given - Fixed a bug where the podman play kube command did not properly locate Seccomp profiles specified relative to localhost - Fixed a bug where the podman info command for remote Podman did not show registry information - Fixed a bug where the podman exec command did not support having input piped into it - Fixed a bug where the podman cp command with rootless Podman on CGroups v2 systems did not properly determine if the container could be paused while copying - Fixed a bug where the podman container prune --force command could possible remove running containers if they were started while the command was running - Fixed a bug where Podman, when run as root, would not properly configure slirp4netns networking when requested - Fixed a bug where podman run --userns=keep-id did not work when the user had a UID over 65535 - Fixed a bug where rootless podman run and podman create with the --userns=keep-id option could change permissions on /run/user/$UID and break KDE - Fixed a bug where rootless Podman could not be run in a systemd service on systems using CGroups v2 - Fixed a bug where podman inspect would show CPUShares as 0, instead of the default (1024), when it was not explicitly set - Fixed a bug where podman-remote push would segfault - Fixed a bug where image healthchecks were not shown in the output of podman inspect - Fixed a bug where named volumes created with containers from pre-1.6.3 releases of Podman would be autoremoved with their containers if the --rm flag was given, even if they were given names - Fixed a bug where podman history was not computing image sizes correctly - Fixed a bug where Podman would not error on invalid values to the --sort flag to podman images - Fixed a bug where providing a name for the image made by podman commit was mandatory, not optional as it should be - Fixed a bug where the remote Podman client would append an extra ' to %PATH - Fixed a bug where the podman build command would sometimes ignore the -f option and build the wrong Containerfile - Fixed a bug where the podman ps --filter command would only filter running containers, instead of all containers, if --all was not passed - Fixed a bug where the podman load command on compressed images would leave an extra copy on disk - Fixed a bug where the podman restart command would not properly clean up the network, causing it to function differently from podman stop; podman start - Fixed a bug where setting the --memory-swap flag to podman create and podman run to -1 (to indicate unlimited) was not supported * Misc - Initial work on version 2 of the Podman remote API has been merged, but is still in an alpha state and not ready for use. Read more here - Many formatting corrections have been made to the manpages - The changes to address (#5009) may cause anonymous volumes created by Podman versions 1.6.3 to 1.7.0 to not be removed when their container is removed - Updated vendored Buildah to v1.13.1 - Updated vendored containers/storage to v1.15.8 - Updated vendored containers/image to v5.2.0 - Add apparmor-abstractions as required runtime dependency to have `tunables/global` available. - fixed the --force flag for the 'container prune' command. (https://github.com/containers/libpod/issues/4844) Update podman to v1.7.0 * Features - Added support for setting a static MAC address for containers - Added support for creating macvlan networks with podman network create, allowing Podman containers to be attached directly to networks the host is connected to - The podman image prune and podman container prune commands now support the --filter flag to filter what will be pruned, and now prompts for confirmation when run without --force (#4410 and #4411) - Podman now creates CGroup namespaces by default on systems using CGroups v2 (#4363) - Added the podman system reset command to remove all Podman files and perform a factory reset of the Podman installation - Added the --history flag to podman images to display previous names used by images (#4566) - Added the --ignore flag to podman rm and podman stop to not error when requested containers no longer exist - Added the --cidfile flag to podman rm and podman stop to read the IDs of containers to be removed or stopped from a file - The podman play kube command now honors Seccomp annotations (#3111) - The podman play kube command now honors RunAsUser, RunAsGroup, and selinuxOptions - The output format of the podman version command has been changed to better match docker version when using the --format flag - Rootless Podman will no longer initialize containers/storage twice, removing a potential deadlock preventing Podman commands from running while an image was being pulled (#4591) - Added tmpcopyup and notmpcopyup options to the --tmpfs and --mount type=tmpfs flags to podman create and podman run to control whether the content of directories are copied into tmpfs filesystems mounted over them - Added support for disabling detaching from containers by setting empty detach keys via --detach-keys='' - The podman build command now supports the --pull and --pull-never flags to control when images are pulled during a build - The podman ps -p command now shows the name of the pod as well as its ID (#4703) - The podman inspect command on containers will now display the command used to create the container - The podman info command now displays information on registry mirrors (#4553) * Bugfixes - Fixed a bug where Podman would use an incorrect runtime directory as root, causing state to be deleted after root logged out and making Podman in systemd services not function properly - Fixed a bug where the --change flag to podman import and podman commit was not being parsed properly in many cases - Fixed a bug where detach keys specified in libpod.conf were not used by the podman attach and podman exec commands, which always used the global default ctrl-p,ctrl-q key combination (#4556) - Fixed a bug where rootless Podman was not able to run podman pod stats even on CGroups v2 enabled systems (#4634) - Fixed a bug where rootless Podman would fail on kernels without the renameat2 syscall (#4570) - Fixed a bug where containers with chained network namespace dependencies (IE, container A using --net container=B and container B using --net container=C) would not properly mount /etc/hosts and /etc/resolv.conf into the container (#4626) - Fixed a bug where podman run with the --rm flag and without -d could, when run in the background, throw a 'container does not exist' error when attempting to remove the container after it exited - Fixed a bug where named volume locks were not properly reacquired after a reboot, potentially leading to deadlocks when trying to start containers using the volume (#4605 and #4621) - Fixed a bug where Podman could not completely remove containers if sent SIGKILL during removal, leaving the container name unusable without the podman rm --storage command to complete removal (#3906) - Fixed a bug where checkpointing containers started with --rm was allowed when --export was not specified (the container, and checkpoint, would be removed after checkpointing was complete by --rm) (#3774) - Fixed a bug where the podman pod prune command would fail if containers were present in the pods and the --force flag was not passed (#4346) - Fixed a bug where containers could not set a static IP or static MAC address if they joined a non-default CNI network (#4500) - Fixed a bug where podman system renumber would always throw an error if a container was mounted when it was run - Fixed a bug where podman container restore would fail with containers using a user namespace - Fixed a bug where rootless Podman would attempt to use the journald events backend even on systems without systemd installed - Fixed a bug where podman history would sometimes not properly identify the IDs of layers in an image (#3359) - Fixed a bug where containers could not be restarted when Conmon v2.0.3 or later was used - Fixed a bug where Podman did not check image OS and Architecture against the host when starting a container - Fixed a bug where containers in pods did not function properly with the Kata OCI runtime (#4353) - Fixed a bug where `podman info --format '{{ json . }}' would not produce JSON output (#4391) - Fixed a bug where Podman would not verify if files passed to --authfile existed (#4328) - Fixed a bug where podman images --digest would not always print digests when they were available - Fixed a bug where rootless podman run could hang due to a race with reading and writing events - Fixed a bug where rootless Podman would print warning-level logs despite not be instructed to do so (#4456) - Fixed a bug where podman pull would attempt to fetch from remote registries when pulling an unqualified image using the docker-daemon transport (#4434) - Fixed a bug where podman cp would not work if STDIN was a pipe - Fixed a bug where podman exec could stop accepting input if anything was typed between the command being run and the exec session starting (#4397) - Fixed a bug where podman logs --tail 0 would print all lines of a container's logs, instead of no lines (#4396) - Fixed a bug where the timeout for slirp4netns was incorrectly set, resulting in an extremely long timeout (#4344) - Fixed a bug where the podman stats command would print CPU utilizations figures incorrectly (#4409) - Fixed a bug where the podman inspect --size command would not print the size of the container's read/write layer if the size was 0 (#4744) - Fixed a bug where the podman kill command was not properly validating signals before use (#4746) - Fixed a bug where the --quiet and --format flags to podman ps could not be used at the same time - Fixed a bug where the podman stop command was not stopping exec sessions when a container was created without a PID namespace (--pid=host) - Fixed a bug where the podman pod rm --force command was not removing anonymous volumes for containers that were removed - Fixed a bug where the podman checkpoint command would not export all changes to the root filesystem of the container if performed more than once on the same container (#4606) - Fixed a bug where containers started with --rm would not be automatically removed on being stopped if an exec session was running inside the container (#4666) * Misc - The fixes to runtime directory path as root can cause strange behavior if an upgrade is performed while containers are running - Updated vendored Buildah to v1.12.0 - Updated vendored containers/storage library to v1.15.4 - Updated vendored containers/image library to v5.1.0 - Kata Containers runtimes (kata-runtime, kata-qemu, and kata-fc) are now present in the default libpod.conf, but will not be available unless Kata containers is installed on the system - Podman previously did not allow the creation of containers with a memory limit lower than 4MB. This restriction has been removed, as the crun runtime can create containers with significantly less memory Update podman to v1.6.4 - Remove winsz FIFO on container restart to allow use with Conmon 2.03 and higher - Ensure volumes reacquire locks on system restart, preventing deadlocks when starting containers - Suppress spurious log messages when running rootless Podman - Update vendored containers/storage to v1.13.6 - Fix a deadlock related to writing events - Do not use the journald event logger when it is not available Update podman to v1.6.2 * Features - Added a --runtime flag to podman system migrate to allow the OCI runtime for all containers to be reset, to ease transition to the crun runtime on CGroups V2 systems until runc gains full support - The podman rm command can now remove containers in broken states which previously could not be removed - The podman info command, when run without root, now shows information on UID and GID mappings in the rootless user namespace - Added podman build --squash-all flag, which squashes all layers (including those of the base image) into one layer - The --systemd flag to podman run and podman create now accepts a string argument and allows a new value, always, which forces systemd support without checking if the the container entrypoint is systemd * Bugfixes - Fixed a bug where the podman top command did not work on systems using CGroups V2 (#4192) - Fixed a bug where rootless Podman could double-close a file, leading to a panic - Fixed a bug where rootless Podman could fail to retrieve some containers while refreshing the state - Fixed a bug where podman start --attach --sig-proxy=false would still proxy signals into the container - Fixed a bug where Podman would unconditionally use a non-default path for authentication credentials (auth.json), breaking podman login integration with skopeo and other tools using the containers/image library - Fixed a bug where podman ps --format=json and podman images --format=json would display null when no results were returned, instead of valid JSON - Fixed a bug where podman build --squash was incorrectly squashing all layers into one, instead of only new layers - Fixed a bug where rootless Podman would allow volumes with options to be mounted (mounting volumes requires root), creating an inconsistent state where volumes reported as mounted but were not (#4248) - Fixed a bug where volumes which failed to unmount could not be removed (#4247) - Fixed a bug where Podman incorrectly handled some errors relating to unmounted or missing containers in containers/storage - Fixed a bug where podman stats was broken on systems running CGroups V2 when run rootless (#4268) - Fixed a bug where the podman start command would print the short container ID, instead of the full ID - Fixed a bug where containers created with an OCI runtime that is no longer available (uninstalled or removed from the config file) would not appear in podman ps and could not be removed via podman rm - Fixed a bug where containers restored via podman container restore --import would retain the CGroup path of the original container, even if their container ID changed; thus, multiple containers created from the same checkpoint would all share the same CGroup * Misc - The default PID limit for containers is now set to 4096. It can be adjusted back to the old default (unlimited) by passing --pids-limit 0 to podman create and podman run - The podman start --attach command now automatically attaches STDIN if the container was created with -i - The podman network create command now validates network names using the same regular expression as container and pod names - The --systemd flag to podman run and podman create will now only enable systemd mode when the binary being run inside the container is /sbin/init, /usr/sbin/init, or ends in systemd (previously detected any path ending in init or systemd) - Updated vendored Buildah to 1.11.3 - Updated vendored containers/storage to 1.13.5 - Updated vendored containers/image to 4.0.1 Update podman to v1.6.1 * Features - The podman network create, podman network rm, podman network inspect, and podman network ls commands have been added to manage CNI networks used by Podman - The podman volume create command can now create and mount volumes with options, allowing volumes backed by NFS, tmpfs, and many other filesystems - Podman can now run containers without CGroups for better integration with systemd by using the --cgroups=disabled flag with podman create and podman run. This is presently only supported with the crun OCI runtime - The podman volume rm and podman volume inspect commands can now refer to volumes by an unambiguous partial name, in addition to full name (e.g. podman volume rm myvol to remove a volume named myvolume) (#3891) - The podman run and podman create commands now support the --pull flag to allow forced re-pulling of images (#3734) - Mounting volumes into a container using --volume, --mount, and --tmpfs now allows the suid, dev, and exec mount options (the inverse of nosuid, nodev, noexec) (#3819) - Mounting volumes into a container using --mount now allows the relabel=Z and relabel=z options to relabel mounts. - The podman push command now supports the --digestfile option to save a file containing the pushed digest - Pods can now have their hostname set via podman pod create --hostname or providing Pod YAML with a hostname set to podman play kube (#3732) - The podman image sign command now supports the --cert-dir flag - The podman run and podman create commands now support the --security-opt label=filetype:$LABEL flag to set the SELinux label for container files - The remote Podman client now supports healthchecks * Bugfixes - Fixed a bug where remote podman pull would panic if a Varlink connection was not available (#4013) - Fixed a bug where podman exec would not properly set terminal size when creating a new exec session (#3903) - Fixed a bug where podman exec would not clean up socket symlinks on the host (#3962) - Fixed a bug where Podman could not run systemd in containers that created a CGroup namespace - Fixed a bug where podman prune -a would attempt to prune images used by Buildah and CRI-O, causing errors (#3983) - Fixed a bug where improper permissions on the ~/.config directory could cause rootless Podman to use an incorrect directory for storing some files - Fixed a bug where the bash completions for podman import threw errors - Fixed a bug where Podman volumes created with podman volume create would not copy the contents of their mountpoint the first time they were mounted into a container (#3945) - Fixed a bug where rootless Podman could not run podman exec when the container was not run inside a CGroup owned by the user (#3937) - Fixed a bug where podman play kube would panic when given Pod YAML without a securityContext (#3956) - Fixed a bug where Podman would place files incorrectly when storage.conf configuration items were set to the empty string (#3952) - Fixed a bug where podman build did not correctly inherit Podman's CGroup configuration, causing crashed on CGroups V2 systems (#3938) - Fixed a bug where remote podman run --rm would exit before the container was completely removed, allowing race conditions when removing container resources (#3870) - Fixed a bug where rootless Podman would not properly handle changes to /etc/subuid and /etc/subgid after a container was launched - Fixed a bug where rootless Podman could not include some devices in a container using the --device flag (#3905) - Fixed a bug where the commit Varlink API would segfault if provided incorrect arguments (#3897) - Fixed a bug where temporary files were not properly cleaned up after a build using remote Podman (#3869) - Fixed a bug where podman remote cp crashed instead of reporting it was not yet supported (#3861) - Fixed a bug where podman exec would run as the wrong user when execing into a container was started from an image with Dockerfile USER (or a user specified via podman run --user) (#3838) - Fixed a bug where images pulled using the oci: transport would be improperly named - Fixed a bug where podman varlink would hang when managed by systemd due to SD_NOTIFY support conflicting with Varlink (#3572) - Fixed a bug where mounts to the same destination would sometimes not trigger a conflict, causing a race as to which was actually mounted - Fixed a bug where podman exec --preserve-fds caused Podman to hang (#4020) - Fixed a bug where removing an unmounted container that was unmounted might sometimes not properly clean up the container (#4033) - Fixed a bug where the Varlink server would freeze when run in a systemd unit file (#4005) - Fixed a bug where Podman would not properly set the $HOME environment variable when the OCI runtime did not set it - Fixed a bug where rootless Podman would incorrectly print warning messages when an OCI runtime was not found (#4012) - Fixed a bug where named volumes would conflict with, instead of overriding, tmpfs filesystems added by the --read-only-tmpfs flag to podman create and podman run - Fixed a bug where podman cp would incorrectly make the target directory when copying to a symlink which pointed to a nonexistent directory (#3894) - Fixed a bug where remote Podman would incorrectly read STDIN when the -i flag was not set (#4095) - Fixed a bug where podman play kube would create an empty pod when given an unsupported YAML type (#4093) - Fixed a bug where podman import --change improperly parsed CMD (#4000) - Fixed a bug where rootless Podman on systems using CGroups V2 would not function with the cgroupfs CGroups manager - Fixed a bug where rootless Podman could not correctly identify the DBus session address, causing containers to fail to start (#4162) - Fixed a bug where rootless Podman with slirp4netns networking would fail to start containers due to mount leaks * Misc - Significant changes were made to Podman volumes in this release. If you have pre-existing volumes, it is strongly recommended to run podman system renumber after upgrading. - Version 0.8.1 or greater of the CNI Plugins is now required for Podman - Version 2.0.1 or greater of Conmon is strongly recommended - Updated vendored Buildah to v1.11.2 - Updated vendored containers/storage library to v1.13.4 - Improved error messages when trying to create a pod with no name via podman play kube - Improved error messages when trying to run podman pause or podman stats on a rootless container on a system without CGroups V2 enabled - TMPDIR has been set to /var/tmp by default to better handle large temporary files - podman wait has been optimized to detect stopped containers more rapidly - Podman containers now include a ContainerManager annotation indicating they were created by libpod - The podman info command now includes information about slirp4netns and fuse-overlayfs if they are available - Podman no longer sets a default size of 65kb for tmpfs filesystems - The default Podman CNI network has been renamed in an attempt to prevent conflicts with CRI-O when both are run on the same system. This should only take effect on system restart - The output of podman volume inspect has been more closely matched to docker volume inspect - Add katacontainers as a recommended package, and include it as an additional OCI runtime in the configuration. Update podman to v1.5.1 * Features - The hostname of pods is now set to the pod's name * Bugfixes - Fixed a bug where podman run and podman create did not honor the --authfile option (#3730) - Fixed a bug where containers restored with podman container restore --import would incorrectly duplicate the Conmon PID file of the original container - Fixed a bug where podman build ignored the default OCI runtime configured in libpod.conf - Fixed a bug where podman run --rm (or force-removing any running container with podman rm --force) were not retrieving the correct exit code (#3795) - Fixed a bug where Podman would exit with an error if any configured hooks directory was not present - Fixed a bug where podman inspect and podman commit would not use the correct CMD for containers run with podman play kube - Fixed a bug created pods when using rootless Podman and CGroups V2 (#3801) - Fixed a bug where the podman events command with the --since or --until options could take a very long time to complete * Misc - Rootless Podman will now inherit OCI runtime configuration from the root configuration (#3781) - Podman now properly sets a user agent while contacting registries (#3788) - Add zsh completion for podman commands Update podman to v1.5.0 * Features - Podman containers can now join the user namespaces of other containers with --userns=container:$ID, or a user namespace at an arbitary path with --userns=ns:$PATH - Rootless Podman can experimentally squash all UIDs and GIDs in an image to a single UID and GID (which does not require use of the newuidmap and newgidmap executables) by passing --storage-opt ignore_chown_errors - The podman generate kube command now produces YAML for any bind mounts the container has created (#2303) - The podman container restore command now features a new flag, --ignore-static-ip, that can be used with --import to import a single container with a static IP multiple times on the same host - Added the ability for podman events to output JSON by specifying --format=json - If the OCI runtime or conmon binary cannot be found at the paths specified in libpod.conf, Podman will now also search for them in the calling user's path - Added the ability to use podman import with URLs (#3609) - The podman ps command now supports filtering names using regular expressions (#3394) - Rootless Podman containers with --privileged set will now mount in all host devices that the user can access - The podman create and podman run commands now support the --env-host flag to forward all environment variables from the host into the container - Rootless Podman now supports healthchecks (#3523) - The format of the HostConfig portion of the output of podman inspect on containers has been improved and synced with Docker - Podman containers now support CGroup namespaces, and can create them by passing --cgroupns=private to podman run or podman create - The podman create and podman run commands now support the --ulimit=host flag, which uses any ulimits currently set on the host for the container - The podman rm and podman rmi commands now use different exit codes to indicate 'no such container' and 'container is running' errors - Support for CGroups V2 through the crun OCI runtime has been greatly improved, allowing resource limits to be set for rootless containers when the CGroups V2 hierarchy is in use * Bugfixes - Fixed a bug where a race condition could cause podman restart to fail to start containers with ports - Fixed a bug where containers restored from a checkpoint would not properly report the time they were started at - Fixed a bug where podman search would return at most 25 results, even when the maximum number of results was set higher - Fixed a bug where podman play kube would not honor capabilities set in imported YAML (#3689) - Fixed a bug where podman run --env, when passed a single key (to use the value from the host), would set the environment variable in the container even if it was not set on the host (#3648) - Fixed a bug where podman commit --changes would not properly set environment variables - Fixed a bug where Podman could segfault while working with images with no history - Fixed a bug where podman volume rm could remove arbitrary volumes if given an ambiguous name (#3635) - Fixed a bug where podman exec invocations leaked memory by not cleaning up files in tmpfs - Fixed a bug where the --dns and --net=container flags to podman run and podman create were not mutually exclusive (#3553) - Fixed a bug where rootless Podman would be unable to run containers when less than 5 UIDs were available - Fixed a bug where containers in pods could not be removed without removing the entire pod (#3556) - Fixed a bug where Podman would not properly clean up all CGroup controllers for created cgroups when using the cgroupfs CGroup driver - Fixed a bug where Podman containers did not properly clean up files in tmpfs, resulting in a memory leak as containers stopped - Fixed a bug where healthchecks from images would not use default settings for interval, retries, timeout, and start period when they were not provided by the image (#3525) - Fixed a bug where healthchecks using the HEALTHCHECK CMD format where not properly supported (#3507) - Fixed a bug where volume mounts using relative source paths would not be properly resolved (#3504) - Fixed a bug where podman run did not use authorization credentials when a custom path was specified (#3524) - Fixed a bug where containers checkpointed with podman container checkpoint did not properly set their finished time - Fixed a bug where running podman inspect on any container not created with podman run or podman create (for example, pod infra containers) would result in a segfault (#3500) - Fixed a bug where healthcheck flags for podman create and podman run were incorrectly named (#3455) - Fixed a bug where Podman commands would fail to find targets if a partial ID was specified that was ambiguous between a container and pod (#3487) - Fixed a bug where restored containers would not have the correct SELinux label - Fixed a bug where Varlink endpoints were not working properly if more was not correctly specified - Fixed a bug where the Varlink PullImage endpoint would crash if an error occurred (#3715) - Fixed a bug where the --mount flag to podman create and podman run did not allow boolean arguments for its ro and rw options (#2980) - Fixed a bug where pods did not properly share the UTS namespace, resulting in incorrect behavior from some utilities which rely on hostname (#3547) - Fixed a bug where Podman would unconditionally append ENTRYPOINT to CMD during podman commit (and when reporting CMD in podman inspect) (#3708) - Fixed a bug where podman events with the journald events backend would incorrectly print 6 previous events when only new events were requested (#3616) - Fixed a bug where podman port would exit prematurely when a port number was specified (#3747) - Fixed a bug where passing . as an argument to the --dns-search flag to podman create and podman run was not properly clearing DNS search domains in the container * Misc - Updated vendored Buildah to v1.10.1 - Updated vendored containers/image to v3.0.2 - Updated vendored containers/storage to v1.13.1 - Podman now requires conmon v2.0.0 or higher - The podman info command now displays the events logger being in use - The podman inspect command on containers now includes the ID of the pod a container has joined and the PID of the container's conmon process - The -v short flag for podman --version has been re-added - Error messages from podman pull should be significantly clearer - The podman exec command is now available in the remote client - The podman-v1.5.0.tar.gz file attached is podman packaged for MacOS. It can be installed using Homebrew. - Update libpod.conf to support latest path discovery feature for `runc` and `conmon` binaries. conmon was included in version 2.0.10. (bsc#1160460, bsc#1164390, jsc#ECO-1048, jsc#SLE-11485, jsc#SLE-11331): fuse-overlayfs was updated to v0.7.6 (bsc#1160460) - do not look in lower layers for the ino if there is no origin xattr set - attempt to use the file path if the operation on the fd fails with ENXIO - do not expose internal xattrs through listxattr and getxattr - fix fallocate for deleted files. - ignore O_DIRECT. It causes issues with libfuse not using an aligned buffer, causing write(2) to fail with EINVAL. - on copyup, do not copy the opaque xattr. - fix a wrong lookup for whiteout files, that could happen on a double unlink. - fix possible segmentation fault in direct_fsync() - use the data store to create missing whiteouts - after a rename, force a directory reload - introduce inodes cache - correctly read inode for unix sockets - avoid hash map lookup when possible - use st_dev for the ino key - check whether writeback is supported - set_attrs: don't require write to S_IFREG - ioctl: do not reuse fi->fh for directories - fix skip whiteout deletion optimization - store the new mode after chmod - support fuse writeback cache and enable it by default - add option to disable fsync - add option to disable xattrs - add option to skip ino number check in lower layers - fix fd validity check - fix memory leak - fix read after free - fix type for flistxattr return - fix warnings reported by lgtm.com - enable parallel dirops cni was updated to 0.7.1: - Set correct CNI version for 99-loopback.conf Update to version 0.7.1 (bsc#1160460): * Library changes: + invoke : ensure custom envs of CNIArgs are prepended to process envs + add GetNetworkListCachedResult to CNI interface + delegate : allow delegation funcs override CNI_COMMAND env automatically in heritance * Documentation & Convention changes: + Update cnitool documentation for spec v0.4.0 + Add cni-route-override to CNI plugin list Update to version 0.7.0: * Spec changes: + Use more RFC2119 style language in specification (must, should...) + add notes about ADD/DEL ordering + Make the container ID required and unique. + remove the version parameter from ADD and DEL commands. + Network interface name matters + be explicit about optional and required structure members + add CHECK method + Add a well-known error for 'try again' + SPEC.md: clarify meaning of 'routes' * Library changes: + pkg/types: Makes IPAM concrete type + libcni: return error if Type is empty + skel: VERSION shouldn't block on stdin + non-pointer instances of types.Route now correctly marshal to JSON + libcni: add ValidateNetwork and ValidateNetworkList functions + pkg/skel: return error if JSON config has no network name + skel: add support for plugin version string + libcni: make exec handling an interface for better downstream testing + libcni: api now takes a Context to allow operations to be timed out or cancelled + types/version: add helper to parse PrevResult + skel: only print about message, not errors + skel,invoke,libcni: implementation of CHECK method + cnitool: Honor interface name supplied via CNI_IFNAME environment variable. + cnitool: validate correct number of args + Don't copy gw from IP4.Gateway to Route.GW When converting from 0.2.0 + add PrintTo method to Result interface + Return a better error when the plugin returns none - Install sleep binary into CNI plugin directory cni-plugins was updated to 0.8.4: Update to version 0.8.4 (bsc#1160460): * add support for mips64le * Add missing cniVersion in README example * bump go-iptables module to v0.4.5 * iptables: add idempotent functions * portmap doesn't fail if chain doesn't exist * fix portmap port forward flakiness * Add Bruce Ma and Piotr Skarmuk as owners Update to version 0.8.3: * Enhancements: * static: prioritize the input sources for IPs (#400). * tuning: send gratuitous ARP in case of MAC address update (#403). * bandwidth: use uint64 for Bandwidth value (#389). * ptp: only override DNS conf if DNS settings provided (#388). * loopback: When prevResults are not supplied to loopback plugin, create results to return (#383). * loopback support CNI CHECK and result cache (#374). * Better input validation: * vlan: add MTU validation to loadNetConf (#405). * macvlan: add MTU validation to loadNetConf (#404). * bridge: check vlan id when loading net conf (#394). * Bugfixes: * bugfix: defer after err check, or it may panic (#391). * portmap: Fix dual-stack support (#379). * firewall: don't return error in DEL if prevResult is not found (#390). * bump up libcni back to v0.7.1 (#377). * Docs: * contributing doc: revise test script name to run (#396). * contributing doc: describe cnitool installation (#397). Update plugins to v0.8.2 + New features: * Support 'args' in static and tuning * Add Loopback DSR support, allow l2tunnel networks to be used with the l2bridge plugin * host-local: return error if same ADD request is seen twice * bandwidth: fix collisions * Support ips capability in static and mac capability in tuning * pkg/veth: Make host-side veth name configurable + Bug fixes: * Fix: failed to set bridge addr: could not add IP address to 'cni0': file exists * host-device: revert name setting to make retries idempotent (#357). * Vendor update go-iptables. Vendor update go-iptables to obtain commit f1d0510cabcb710d5c5dd284096f81444b9d8d10 * Update go.mod & go.sub * Remove link Down/Up in MAC address change to prevent route flush (#364). * pkg/ip unit test: be agnostic of Linux version, on Linux 4.4 the syscall error message is 'invalid argument' not 'file exists' * bump containernetworking/cni to v0.7.1 Updated plugins to v0.8.1: + Bugs: * bridge: fix ipMasq setup to use correct source address * fix compilation error on 386 * bandwidth: get bandwidth interface in host ns through container interface + Improvements: * host-device: add pciBusID property Updated plugins to v0.8.0: + New plugins: * bandwidth - limit incoming and outgoing bandwidth * firewall - add containers to firewall rules * sbr - convert container routes to source-based routes * static - assign a fixed IP address * win-bridge, win-overlay: Windows plugins + Plugin features / changelog: * CHECK Support * macvlan: - Allow to configure empty ipam for macvlan - Make master config optional * bridge: - Add vlan tag to the bridge cni plugin - Allow the user to assign VLAN tag - L2 bridge Implementation. * dhcp: - Include Subnet Mask option parameter in DHCPREQUEST - Add systemd unit file to activate socket with systemd - Add container ifName to the dhcp clientID, making the clientID value * flannel: - Pass through runtimeConfig to delegate * host-local: - host-local: add ifname to file tracking IP address used * host-device: - Support the IPAM in the host-device - Handle empty netns in DEL for loopback and host-device * tuning: - adds 'ip link' command related feature into tuning + Bug fixes & minor changes * Correctly DEL on ipam failure for all plugins * Fix bug on ip revert if cmdAdd fails on macvlan and host-device * host-device: Ensure device is down before rename * Fix -hostprefix option * some DHCP servers expect to request for explicit router options * bridge: release IP in case of error * change source of ipmasq rule from ipn to ip from version v0.7.5: + This release takes a minor change to the portmap plugin: * Portmap: append, rather than prepend, entry rules + This fixes a potential issue where firewall rules may be bypassed by port mapping ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:821-1 Released: Tue Mar 31 13:05:59 2020 Summary: Recommended update for podman, slirp4netns Type: recommended Severity: moderate References: 1167850 This update for podman, slirp4netns fixes the following issues: slirp4netns was updated to 0.4.4 (bsc#1167850): * libslirp: Update to v4.2.0: * New API function slirp_add_unix: add a forward rule to a Unix socket. * New API function slirp_remove_guestfwd: remove a forward rule previously added by slirp_add_exec, slirp_add_unix or slirp_add_guestfwd * New SlirpConfig.outbound_addr{,6} fields to bind output socket to a specific address * socket: do not fallback on host loopback if get_dns_addr() failed or the address is in slirp network * ncsi: fix checksum OOB memory access * tcp_emu(): fix OOB accesses * tftp: restrict relative path access * state: fix loading of guestfwd state Update to 0.4.3: * api: raise an error if the socket path is too long * libslirp: update to v4.1.0: Including the fix for libslirp sends RST to app in response to arriving FIN when containerized socket is shutdown() with SHUT_WR * Fix create_sandbox error Update to 0.4.2: * Do not propagate mounts to the parent ns in sandbox Update to 0.4.1: * Support specifying netns path (slirp4netns --netns-type=path PATH TAPNAME) * Support specifying --userns-path * Vendor https://gitlab.freedesktop.org/slirp/libslirp (QEMU v4.1+) * Bring up loopback device when --configure is specified * Support sandboxing by creating a mount namespace (--enable-sandbox) * Support seccomp (--enable-seccomp) - Add new build dependencies libcap-devel and libseccomp-devel Update to 0.3.3: * Fix use-after-free in libslirp Update to 0.3.2: * Fix heap overflow in `ip_reass` on big packet input Update to 0.3.1: * Fix use-after-free Changes in podman: - Fixed dependency on slirp4netns. We need at least 0.4.0 now (bsc#1167850) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:944-1 Released: Tue Apr 7 15:49:33 2020 Summary: Security update for runc Type: security Severity: moderate References: 1149954,1160452,CVE-2019-19921 This update for runc fixes the following issues: runc was updated to v1.0.0~rc10 - CVE-2019-19921: Fixed a mount race condition with shared mounts (bsc#1160452). - Fixed an issue where podman run hangs when spawned by salt-minion process (bsc#1149954). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1197-1 Released: Wed May 6 13:52:04 2020 Summary: Security update for slirp4netns Type: security Severity: important References: 1170940,CVE-2020-1983 This update for slirp4netns fixes the following issues: Security issue fixed: - CVE-2020-1983: Fixed a use-after-free in ip_reass (bsc#1170940). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1915-1 Released: Wed Jul 15 09:34:15 2020 Summary: Security update for slirp4netns Type: security Severity: important References: 1172380,CVE-2020-10756 This update for slirp4netns fixes the following issues: - Update to 0.4.7 (bsc#1172380) * libslirp: update to v4.3.1 (Fix CVE-2020-10756) * Fix config_from_options() to correctly enable ipv6 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1957-1 Released: Mon Jul 20 13:47:31 2020 Summary: Security update for cni-plugins Type: security Severity: moderate References: 1172410,CVE-2020-10749 This update for cni-plugins fixes the following issues: cni-plugins updated to version 0.8.6 - CVE-2020-10749: Fixed a potential Man-in-the-Middle attacks in IPv4 clusters by spoofing IPv6 router advertisements (bsc#1172410). Release notes: https://github.com/containernetworking/plugins/releases/tag/v0.8.6 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2731-1 Released: Thu Sep 24 07:42:32 2020 Summary: Security update for conmon, fuse-overlayfs, libcontainers-common, podman Type: security Severity: moderate References: 1162432,1164090,1165738,1171578,1174075,1175821,1175957,CVE-2020-1726 This update for conmon, fuse-overlayfs, libcontainers-common, podman fixes the following issues: podman was updated to v2.0.6 (bsc#1175821) - install missing systemd units for the new Rest API (bsc#1175957) and a few man-pages that where missing before - Drop varlink API related bits (in favor of the new API) - fix install location for zsh completions * Fixed a bug where running systemd in a container on a cgroups v1 system would fail. * Fixed a bug where /etc/passwd could be re-created every time a container is restarted if the container's /etc/passwd did not contain an entry for the user the container was started as. * Fixed a bug where containers without an /etc/passwd file specifying a non-root user would not start. * Fixed a bug where the --remote flag would sometimes not make remote connections and would instead attempt to run Podman locally. Update to v2.0.6: * Features - Rootless Podman will now add an entry to /etc/passwd for the user who ran Podman if run with --userns=keep-id. - The podman system connection command has been reworked to support multiple connections, and reenabled for use! - Podman now has a new global flag, --connection, to specify a connection to a remote Podman API instance. * Changes - Podman's automatic systemd integration (activated by the --systemd=true flag, set by default) will now activate for containers using /usr/local/sbin/init as their command, instead of just /usr/sbin/init and /sbin/init (and any path ending in systemd). - Seccomp profiles specified by the --security-opt seccomp=... flag to podman create and podman run will now be honored even if the container was created using --privileged. * Bugfixes - Fixed a bug where the podman play kube would not honor the hostIP field for port forwarding (#5964). - Fixed a bug where the podman generate systemd command would panic on an invalid restart policy being specified (#7271). - Fixed a bug where the podman images command could take a very long time (several minutes) to complete when a large number of images were present. - Fixed a bug where the podman logs command with the --tail flag would not work properly when a large amount of output would be printed ((#7230)[https://github.com//issues/7230]). - Fixed a bug where the podman exec command with remote Podman would not return a non-zero exit code when the exec session failed to start (e.g. invoking a non-existent command) (#6893). - Fixed a bug where the podman load command with remote Podman would did not honor user-specified tags (#7124). - Fixed a bug where the podman system service command, when run as a non-root user by Systemd, did not properly handle the Podman pause process and would not restart properly as a result (#7180). - Fixed a bug where the --publish flag to podman create, podman run, and podman pod create did not properly handle a host IP of 0.0.0.0 (attempting to bind to literal 0.0.0.0, instead of all IPs on the system) (#7104). - Fixed a bug where the podman start --attach command would not print the container's exit code when the command exited due to the container exiting. - Fixed a bug where the podman rm command with remote Podman would not remove volumes, even if the --volumes flag was specified (#7128). - Fixed a bug where the podman run command with remote Podman and the --rm flag could exit before the container was fully removed. - Fixed a bug where the --pod new:... flag to podman run and podman create would create a pod that did not share any namespaces. - Fixed a bug where the --preserve-fds flag to podman run and podman exec could close the wrong file descriptors while trying to close user-provided descriptors after passing them into the container. - Fixed a bug where default environment variables ($PATH and $TERM) were not set in containers when not provided by the image. - Fixed a bug where pod infra containers were not properly unmounted after exiting. - Fixed a bug where networks created with podman network create with an IPv6 subnet did not properly set an IPv6 default route. - Fixed a bug where the podman save command would not work properly when its output was piped to another command (#7017). - Fixed a bug where containers using a systemd init on a cgroups v1 system could leak mounts under /sys/fs/cgroup/systemd to the host. - Fixed a bug where podman build would not generate an event on completion (#7022). - Fixed a bug where the podman history command with remote Podman printed incorrect creation times for layers (#7122). - Fixed a bug where Podman would not create working directories specified by the container image if they did not exist. - Fixed a bug where Podman did not clear CMD from the container image if the user overrode ENTRYPOINT (#7115). - Fixed a bug where error parsing image names were not fully reported (part of the error message containing the exact issue was dropped). - Fixed a bug where the podman images command with remote Podman did not support printing image tags in Go templates supplied to the --format flag (#7123). - Fixed a bug where the podman rmi --force command would not attempt to unmount containers it was removing, which could cause a failure to remove the image. - Fixed a bug where the podman generate systemd --new command could incorrectly quote arguments to Podman that contained whitespace, leading to nonfunctional unit files (#7285). - Fixed a bug where the podman version command did not properly include build time and Git commit. - Fixed a bug where running systemd in a Podman container on a system that did not use the systemd cgroup manager would fail (#6734). - Fixed a bug where capabilities from --cap-add were not properly added when a container was started as a non-root user via --user. - Fixed a bug where Pod infra containers were not properly cleaned up when they stopped, causing networking issues (#7103). * API - Fixed a bug where the libpod and compat Build endpoints did not accept the application/tar content type (instead only accepting application/x-tar) (#7185). - Fixed a bug where the libpod Exists endpoint would attempt to write a second header in some error conditions (#7197). - Fixed a bug where compat and libpod Network Inspect and Network Remove endpoints would return a 500 instead of 404 when the requested network was not found. - Added a versioned _ping endpoint (e.g. http://localhost/v1.40/_ping). - Fixed a bug where containers started through a systemd-managed instance of the REST API would be shut down when podman system service shut down due to its idle timeout (#7294). - Added stronger parameter verification for the libpod Network Create endpoint to ensure subnet mask is a valid value. - The Pod URL parameter to the Libpod Container List endpoint has been deprecated; the information previously gated by the Pod boolean will now be included in the response unconditionally. - Change hard requires for AppArmor to Recommends. They are not needed for runtime or with SELinux but already installed if AppArmor is used [jsc#SMO-15] - Add BuildRequires for pkg-config(libselinux) to build with SELinux support [jsc#SMO-15] Update to v2.0.4 * Fixed a bug where the output of podman image search did not populate the Description field as it was mistakenly assigned to the ID field. * Fixed a bug where podman build - and podman build on an HTTP target would fail. * Fixed a bug where rootless Podman would improperly chown the copied-up contents of anonymous volumes (#7130). * Fixed a bug where Podman would sometimes HTML-escape special characters in its CLI output. * Fixed a bug where the podman start --attach --interactive command would print the container ID of the container attached to when exiting (#7068). * Fixed a bug where podman run --ipc=host --pid=host would only set --pid=host and not --ipc=host (#7100). * Fixed a bug where the --publish argument to podman run, podman create and podman pod create would not allow binding the same container port to more than one host port (#7062). * Fixed a bug where incorrect arguments to podman images --format could cause Podman to segfault. * Fixed a bug where podman rmi --force on an image ID with more than one name and at least one container using the image would not completely remove containers using the image (#7153). * Fixed a bug where memory usage in bytes and memory use percentage were swapped in the output of podman stats --format=json. * Fixed a bug where the libpod and compat events endpoints would fail if no filters were specified (#7078). * Fixed a bug where the CgroupVersion field in responses from the compat Info endpoint was prefixed by 'v' (instead of just being '1' or '2', as is documented). - Suggest katacontainers instead of recommending it. It's not enabled by default, so it's just bloat Update to v2.0.3 * Fix handling of entrypoint * log API: add context to allow for cancelling * fix API: Create container with an invalid configuration * Remove all instances of named return 'err' from Libpod * Fix: Correct connection counters for hijacked connections * Fix: Hijacking v2 endpoints to follow rfc 7230 semantics * Remove hijacked connections from active connections list * version/info: format: allow more json variants * Correctly print STDOUT on non-terminal remote exec * Fix container and pod create commands for remote create * Mask out /sys/dev to prevent information leak from the host * Ensure sig-proxy default is propagated in start * Add SystemdMode to inspect for containers * When determining systemd mode, use full command * Fix lint * Populate remaining unused fields in `pod inspect` * Include infra container information in `pod inspect` * play-kube: add suport for 'IfNotPresent' pull type * docs: user namespace can't be shared in pods * Fix 'Error: unrecognized protocol \'TCP\' in port mapping' * Error on rootless mac and ip addresses * Fix & add notes regarding problematic language in codebase * abi: set default umask and rlimits * Used reference package with errors for parsing tag * fix: system df error when an image has no name * Fix Generate API title/description * Add noop function disable-content-trust * fix play kube doesn't override dockerfile ENTRYPOINT * Support default profile for apparmor * Bump github.com/containers/common to v0.14.6 * events endpoint: backwards compat to old type * events endpoint: fix panic and race condition * Switch references from libpod.conf to containers.conf * podman.service: set type to simple * podman.service: set doc to podman-system-service * podman.service: use default registries.conf * podman.service: use default killmode * podman.service: remove stop timeout * systemd: symlink user->system * vendor golang.org/x/text at v0.3.3 * Fix a bug where --pids-limit was parsed incorrectly * search: allow wildcards * [CI:DOCS]Do not copy policy.json into gating image * Fix systemd pid 1 test * Cirrus: Rotate keys post repo. rename * The libpod.conf(5) man page got removed and all references are now pointing towards containers.conf(5), which will be part of the libcontainers-common package. Update to podman v2.0.2 * fix race condition in `libpod.GetEvents(...)` * Fix bug where `podman mount` didn't error as rootless * remove podman system connection * Fix imports to ensure v2 is used with libpod * Update release notes for v2.0.2 * specgen: fix order for setting rlimits * Ensure umask is set appropriately for 'system service' * generate systemd: improve pod-flags filter * Fix a bug with APIv2 compat network remove to log an ErrNetworkNotFound instead of nil * Fixes --remote flag issues * Pids-limit should only be set if the user set it * Set console mode for windows * Allow empty host port in --publish flag * Add a note on the APIs supported by `system service` * fix: Don't override entrypoint if it's `nil` * Set TMPDIR to /var/tmp by default if not set * test: add tests for --user and volumes * container: move volume chown after spec generation * libpod: volume copyup honors namespace mappings * Fix `system service` panic from early hangup in events * stop podman service in e2e tests * Print errors from individual containers in pods * auto-update: clarify systemd-unit requirements * podman ps truncate the command * move go module to v2 * Vendor containers/common v0.14.4 * Bump to imagebuilder v1.1.6 on v2 branch * Account for non-default port number in image name - Changes since v2.0.1 * Update release notes with further v2.0.1 changes * Fix inspect to display multiple label: changes * Set syslog for exit commands on log-level=debug * Friendly amendment for pr 6751 * podman run/create: support all transports * systemd generate: allow manual restart of container units in pods * Revert sending --remote flag to containers * Print port mappings in `ps` for ctrs sharing network * vendor github.com/containers/common at v0.14.3 * Update release notes for v2.0.1 * utils: drop default mapping when running uid!=0 * Set stop signal to 15 when not explicitly set * podman untag: error if tag doesn't exist * Reformat inspect network settings * APIv2: Return `StatusCreated` from volume creation * APIv2:fix: Remove `/json` from compat network EPs * Fix ssh-agent support * libpod: specify mappings to the storage * APIv2:doc: Fix swagger doc to refer to volumes * Add podman network to bash command completions * Fix typo in manpage for `podman auto update`. * Add JSON output field for ps * V2 podman system connection * image load: no args required * Re-add PODMAN_USERNS environment variable * Fix conflicts between privileged and other flags * Bump required go version to 1.13 * Add explicit command to alpine container in test case. * Use POLL_DURATION for timer * Stop following logs using timers * 'pod' was being truncated to 'po' in the names of the generated systemd unit files. * rootless_linux: improve error message * Fix podman build handling of --http-proxy flag * correct the absolute path of `rm` executable * Makefile: allow customizable GO_BUILD * Cirrus: Change DEST_BRANCH to v2.0 Update to podman v2.0.0 * The `podman generate systemd` command now supports the `--new` flag when used with pods, allowing portable services for pods to be created. * The `podman play kube` command now supports running Kubernetes Deployment YAML. * The `podman exec` command now supports the `--detach` flag to run commands in the container in the background. * The `-p` flag to `podman run` and `podman create` now supports forwarding ports to IPv6 addresses. * The `podman run`, `podman create` and `podman pod create` command now support a `--replace` flag to remove and replace any existing container (or, for `pod create`, pod) with the same name * The `--restart-policy` flag to `podman run` and `podman create` now supports the `unless-stopped` restart policy. * The `--log-driver` flag to `podman run` and `podman create` now supports the `none` driver, which does not log the container's output. * The `--mount` flag to `podman run` and `podman create` now accepts `readonly` option as an alias to `ro`. * The `podman generate systemd` command now supports the `--container-prefix`, `--pod-prefix`, and `--separator` arguments to control the name of generated unit files. * The `podman network ls` command now supports the `--filter` flag to filter results. * The `podman auto-update` command now supports specifying an authfile to use when pulling new images on a per-container basis using the `io.containers.autoupdate.authfile` label. * Fixed a bug where the `podman exec` command would log to journald when run in containers loggined to journald ([#6555](https://github.com/containers/libpod/issues/6555)). * Fixed a bug where the `podman auto-update` command would not preserve the OS and architecture of the original image when pulling a replacement ([#6613](https://github.com/containers/libpod/issues/6613)). * Fixed a bug where the `podman cp` command could create an extra `merged` directory when copying into an existing directory ([#6596](https://github.com/containers/libpod/issues/6596)). * Fixed a bug where the `podman pod stats` command would crash on pods run with `--network=host` ([#5652](https://github.com/containers/libpod/issues/5652)). * Fixed a bug where containers logs written to journald did not include the name of the container. * Fixed a bug where the `podman network inspect` and `podman network rm` commands did not properly handle non-default CNI configuration paths ([#6212](https://github.com/containers/libpod/issues/6212)). * Fixed a bug where Podman did not properly remove containers when using the Kata containers OCI runtime. * Fixed a bug where `podman inspect` would sometimes incorrectly report the network mode of containers started with `--net=none`. * Podman is now better able to deal with cases where `conmon` is killed before the container it is monitoring. Update to podman v1.9.3: * Fixed a bug where, on FIPS enabled hosts, FIPS mode secrets were not properly mounted into containers * Fixed a bug where builds run over Varlink would hang * Fixed a bug where podman save would fail when the target image was specified by digest * Fixed a bug where rootless containers with ports forwarded to them could panic and dump core due to a concurrency issue (#6018) * Fixed a bug where rootless Podman could race when opening the rootless user namespace, resulting in commands failing to run * Fixed a bug where HTTP proxy environment variables forwarded into the container by the --http-proxy flag could not be overridden by --env or --env-file * Fixed a bug where rootless Podman was setting resource limits on cgroups v2 systems that were not using systemd-managed cgroups (and thus did not support resource limits), resulting in containers failing to start Update podman to v1.9.1: * Bugfixes - Fixed a bug where healthchecks could become nonfunctional if container log paths were manually set with --log-path and multiple container logs were placed in the same directory - Fixed a bug where rootless Podman could, when using an older libpod.conf, print numerous warning messages about an invalid CGroup manager config - Fixed a bug where rootless Podman would sometimes fail to close the rootless user namespace when joining it Update podman to v1.9.0: * Features - Experimental support has been added for podman run --userns=auto, which automatically allocates a unique UID and GID range for the new container's user namespace - The podman play kube command now has a --network flag to place the created pod in one or more CNI networks - The podman commit command now supports an --iidfile flag to write the ID of the committed image to a file - Initial support for the new containers.conf configuration file has been added. containers.conf allows for much more detailed configuration of some Podman functionality * Changes - There has been a major cleanup of the podman info command resulting in breaking changes. Many fields have been renamed to better suit usage with APIv2 - All uses of the --timeout flag have been switched to prefer the alternative --time. The --timeout flag will continue to work, but man pages and --help will use the --time flag instead * Bugfixes - Fixed a bug where some volume mounts from the host would sometimes not properly determine the flags they should use when mounting - Fixed a bug where Podman was not propagating $PATH to Conmon and the OCI runtime, causing issues for some OCI runtimes that required it - Fixed a bug where rootless Podman would print error messages about missing support for systemd cgroups when run in a container with no cgroup support - Fixed a bug where podman play kube would not properly handle container-only port mappings (#5610) - Fixed a bug where the podman container prune command was not pruning containers in the created and configured states - Fixed a bug where Podman was not properly removing CNI IP address allocations after a reboot (#5433) - Fixed a bug where Podman was not properly applying the default Seccomp profile when --security-opt was not given at the command line * HTTP API - Many Libpod API endpoints have been added, including Changes, Checkpoint, Init, and Restore - Resolved issues where the podman system service command would time out and exit while there were still active connections - Stability overall has greatly improved as we prepare the API for a beta release soon with Podman 2.0 * Misc - The default infra image for pods has been upgraded to k8s.gcr.io/pause:3.2 (from 3.1) to address a bug in the architecture metadata for non-AMD64 images - The slirp4netns networking utility in rootless Podman now uses Seccomp filtering where available for improved security - Updated Buildah to v1.14.8 - Updated containers/storage to v1.18.2 - Updated containers/image to v5.4.3 - Updated containers/common to v0.8.1 - Add 'systemd' BUILDFLAGS to build with support for journald logging (bsc#1162432) Update podman to v1.8.2: * Features - Initial support for automatically updating containers managed via Systemd unit files has been merged. This allows containers to automatically upgrade if a newer version of their image becomes available * Bugfixes - Fixed a bug where unit files generated by podman generate systemd --new would not force containers to detach, causing the unit to time out when trying to start - Fixed a bug where podman system reset could delete important system directories if run as rootless on installations created by older Podman (#4831) - Fixed a bug where image built by podman build would not properly set the OS and Architecture they were built with (#5503) - Fixed a bug where attached podman run with --sig-proxy enabled (the default), when built with Go 1.14, would repeatedly send signal 23 to the process in the container and could generate errors when the container stopped (#5483) - Fixed a bug where rootless podman run commands could hang when forwarding ports - Fixed a bug where rootless Podman would not work when /proc was mounted with the hidepid option set - Fixed a bug where the podman system service command would use large amounts of CPU when --timeout was set to 0 (#5531) * HTTP API - Initial support for Libpod endpoints related to creating and operating on image manifest lists has been added - The Libpod Healthcheck and Events API endpoints are now supported - The Swagger endpoint can now handle cases where no Swagger documentation has been generated Update podman to v1.8.1: * Features - Many networking-related flags have been added to podman pod create to enable customization of pod networks, including --add-host, --dns, --dns-opt, --dns-search, --ip, --mac-address, --network, and --no-hosts - The podman ps --format=json command now includes the ID of the image containers were created with - The podman run and podman create commands now feature an --rmi flag to remove the image the container was using after it exits (if no other containers are using said image) ([#4628](https://github.com/containers/libpod/issues/4628)) - The podman create and podman run commands now support the --device-cgroup-rule flag (#4876) - While the HTTP API remains in alpha, many fixes and additions have landed. These are documented in a separate subsection below - The podman create and podman run commands now feature a --no-healthcheck flag to disable healthchecks for a container (#5299) - Containers now recognize the io.containers.capabilities label, which specifies a list of capabilities required by the image to run. These capabilities will be used as long as they are more restrictive than the default capabilities used - YAML produced by the podman generate kube command now includes SELinux configuration passed into the container via --security-opt label=... (#4950) * Bugfixes - Fixed CVE-2020-1726, a security issue where volumes manually populated before first being mounted into a container could have those contents overwritten on first being mounted into a container - Fixed a bug where Podman containers with user namespaces in CNI networks with the DNS plugin enabled would not have the DNS plugin's nameserver added to their resolv.conf ([#5256](https://github.com/containers/libpod/issues/5256)) - Fixed a bug where trailing / characters in image volume definitions could cause them to not be overridden by a user-specified mount at the same location ([#5219](https://github.com/containers/libpod/issues/5219)) - Fixed a bug where the label option in libpod.conf, used to disable SELinux by default, was not being respected (#5087) - Fixed a bug where the podman login and podman logout commands required the registry to log into be specified (#5146) - Fixed a bug where detached rootless Podman containers could not forward ports (#5167) - Fixed a bug where rootless Podman could fail to run if the pause process had died - Fixed a bug where Podman ignored labels that were specified with only a key and no value (#3854) - Fixed a bug where Podman would fail to create named volumes when the backing filesystem did not support SELinux labelling (#5200) - Fixed a bug where --detach-keys='' would not disable detaching from a container (#5166) - Fixed a bug where the podman ps command was too aggressive when filtering containers and would force --all on in too many situations - Fixed a bug where the podman play kube command was ignoring image configuration, including volumes, working directory, labels, and stop signal (#5174) - Fixed a bug where the Created and CreatedTime fields in podman images --format=json were misnamed, which also broke Go template output for those fields ([#5110](https://github.com/containers/libpod/issues/5110)) - Fixed a bug where rootless Podman containers with ports forwarded could hang when started (#5182) - Fixed a bug where podman pull could fail to parse registry names including port numbers - Fixed a bug where Podman would incorrectly attempt to validate image OS and architecture when starting containers - Fixed a bug where Bash completion for podman build -f would not list available files that could be built (#3878) - Fixed a bug where podman commit --change would perform incorrect validation, resulting in valid changes being rejected (#5148) - Fixed a bug where podman logs --tail could take large amounts of memory when the log file for a container was large (#5131) - Fixed a bug where Podman would sometimes incorrectly generate firewall rules on systems using firewalld - Fixed a bug where the podman inspect command would not display network information for containers properly if a container joined multiple CNI networks ([#4907](https://github.com/containers/libpod/issues/4907)) - Fixed a bug where the --uts flag to podman create and podman run would only allow specifying containers by full ID (#5289) - Fixed a bug where rootless Podman could segfault when passed a large number of file descriptors - Fixed a bug where the podman port command was incorrectly interpreting additional arguments as container names, instead of port numbers - Fixed a bug where units created by podman generate systemd did not depend on network targets, and so could start before the system network was ready (#4130) - Fixed a bug where exec sessions in containers which did not specify a user would not inherit supplemental groups added to the container via --group-add - Fixed a bug where Podman would not respect the $TMPDIR environment variable for placing large temporary files during some operations (e.g. podman pull) ([#5411](https://github.com/containers/libpod/issues/5411)) * HTTP API - Initial support for secure connections to servers via SSH tunneling has been added - Initial support for the libpod create and logs endpoints for containers has been added - Added a /swagger/ endpoint to serve API documentation - The json endpoint for containers has received many fixes - Filtering images and containers has been greatly improved, with many bugs fixed and documentation improved - Image creation endpoints (commit, pull, etc) have seen many fixes - Server timeout has been fixed so that long operations will no longer trigger the timeout and shut the server down - The stats endpoint for containers has seen major fixes and now provides accurate output - Handling the HTTP 304 status code has been fixed for all endpoints - Many fixes have been made to API documentation to ensure it matches the code * Misc - The Created field to podman images --format=json has been renamed to CreatedSince as part of the fix for (#5110). Go templates using the old name shou ld still work - The CreatedTime field to podman images --format=json has been renamed to CreatedAt as part of the fix for (#5110). Go templates using the old name should still work - The before filter to podman images has been renamed to since for Docker compatibility. Using before will still work, but documentation has been changed to use the new since filter - Using the --password flag to podman login now warns that passwords are being passed in plaintext - Some common cases where Podman would deadlock have been fixed to warn the user that podman system renumber must be run to resolve the deadlock - Configure br_netfilter for podman automatically (bsc#1165738) The trigger is only excuted when updating podman-cni-config while the command was running conmon was update to v2.0.20 (bsc#1175821) - journald: fix logging container name - container logging: Implement none driver - 'off', 'null' or 'none' all work. - ctrl: warn if we fail to unlink - Drop fsync calls - Reap PIDs before running exit command - Fix log path parsing - Add --sync option to prevent conmon from double forking - Add --no-sync-log option to instruct conmon to not sync the logs of the containers upon shutting down. This feature fixes a regression where we unconditionally dropped the log sync. It is possible the container logs could be corrupted on a sudden power-off. If you need container logs to remain in consistent state after a sudden shutdown, please update from v2.0.19 to v2.0.20 - Update to v2.0.17: - Add option to delay execution of exit command - Update to v2.0.16: - tty: flush pending data when fd is ready - Enable support for journald logging (bsc#1162432) - Update to v2.0.15: - store status while waiting for pid - Update to v2.0.14: - drop usage of splice(2) - avoid hanging on stdin - stdio: sometimes quit main loop after io is done - ignore sigpipe - Update to v2.0.12 - oom: fix potential race between verification steps - Update to v2.0.11 - log: reject --log-tag with k8s-file - chmod std files pipes - adjust score to -1000 to prevent conmon from ever being OOM killed - container OOM: verify cgroup hasn't been cleaned up before reporting OOM - journal logging: write to /dev/null instead of -1 fuse-overlayfs was updated to 1.1.2 (bsc#1175821): - fix memory leak when creating whiteout files. - fix lookup for overflow uid when it is different than the overflow gid. - use openat2(2) when available. - accept 'ro' as mount option. - fix set mtime for a symlink. - fix some issues reported by static analysis. - fix potential infinite loop on a short read. - fix creating a directory if the destination already exists in the upper layer. - report correctly the number of links for a directory also for subsequent stat calls - stop looking up the ino in the lower layers if the file could not be opened - make sure the destination is deleted before doing a rename(2). It prevents a left over directory to cause delete to fail with EEXIST. - honor --debug. libcontainers-common was updated to fix: - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Added containers/common tarball for containers.conf(5) man page - Install containers.conf default configuration in /usr/share/containers - libpod repository on github got renamed to podman - Update to image 5.5.1 - Add documentation for credHelpera - Add defaults for using the rootless policy path - Update libpod/podman to 2.0.3 - docs: user namespace can't be shared in pods - Switch references from libpod.conf to containers.conf - Allow empty host port in --publish flag - update document login see config.json as valid - Update storage to 1.20.2 - Add back skip_mount_home - Remove remaining difference between SLE and openSUSE package and ship the some mounts.conf default configuration on both platforms. As the sources for the mount point do not exist on openSUSE by default this config will basically have no effect on openSUSE. (jsc#SLE-12122, bsc#1175821) - Update to image 5.4.4 - Remove registries.conf VERSION 2 references from man page - Intial authfile man page - Add $HOME/.config/containers/certs.d to perHostCertDirPath - Add $HOME/.config/containers/registries.conf to config path - registries.conf.d: add stances for the registries.conf - update to libpod 1.9.3 - userns: support --userns=auto - Switch to using --time as opposed to --timeout to better match Docker - Add support for specifying CNI networks in podman play kube - man pages: fix inconsistencies - Update to storage 1.19.1 - userns: add support for auto - store: change the default user to containers - config: honor XDG_CONFIG_HOME - Remove the /var/lib/ca-certificates/pem/SUSE.pem workaround again. It never ended up in SLES and a different way to fix the underlying problem is being worked on. - Add registry.opensuse.org as default registry [bsc#1171578] - Add /var/lib/ca-certificates/pem/SUSE.pem to the SLES mounts. This for making container-suseconnect working in the public cloud on-demand images. It needs that file for being able to verify the server certificates of the RMT servers hosted in the public cloud. (https://github.com/SUSE/container-suseconnect/issues/41) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2965-1 Released: Tue Oct 20 13:27:21 2020 Summary: Recommended update for cni, cni-plugins Type: recommended Severity: moderate References: 1172786 This update ships cni and cni-plugins to the Public Cloud Module of SUSE Linux Enterprise 15 SP2. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1954-1 Released: Fri Jun 11 10:45:09 2021 Summary: Security update for containerd, docker, runc Type: security Severity: important References: 1168481,1175081,1175821,1181594,1181641,1181677,1181730,1181732,1181749,1182451,1182476,1182947,1183024,1183855,1184768,1184962,1185405,CVE-2021-21284,CVE-2021-21285,CVE-2021-21334,CVE-2021-30465 This update for containerd, docker, runc fixes the following issues: Docker was updated to 20.10.6-ce (bsc#1184768, bsc#1182947, bsc#1181594) * Switch version to use -ce suffix rather than _ce to avoid confusing other tools (bsc#1182476). * CVE-2021-21284: Fixed a potential privilege escalation when the root user in the remapped namespace has access to the host filesystem (bsc#1181732) * CVE-2021-21285: Fixed an issue where pulling a malformed Docker image manifest crashes the dockerd daemon (bsc#1181730). * btrfs quotas being removed by Docker regularly (bsc#1183855, bsc#1175081) runc was updated to v1.0.0~rc93 (bsc#1182451, bsc#1175821 bsc#1184962). * Use the upstream runc package (bsc#1181641, bsc#1181677, bsc#1175821). * Fixed /dev/null is not available (bsc#1168481). * CVE-2021-30465: Fixed a symlink-exchange attack vulnarability (bsc#1185405). containerd was updated to v1.4.4 * CVE-2021-21334: Fixed a potential information leak through environment variables (bsc#1183397). * Handle a requirement from docker (bsc#1181594). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2962-1 Released: Mon Sep 6 18:23:01 2021 Summary: Recommended update for runc Type: recommended Severity: critical References: 1189743 This update for runc fixes the following issues: - Fixed an issue when toolbox container fails to start. (bsc#1189743) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3506-1 Released: Mon Oct 25 10:20:22 2021 Summary: Security update for containerd, docker, runc Type: security Severity: important References: 1102408,1185405,1187704,1188282,1190826,1191015,1191121,1191334,1191355,1191434,CVE-2021-30465,CVE-2021-32760,CVE-2021-41089,CVE-2021-41091,CVE-2021-41092,CVE-2021-41103 This update for containerd, docker, runc fixes the following issues: Docker was updated to 20.10.9-ce. (bsc#1191355) See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. CVE-2021-41092 CVE-2021-41089 CVE-2021-41091 CVE-2021-41103 container was updated to v1.4.11, to fix CVE-2021-41103. bsc#1191355 - CVE-2021-32760: Fixed that a archive package allows chmod of file outside of unpack target directory (bsc#1188282) - Install systemd service file as well (bsc#1190826) Update to runc v1.0.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.2 * Fixed a failure to set CPU quota period in some cases on cgroup v1. * Fixed the inability to start a container with the 'adding seccomp filter rule for syscall ...' error, caused by redundant seccomp rules (i.e. those that has action equal to the default one). Such redundant rules are now skipped. * Made release builds reproducible from now on. * Fixed a rare debug log race in runc init, which can result in occasional harmful 'failed to decode ...' errors from runc run or exec. * Fixed the check in cgroup v1 systemd manager if a container needs to be frozen before Set, and add a setting to skip such freeze unconditionally. The previous fix for that issue, done in runc 1.0.1, was not working. Update to runc v1.0.1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.1 * Fixed occasional runc exec/run failure ('interrupted system call') on an Azure volume. * Fixed 'unable to find groups ... token too long' error with /etc/group containing lines longer than 64K characters. * cgroup/systemd/v1: fix leaving cgroup frozen after Set if a parent cgroup is frozen. This is a regression in 1.0.0, not affecting runc itself but some of libcontainer users (e.g Kubernetes). * cgroupv2: bpf: Ignore inaccessible existing programs in case of permission error when handling replacement of existing bpf cgroup programs. This fixes a regression in 1.0.0, where some SELinux policies would block runc from being able to run entirely. * cgroup/systemd/v2: don't freeze cgroup on Set. * cgroup/systemd/v1: avoid unnecessary freeze on Set. - fix issues with runc under openSUSE MicroOS's SELinux policy. bsc#1187704 Update to runc v1.0.0. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0 ! The usage of relative paths for mountpoints will now produce a warning (such configurations are outside of the spec, and in future runc will produce an error when given such configurations). * cgroupv2: devices: rework the filter generation to produce consistent results with cgroupv1, and always clobber any existing eBPF program(s) to fix runc update and avoid leaking eBPF programs (resulting in errors when managing containers). * cgroupv2: correctly convert 'number of IOs' statistics in a cgroupv1-compatible way. * cgroupv2: support larger than 32-bit IO statistics on 32-bit architectures. * cgroupv2: wait for freeze to finish before returning from the freezing code, optimize the method for checking whether a cgroup is frozen. * cgroups/systemd: fixed 'retry on dbus disconnect' logic introduced in rc94 * cgroups/systemd: fixed returning 'unit already exists' error from a systemd cgroup manager (regression in rc94) + cgroupv2: support SkipDevices with systemd driver + cgroup/systemd: return, not ignore, stop unit error from Destroy + Make 'runc --version' output sane even when built with go get or otherwise outside of our build scripts. + cgroups: set SkipDevices during runc update (so we don't modify cgroups at all during runc update). + cgroup1: blkio: support BFQ weights. + cgroupv2: set per-device io weights if BFQ IO scheduler is available. Update to runc v1.0.0~rc95. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc95 This release of runc contains a fix for CVE-2021-30465, and users are strongly recommended to update (especially if you are providing semi-limited access to spawn containers to untrusted users). (bsc#1185405) Update to runc v1.0.0~rc94. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc94 Breaking Changes: * cgroupv1: kernel memory limits are now always ignored, as kmemcg has been effectively deprecated by the kernel. Users should make use of regular memory cgroup controls. Regression Fixes: * seccomp: fix 32-bit compilation errors * runc init: fix a hang caused by deadlock in seccomp/ebpf loading code * runc start: fix 'chdir to cwd: permission denied' for some setups ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4171-1 Released: Thu Dec 23 09:55:13 2021 Summary: Security update for runc Type: security Severity: moderate References: 1193436,CVE-2021-43784 This update for runc fixes the following issues: Update to runc v1.0.3. * CVE-2021-43784: Fixed a potential vulnerability related to the internal usage of netlink, which is believed to not be exploitable with any released versions of runc (bsc#1193436) * Fixed inability to start a container with read-write bind mount of a read-only fuse host mount. * Fixed inability to start when read-only /dev in set in spec. * Fixed not removing sub-cgroups upon container delete, when rootless cgroup v2 is used with older systemd. * Fixed returning error from GetStats when hugetlb is unsupported (which causes excessive logging for kubernetes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:943-1 Released: Thu Mar 24 12:52:54 2022 Summary: Security update for slirp4netns Type: security Severity: moderate References: 1179467,CVE-2020-29130 This update for slirp4netns fixes the following issues: - CVE-2020-29130: Fixed an invalid memory access while processing ARP packets (bsc#1179467). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2341-1 Released: Fri Jul 8 16:09:12 2022 Summary: Security update for containerd, docker and runc Type: security Severity: important References: 1192051,1199460,1199565,1200088,1200145,CVE-2022-29162,CVE-2022-31030 This update for containerd, docker and runc fixes the following issues: containerd: - CVE-2022-31030: Fixed denial of service via invocation of the ExecSync API (bsc#1200145) docker: - Update to Docker 20.10.17-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/#201017. (bsc#1200145) runc: Update to runc v1.1.3. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.3. * Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on s390 and s390x. This solves the issue where syscalls the host kernel did not support would return `-EPERM` despite the existence of the `-ENOSYS` stub code (this was due to how s390x does syscall multiplexing). * Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as intended; this fix does not affect runc binary itself but is important for libcontainer users such as Kubernetes. * Inability to compile with recent clang due to an issue with duplicate constants in libseccomp-golang. * When using systemd cgroup driver, skip adding device paths that don't exist, to stop systemd from emitting warnings about those paths. * Socket activation was failing when more than 3 sockets were used. * Various CI fixes. * Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container. - Fixed issues with newer syscalls (namely faccessat2) on older kernels on s390(x) caused by that platform's syscall multiplexing semantics. (bsc#1192051 bsc#1199565) Update to runc v1.1.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.2. Security issue fixed: - CVE-2022-29162: A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment. (bsc#1199460) - `runc spec` no longer sets any inheritable capabilities in the created example OCI spec (`config.json`) file. Update to runc v1.1.1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.1. * runc run/start can now run a container with read-only /dev in OCI spec, rather than error out. (#3355) * runc exec now ensures that --cgroup argument is a sub-cgroup. (#3403) libcontainer systemd v2 manager no longer errors out if one of the files listed in /sys/kernel/cgroup/delegate do not exist in container's cgroup. (#3387, #3404) * Loosen OCI spec validation to avoid bogus 'Intel RDT is not supported' error. (#3406) * libcontainer/cgroups no longer panics in cgroup v1 managers if stat of /sys/fs/cgroup/unified returns an error other than ENOENT. (#3435) Update to runc v1.1.0. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0. - libcontainer will now refuse to build without the nsenter package being correctly compiled (specifically this requires CGO to be enabled). This should avoid folks accidentally creating broken runc binaries (and incorrectly importing our internal libraries into their projects). (#3331) Update to runc v1.1.0~rc1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0-rc.1. + Add support for RDMA cgroup added in Linux 4.11. * runc exec now produces exit code of 255 when the exec failed. This may help in distinguishing between runc exec failures (such as invalid options, non-running container or non-existent binary etc.) and failures of the command being executed. + runc run: new --keep option to skip removal exited containers artefacts. This might be useful to check the state (e.g. of cgroup controllers) after the container has???exited. + seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD (the latter is just an alias for SCMP_ACT_KILL). + seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows users to create sophisticated seccomp filters where syscalls can be efficiently emulated by privileged processes on the host. + checkpoint/restore: add an option (--lsm-mount-context) to set a different LSM mount context on restore. + intelrdt: support ClosID parameter. + runc exec --cgroup: an option to specify a (non-top) in-container cgroup to use for the process being executed. + cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1 machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc run/exec now adds the container to the appropriate cgroup under it). + sysctl: allow slashes in sysctl names, to better match sysctl(8)'s behaviour. + mounts: add support for bind-mounts which are inaccessible after switching the user namespace. Note that this does not permit the container any additional access to the host filesystem, it simply allows containers to have bind-mounts configured for paths the user can access but have restrictive access control settings for other users. + Add support for recursive mount attributes using mount_setattr(2). These have the same names as the proposed mount(8) options -- just prepend r to the option name (such as rro). + Add runc features subcommand to allow runc users to detect what features runc has been built with. This includes critical information such as supported mount flags, hook names, and so on. Note that the output of this command is subject to change and will not be considered stable until runc 1.2 at the earliest. The runtime-spec specification for this feature is being developed in opencontainers/runtime-spec#1130. * system: improve performance of /proc/$pid/stat parsing. * cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change the ownership of certain cgroup control files (as per /sys/kernel/cgroup/delegate) to allow for proper deferral to the container process. * runc checkpoint/restore: fixed for containers with an external bind mount which destination is a symlink. * cgroup: improve openat2 handling for cgroup directory handle hardening. runc delete -f now succeeds (rather than timing out) on a paused container. * runc run/start/exec now refuses a frozen cgroup (paused container in case of exec). Users can disable this using --ignore-paused. - Update version data embedded in binary to correctly include the git commit of the release. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2360-1 Released: Tue Jul 12 12:01:39 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2566-1 Released: Wed Jul 27 15:04:49 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199235,CVE-2022-1587 This update for pcre2 fixes the following issues: - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2834-1 Released: Wed Aug 17 16:51:55 2022 Summary: Security update for podman Type: security Severity: important References: 1182428,1196338,1197284,CVE-2022-1227,CVE-2022-21698,CVE-2022-27191 This update for podman fixes the following issues: Updated to version 3.4.7: - CVE-2022-1227: Fixed an issue that could allow an attacker to publish a malicious image to a public registry and run arbitrary code in the victim's context via the 'podman top' command (bsc#1182428). - CVE-2022-27191: Fixed a potential crash via SSH under specific configurations (bsc#1197284). - CVE-2022-21698: Fixed a potential denial of service that affected servers that used Prometheus instrumentation (bsc#1196338). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3435-1 Released: Tue Sep 27 14:55:38 2022 Summary: Recommended update for runc Type: recommended Severity: important References: 1202821 This update for runc fixes the following issues: - Fix mounting via wrong proc fd. When the user and mount namespaces are used, and the bind mount is followed by the cgroup mount in the spec, the cgroup was mounted using the bind mount's mount fd. - Fix 'permission denied' error from runc run on noexec fs - Fix regression causing a failed 'exec' error after systemctl daemon-reload (bsc#1202821) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3820-1 Released: Mon Oct 31 12:52:56 2022 Summary: Security update for podman Type: security Severity: moderate References: 1202809,CVE-2022-2989 This update for podman fixes the following issues: - CVE-2022-2989: Fixed possible information disclosure and modification (bsc#1202809). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3927-1 Released: Wed Nov 9 14:55:47 2022 Summary: Recommended update for runc Type: recommended Severity: moderate References: 1202021,1202821 This update for runc fixes the following issues: - Update to runc v1.1.4 (bsc#1202021) - Fix failed exec after systemctl daemon-reload (bsc#1202821) - Fix mounting via wrong proc - Fix 'permission denied' error from runc run on noexec filesystem ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4592-1 Released: Tue Dec 20 16:51:35 2022 Summary: Security update for cni Type: security Severity: important References: 1181961,CVE-2021-20206 This update for cni fixes the following issues: - CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4593-1 Released: Tue Dec 20 16:55:16 2022 Summary: Security update for cni-plugins Type: security Severity: important References: 1181961,CVE-2021-20206 This update for cni-plugins fixes the following issues: - CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4618-1 Released: Fri Dec 23 13:02:31 2022 Summary: Recommended update for catatonit Type: recommended Severity: moderate References: This update for catatonit fixes the following issues: Update to catatonit v0.1.7: - This release adds the ability for catatonit to be used as the only process in a pause container, by passing the -P flag (in this mode no subprocess is spawned and thus no signal forwarding is done). Update to catatonit v0.1.6: - which fixes a few bugs -- mainly ones related to socket activation or features somewhat adjacent to socket activation (such as passing file descriptors). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4635-1 Released: Thu Dec 29 12:31:19 2022 Summary: Security update for conmon Type: security Severity: moderate References: 1200285,CVE-2022-1708 This update for conmon fixes the following issues: conmon was updated to version 2.1.5: * don't leak syslog_identifier * logging: do not read more that the buf size * logging: fix error handling * Makefile: Fix install for FreeBSD * signal: Track changes to get_signal_descriptor in the FreeBSD version * Packit: initial enablement Update to version 2.1.4: * Fix a bug where conmon crashed when it got a SIGCHLD update to 2.1.3: * Stop using g_unix_signal_add() to avoid threads * Rename CLI optionlog-size-global-max to log-global-size-max Update to version 2.1.2: * add log-global-size-max option to limit the total output conmon processes (CVE-2022-1708 bsc#1200285) * journald: print tag and name if both are specified * drop some logs to debug level Update to version 2.1.0 * logging: buffer partial messages to journald * exit: close all fds >= 3 * fix: cgroup: Free memory_cgroup_file_path if open fails. Update to version 2.0.32 * Fix: Avoid mainfd_std{in,out} sharing the same file descriptor. * exit_command: Fix: unset subreaper attribute before running exit command Update to version 2.0.31 * logging: new mode -l passthrough * ctr_logs: use container name or ID as SYSLOG_IDENTIFIER for journald * conmon: Fix: free userdata files before exec cleanup ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:187-1 Released: Fri Jan 27 11:26:55 2023 Summary: Security update for podman Type: security Severity: important References: 1181640,1181961,1193166,1193273,1197672,1199790,1202809,CVE-2021-20199,CVE-2021-20206,CVE-2021-4024,CVE-2021-41190,CVE-2022-27649,CVE-2022-2989 This update for podman fixes the following issues: podman was updated to version 4.3.1: 4.3.1: * Bugfixes - Fixed a deadlock between the `podman ps` and `podman container inspect` commands * Misc - Updated the containers/image library to v5.23.1 4.3.0: * Features - A new command, `podman generate spec`, has been added, which creates a JSON struct based on a given container that can be used with the Podman REST API to create containers. - A new command, `podman update`, has been added,which makes changes to the resource limits of existing containers. Please note that these changes do not persist if the container is restarted - A new command, `podman kube down`, has been added, which removes pods and containers created by the given Kubernetes YAML (functionality is identical to `podman kube play --down`, but it now has its own command). - The `podman kube play` command now supports Kubernetes secrets using Podman's secrets backend. - Systemd-managed pods created by the `podman kube play` command now integrate with sd-notify, using the `io.containers.sdnotify` annotation (or `io.containers.sdnotify/$name` for specific containers). - Systemd-managed pods created by `podman kube play` can now be auto-updated, using the `io.containers.auto-update` annotation (or `io.containers.auto-update/$name` for specific containers). - The `podman kube play` command can now read YAML from URLs, e.g. `podman kube play https://example.com/demo.yml` - The `podman kube play` command now supports the `emptyDir` volume type - The `podman kube play` command now supports the `HostUsers` field in the pod spec. - The `podman play kube` command now supports `binaryData` in ConfigMaps. - The `podman pod create` command can now set additional resource limits for pods using the new `--memory-swap`, `--cpuset-mems`, `--device-read-bps`, `--device-write-bps`, `--blkio-weight`, `--blkio-weight-device`, and `--cpu-shares` options. - The `podman machine init` command now supports a new option, `--username`, to set the username that will be used to connect to the VM as a non-root user - The `podman volume create` command's `-o timeout=` option can now set a timeout of 0, indicating volume plugin operations will never time out. - Added support for a new volume driver, `image`, which allows volumes to be created that are backed by images. - The `podman run` and `podman create` commands support a new option, `--env-merge`, allowing environment variables to be specified relative to other environment variables in the image (e.g. `podman run --env-merge 'PATH=$PATH:/my/app' ...`) - The `podman run` and `podman create` commands support a new option, `--on-failure`, to allow action to be taken when a container fails health checks, with the following supported actions: `none` (take no action, the default), `kill` (kill the container), `restart` (restart the container), and `stop` (stop the container). - The `--keep-id` option to `podman create` and `podman run` now supports new options, `uid` and `gid`, to set the UID and GID of the user in the container that will be mapped to the user running Podman (e.g. `--userns=keep-id:uid=11` will made the user running Podman to UID 11 in the container) - The `podman generate systemd` command now supports a new option, `--env`/`-e`, to set environment variables in the generated unit file - The `podman pause` and `podman unpause` commands now support the `--latest`, `--cidfile`, and `--filter` options. - The `podman restart` command now supports the `--cidfile` and `--filter` options. - The `podman rm` command now supports the `--filter` option to select which containers will be removed. - The `podman rmi` command now supports a new option, `--no-prune`, to prevent the removal of dangling parents of removed images. - The `--dns-opt` option to `podman create`, `podman run`, and `podman pod create` has received a new alias, `--dns-option`, to improve Docker compatibility. - The `podman` command now features a new global flag, `--debug`/`-D`, which enables debug-level logging (identical to `--log-level=debug`), improving Docker compatibility. - The `podman` command now features a new global flag, `--config`. This flag is ignored, and is only included for Docker compatibility - The `podman manifest create` command now accepts a new option, `--amend`/`-a`. - The `podman manifest create`, `podman manifest add` and `podman manifest push` commands now accept a new option, `--insecure` (identical to `--tls-verify=false`), improving Docker compatibility. - The `podman secret create` command's `--driver` and `--format` options now have new aliases, `-d` for `--driver` and `-f` for `--format`. - The `podman secret create` command now supports a new option, `--label`/`-l`, to add labels to created secrets. - The `podman secret ls` command now accepts the `--quiet`/`-q` option. - The `podman secret inspect` command now accepts a new option, `--pretty`, to print output in human-readable format. - The `podman stats` command now accepts the `--no-trunc` option. - The `podman save` command now accepts the `--signature-policy` option - The `podman pod inspect` command now allows multiple arguments to be passed. If so, it will return a JSON array of the inspected pods - A series of new hidden commands have been added under `podman context` as aliases to existing `podman system connection` commands, to improve Docker compatibility. - The remote Podman client now supports proxying signals for attach sessions when the `--sig-proxy` option is set ### Changes - Duplicate volume mounts are now allowed with the `-v` option to `podman run`, `podman create`, and `podman pod create`, so long as source, destination, and options all match - The `podman generate kube` and `podman play kube` commands have been renamed to `podman kube generate` and `podman kube play` to group Kubernetes-related commands. Aliases have been added to ensure the old command names still function. - A number of Podman commands (`podman init`, `podman container checkpoint`, `podman container restore`, `podman container cleanup`) now print the user-inputted name of the container, instead of its full ID, on success. - When an unsupported option (e.g. resource limit) is specified for a rootless container on a cgroups v1 system, a warning message is now printed that the limit will not be honored. - The installer for the Windows Podman client has been improved. - The `--cpu-rt-period` and `--cpu-rt-runtime` options to `podman run` and `podman create` now print a warning and are ignored on cgroups v2 systems (cgroups v2 having dropped support for these controllers) - Privileged containers running systemd will no longer mount `/dev/tty*` devices other than `/dev/tty` itself into the container - Events for containers that are part of a pod now include the ID of the pod in the event. - SSH functionality for `podman machine` commands has seen a thorough rework, addressing many issues about authentication. - The `--network` option to `podman kube play` now allows passing `host` to set the pod to use host networking, even if the YAML does not request this. - The `podman inspect` command on containers now includes the digest of the image used to create the container. - Pods created by `podman play kube` are now, by default, placed into a network named `podman-kube`. If the `podman-kube` network does not exist, it will be created. This ensures pods can connect to each other by their names, as the network has DNS enabled. Update to version 4.2.0: * Features - Podman now supports the Gitlab Runner (using the Docker executor), allowing its use in Gitlab CI/CD pipelines. - A new command has been added, podman pod clone, to create a copy of an existing pod. It supports several options, including --start to start the new pod, --destroy to remove the original pod, and --name to change the name of the new pod - A new command has been added, podman volume reload, to sync changes in state between Podman's database and any configured volume plugins - A new command has been added, podman machine info, which displays information about the host and the versions of various machine components. - Pods created by podman play kube can now be managed by systemd unit files. This can be done via a new systemd service, podman-kube at .service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the Kubernetes pod or deployment contained in my.yaml under systemd. - The podman play kube command now honors the RunAsUser, RunAsGroup, and SupplementalGroups setting from the Kubernetes pod's security context. - The podman play kube command now supports volumes with the BlockDevice and CharDevice types - The podman play kube command now features a new flag, --userns, to set the user namespace of created pods. Two values are allowed at present: host and auto - The podman play kube command now supports setting the type of created init containers via the io.podman.annotations.init.container.type annotation. - Pods now have include an exit policy (configurable via the --exit-policy option to podman pod create), which determines what will happen to the pod's infra container when the entire pod stops. The default, continue, acts as Podman currently does, while a new option, stop, stops the infra container after the last container in the pod stops, and is used by default for pods from podman play kube - The podman pod create command now allows the pod's name to be specified as an argument, instead of using the --name option - for example, podman pod create mypod instead of the prior podman pod create --name mypod. Please note that the --name option is not deprecated and will continue to work. - The podman pod create command's --share option now supports adding namespaces to the set by prefacing them with + (as opposed to specifying all namespaces that should be shared) - The podman pod create command has a new option, --shm-size, to specify the size of the /dev/shm mount that will be shared if the pod shares its UTS namespace (#14609). - The podman pod create command has a new option, --uts, to configure the UTS namespace that will be shared by containers in the pod. - The podman pod create command now supports setting pod-level resource limits via the --cpus, --cpuset-cpus, and --memory options. These will set a limit for all containers in the pod, while individual containers within the pod are allowed to set further limits. Look forward to more options for resource limits in our next release! - The podman create and podman run commands now include the -c short option for the --cpu-shares option. - The podman create and podman run commands can now create containers from a manifest list (and not an image) as long as the --platform option is specified (#14773). - The podman build command now supports a new option, --cpp-flag, to specify options for the C preprocessor when using Containerfile.in files that require preprocessing. - The podman build command now supports a new option, --build-context, allowing the user to specify an additional build context. - The podman machine inspect command now prints the location of the VM's Podman API socket on the host (#14231). - The podman machine init command on Windows now fetches an image with packages pre-installed (#14698). - Unused, cached Podman machine VM images are now cleaned up automatically. Note that because Podman now caches in a different directory, this will not clean up old images pulled before this change (#14697). - The default for the --image-volume option to podman run and podman create can now have its default set through the image_volume_mode setting in containers.conf (#14230). - Overlay volumes now support two new options, workdir and upperdir, to allow multiple overlay volumes from different containers to reuse the same workdir or upperdir (#14427). - The podman volume create command now supports two new options, copy and nocopy, to control whether contents from the overmounted folder in a container will be copied into the newly-created named volume (copy-up). - Volumes created using a volume plugin can now specify a timeout for all operations that contact the volume plugin (replacing the standard 5 second timeout) via the --opt o=timeout= option to podman volume create (BZ 2080458). - The podman volume ls command's --filter name= option now supports regular expression matching for volume names (#14583). - When used with a podman machine VM, volumes now support specification of the 9p security model using the security_model option to podman create -v and podman run -v. - The remote Podman client's podman push command now supports the --remove-signatures option (#14558). - The remote Podman client now supports the podman image scp command. - The podman image scp command now supports tagging the transferred image with a new name. - The podman network ls command supports a new filter, --filter dangling=, to list networks not presently used by any containers (#14595). - The --condition option to podman wait can now be specified multiple times to wait on any one of multiple conditions. - The podman events command now includes the -f short option for the --filter option. - The podman pull command now includes the -a short option for the --all-tags option. - The podman stop command now includes a new flag, --filter, to filter which containers will be stopped (e.g. podman stop --all --filter label=COM.MY.APP). - The Podman global option --url now has two aliases: -H and --host. - The podman network create command now supports a new option with the default bridge driver, --opt isolate=, which isolates the network by blocking any traffic from it to any other network with the isolate option enabled. This option is enabled by default for networks created using the Docker-compatible API. - Added the ability to create sigstore signatures in podman push and podman manifest push. - Added an option to read image signing passphrase from a file. * Changes - Paused containers can now be killed with the podman kill command. - The podman system prune command now removes unused networks. - The --userns=keep-id and --userns=nomap options to the podman run and podman create commands are no longer allowed (instead of simply being ignored) with root Podman. - If the /run directory for a container is part of a volume, Podman will not create the /run/.containerenv file (#14577). - The podman machine stop command on macOS now waits for the machine to be completely stopped to exit (#14148). - All podman machine commands now only support being run as rootless, given that VMs only functioned when run rootless. - The podman unpause --all command will now only attempt to unpause containers that are paused, not all containers. - Init containers created with podman play kube now default to the once type (#14877). - Pods created with no shared namespaces will no longer create an infra container unless one is explicitly requested (#15048). - The podman create, podman run, and podman cp commands can now autocomplete paths in the image or container via the shell completion. - The libpod/common package has been removed as it's not used anywhere. - The --userns option to podman create and podman run is no longer accepted when an explicit UID or GID mapping is specified (#15233). * Misc - Podman will now check for nameservers in /run/NetworkManager/no-stub-resolv.conf if the /etc/resolv.conf file only contains a localhost server. - The podman build command now supports caching with builds that specify --squash-all by allowing the --layers flag to be used at the same time. - Podman Machine support for QEMU installations at non-default paths has been improved. - The podman machine ssh command no longer prints spurious warnings every time it is run. - When accessing the WSL prompt on Windows, the rootless user will be preferred. - The podman info command now includes a field for information on supported authentication plugins for improved Docker compatibility. Authentication plugins are not presently supported by Podman, so this field is always empty. - The podman system prune command now no longer prints the Deleted Images header if no images were pruned. - The podman system service command now automatically creates and moves to a sub-cgroup when running in the root cgroup (#14573). - Updated Buildah to v1.27.0 (fixes CVE-2022-21698 / bsc#1196338) - Updated the containers/image library to v5.22.0 - Updated the containers/storage library to v1.42.0 (fixes bsc#1196751) - Updated the containers/common library to v0.49.1 - Podman will automatically create a sub-cgroup and move itself into it when it detects that it is running inside a container (#14884). - Fixed an incorrect release note about regexp. - A new MacOS installer (via pkginstaller) is now supported. Update to version 4.1.1: * The output of the podman load command now mirrors that of docker load. * Podman now supports Docker Compose v2.2 and higher. Please note that it may be necessary to disable the use of Buildkit by setting the environment variable DOCKER_BUILDKIT=0. * A new container command has been added, podman container clone. This command makes a copy of an existing container, with the ability to change some settings (e.g. resource limits) while doing so. * Podman now supports sending JSON events related to machines to a Unix socket named machine_events.*\.sock in XDG_RUNTIME_DIR/podman or to a socket whose path is set in the PODMAN_MACHINE_EVENTS_SOCK environment variable. * Two new volume commands have been added, podman volume mount and podman volume unmount. These allow for Podman-managed named volumes to be mounted and accessed from outside containers. * The podman container checkpoint and podman container restore options now support checkpointing to and restoring from OCI images. This allows checkpoints to be distributed via standard image registries. * The podman play kube command now supports environment variables that are specified using the fieldRef and resourceFieldRef sources. * The podman play kube command will now set default resource limits when the provided YAML does not include them. * The podman play kube command now supports a new option, --annotation, to add annotations to created containers. * The podman play kube --build command now supports a new option, --context-dir, which allows the user to specify the context directory to use when building the Containerfile. * The podman container commit command now supports a new option, --squash, which squashes the generated image into a single layer. * The podman pod logs command now supports two new options, --names, which identifies which container generated a log message by name, instead of ID and --color, which colors messages based on what container generated them. * The podman rmi command now supports a new option, --ignore, which will ignore errors caused by missing images. * The podman network create command now features a new option, --ipam-driver, to specify details about how IP addresses are assigned to containers in the network. * The podman machine list command now features a new option, --quiet, to print only the names of configured VMs and no other information. * The --ipc option to the podman create, podman run, and podman pod create commands now supports three new modes: none, private, and shareable. The default IPC mode is now shareable, indicating the the IPC namespace can be shared with other containers. * The --mount option to the podman create and podman run commands can now set options for created named volumes via the volume-opt parameter. * The --mount option to the podman create and podman run commands now allows parameters to be passed in CSV format. * The --userns option to the podman create and podman run commands now supports a new option, nomap, that (only for rootless containers) does not map the UID of the user that started the container into the container, increasing security. * The podman import command now supports three new options, --arch, --os, and --variant, to specify what system the imported image was built for. * The podman inspect command now includes information on the network configuration of containers that joined a pre-configured network namespace with the --net ns: option to podman run, podman create, and podman pod create. * The podman run and podman create commands now support a new option, --chrootdirs, which specifies additional locations where container-specific files managed by Podman (e.g. /etc/hosts, `/etc/resolv.conf, etc) will be mounted inside the container (#12961). * The podman run and podman create commands now support a new option, --passwd-entry, allowing entries to be added to the container's /etc/passwd file. * The podman images --format command now accepts two new format directives: {{.CreatedAt}} and {{.CreatedSince}}. * The podman volume create command's -o option now accepts a new argument, o=noquota, to disable XFS quotas entirely and avoid potential issues when Podman is run on an XFS filesystem with existing quotas defined. * The podman info command now includes additional information on the machine Podman is running on, including disk utilization on the drive Podman is storing containers and images on, and CPU utilization. * Fix CVE-2022-27191 / bsc#1197284 - Require catatonit >= 0.1.7 for pause functionality needed by pods Update to version 4.0.3: * Security - This release fixes CVE-2022-27649, where containers run by Podman would have excess inheritable capabilities set. * Changes - The podman machine rm --force command will now remove running machines as well (such machines are shut down first, then removed) (#13448). - When a podman machine VM is started that is using a too-old VM image, it will now start in a reduced functionality mode, and provide instructions on how to recreate it (previously, VMs were effectively unusable) (#13510). - Updated the containers/common library to v0.47.5 - This release addresses CVE-2021-4024 / bsc#1193166, where the podman machine command opened the gvproxy API (used to forward ports to podman machine VMs) to the public internet on port 7777. - This release addresses CVE-2021-41190 / bsc#1193273, where incomplete specification of behavior regarding image manifests could lead to inconsistent decoding on different clients. Update to version 3.1.0: (bsc#1181961, CVE-2021-20206) - A fix for CVE-2021-20199 / bsc#1181640 is included. Podman between v1.8.0 and v2.2.1 used 127.0.0.1 as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:870-1 Released: Wed Mar 22 09:44:13 2023 Summary: Security update for slirp4netns Type: security Severity: moderate References: 1179466,1179467,CVE-2020-29129,CVE-2020-29130 This update for slirp4netns fixes the following issues: - CVE-2020-29129: Fixed out-of-bounds access while processing NCSI packets (bsc#1179466). - CVE-2020-29130: Fixed out-of-bounds access while processing ARP packets (bsc#1179467). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1774-1 Released: Wed Apr 5 13:13:19 2023 Summary: Recommended update for libcontainers-common Type: recommended Severity: moderate References: 1171578,1175821,1182998,1197093,1200524,1205536,1207509 This update for libcontainers-common fixes the following issues: - Add registry.suse.com to the unqualified-search-registries (bsc#1205536) - New upstream release 20230214 - bump c/storage to 1.45.3 - bump c/image to 5.24.1 - bump c/common to 0.51.0 - containers.conf: - add commented out options containers.read_only, engine.platform_to_oci_runtime, engine.events_container_create_inspect_data, network.volume_plugin_timeout, engine.runtimes.youki, machine.provider - remove deprecated setting containers.userns_size - add youki to engine.runtime_supports_json - shortnames.conf: pull in latest upstream version - storage.conf: add commented out option storage.transient_store - correct license to APACHE-2.0 - Changes introduced to c/storage's storage.conf which adds a driver_priority attribute would break consumers of libcontainer-common as long as those packages are vendoring an older c/storage version. (bsc#1207509) - storage.conf: Unset 'driver' and set 'driver_priority' to allow podman to use 'btrfs' if available and fallback to 'overlay' if not. - .spec: rm %post script to set 'btrfs' as storage driver in storage.conf - Remove registry.suse.com from search unqualified-search-registries - add requires on util-linux-systemd for findmnt in profile script - only set storage_driver env when no libpod exists - add container-storage-driver.sh (bsc#1197093) - postinstall script: slight cleanup, no functional change - set detached sigstore attachments for the SUSE controlled registries - Fix obvious typo in containers.conf - Resync containers.conf / storage.conf with Fedora - Create /etc/containers/registries.conf.d and add 000-shortnames.conf to it. - Use $() again in %post, but with a space for POSIX compliance - Add missing Requires(post): sed (bsc#1200524) - Make %post compatible with dash - Switch registries.conf to v2 format - Reintroduce SLE specific mounts config, to avoid errors on non-SLE systems - Require util-linux-systemd for %post scripts (bsc#1182998, jsc#SLE-12122, bsc#1175821) - Update default registry (bsc#1171578) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1796-1 Released: Fri Apr 7 11:06:47 2023 Summary: Security update for conmon Type: security Severity: moderate References: 1209307 This update for conmon fixes the following issues: - rebuild against supported go 1.19 (bsc#1209307) - no functional changes. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2877-1 Released: Wed Jul 19 09:43:42 2023 Summary: Security update for dbus-1 Type: security Severity: moderate References: 1212126,CVE-2023-34969 This update for dbus-1 fixes the following issues: - CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2918-1 Released: Thu Jul 20 12:00:17 2023 Summary: Recommended update for gpgme Type: recommended Severity: moderate References: 1089497 This update for gpgme fixes the following issues: gpgme: - Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497) libassuan: - Version upgrade to 2.5.5 in LTSS to address gpgme new requirements ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2962-1 Released: Tue Jul 25 09:34:53 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3022-1 Released: Fri Jul 28 21:44:59 2023 Summary: Security update for kernel-firmware Type: security Severity: moderate References: 1213286,CVE-2023-20593 This update for kernel-firmware fixes the following issues: - CVE-2023-20593: Fixed AMD ucode for ZenBleed vulnerability (bsc#1213286). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3170-1 Released: Thu Aug 3 08:02:27 2023 Summary: Recommended update for perl-Bootloader Type: recommended Severity: moderate References: 1201399,1208003,1210799 This update for perl-Bootloader fixes the following issues: - Use signed grub EFI binary when updating grub in default EFI location (bsc#1210799) - UEFI: update also default location, if it is controlled by SUSE (bsc#1210799, bsc#1201399) - Use `fw_platform_size` to distinguish between 32 bit and 64 bit UEFI platforms (bsc#1208003) - Add basic support for systemd-boot ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3275-1 Released: Fri Aug 11 10:19:36 2023 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1213472 This update for apparmor fixes the following issues: - Add pam_apparmor README (bsc#1213472) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3286-1 Released: Fri Aug 11 10:32:03 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1194900 This update for util-linux fixes the following issues: - Fix blkid for floppy drives (bsc#1194900) - Fix rpmbuild %checks fail when @ in the directory path (bsc#1194038) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3327-1 Released: Wed Aug 16 08:45:25 2023 Summary: Security update for pcre2 Type: security Severity: moderate References: 1213514,CVE-2022-41409 This update for pcre2 fixes the following issues: - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3360-1 Released: Fri Aug 18 14:48:55 2023 Summary: Security update for kernel-firmware Type: security Severity: moderate References: 1213287,CVE-2023-20569 This update for kernel-firmware fixes the following issues: - CVE-2023-20569: Fixed AMD 19h ucode to mitigate a side channel vulnerability in some of the AMD CPUs. (bsc#1213287) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3363-1 Released: Fri Aug 18 14:54:16 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3397-1 Released: Wed Aug 23 18:35:56 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213517,1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) - Don't pass zero length input to EVP_Cipher because s390x assembler optimized AES cannot handle zero size. (bsc#1213517) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3461-1 Released: Mon Aug 28 17:25:09 2023 Summary: Security update for freetype2 Type: security Severity: moderate References: 1210419,CVE-2023-2004 This update for freetype2 fixes the following issues: - CVE-2023-2004: Fixed integer overflow in tt_hvadvance_adjust (bsc#1210419). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3486-1 Released: Tue Aug 29 14:25:23 2023 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1214071 This update for lvm2 fixes the following issues: - blkdeactivate calls wrong mountpoint cmd (bsc#1214071) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3538-1 Released: Tue Sep 5 16:37:14 2023 Summary: Recommended update for dracut Type: recommended Severity: important References: 1214081 This update for dracut fixes the following issues: - Protect against broken links pointing to themselves - Exit if resolving executable dependencies fails (bsc#1214081) The following package changes have been done: - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - libuuid1-2.37.2-150400.8.20.1 updated - libudev1-249.16-150400.8.33.1 updated - libsmartcols1-2.37.2-150400.8.20.1 updated - libpcre2-8-0-10.39-150400.4.9.1 added - libblkid1-2.37.2-150400.8.20.1 updated - libaudit1-3.0.6-150400.4.13.1 updated - libapparmor1-3.0.4-150400.5.6.1 updated - libfdisk1-2.37.2-150400.8.20.1 updated - libip6tc2-1.8.7-1.1 added - libassuan0-2.5.5-150000.4.5.2 updated - libfreetype6-2.10.4-150000.4.15.1 updated - libnfnetlink0-1.0.1-2.11 added - elemental-updater-1.2.2-150400.1.1 updated - libnftnl11-1.2.0-150400.1.6 added - libselinux1-3.4-150400.1.8 updated - login_defs-4.8.1-150400.1.7 updated - libsystemd0-249.16-150400.8.33.1 updated - libmount1-2.37.2-150400.8.20.1 updated - liblvm2cmd2_03-2.03.05-150400.188.1 updated - libdevmapper1_03-2.03.05_1.02.163-150400.188.1 updated - libdbus-1-3-1.12.2-150400.18.8.1 updated - libdevmapper-event1_03-2.03.05_1.02.163-150400.188.1 updated - sysconfig-0.85.7-150400.1.2 updated - sysconfig-netconfig-0.85.7-150400.1.2 updated - catatonit-0.1.7-150300.10.3.1 added - conmon-2.1.5-150400.3.6.1 added - elemental-dracut-config-0.11.1-150400.1.1 updated - elemental-grub-config-0.11.1-150400.1.1 updated - elemental-immutable-rootfs-0.11.1-150400.1.1 updated - elemental-register-1.3.4-150400.2.1 updated - elemental-support-1.3.4-150400.2.1 updated - elemental-system-agent-0.3.3-150400.2.1 updated - fillup-1.42-2.18 added - libburn4-1.5.6-150400.2.1 added - libfuse3-3-3.10.5-150400.1.7 added - libparted0-3.2-150300.21.3.1 updated - libnetfilter_conntrack3-1.0.7-1.38 added - xtables-plugins-1.8.7-1.1 added - parted-3.2-150300.21.3.1 updated - glibc-locale-base-2.31-150300.52.2 updated - gawk-4.2.1-150000.3.3.1 updated - perl-Bootloader-0.944-150400.3.6.1 updated - device-mapper-2.03.05_1.02.163-150400.188.1 updated - iptables-1.8.7-1.1 added - libopenssl1_1-1.1.1l-150400.7.53.1 updated - libcryptsetup12-2.4.3-150400.3.3.1 updated - krb5-1.19.2-150400.3.6.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - shadow-4.8.1-150400.1.7 updated - dbus-1-1.12.2-150400.18.8.1 updated - libnm0-1.38.2-150400.3.3.1 updated - util-linux-2.37.2-150400.8.20.1 updated - systemd-249.16-150400.8.33.1 updated - udev-249.16-150400.8.33.1 updated - util-linux-systemd-2.37.2-150400.8.20.1 updated - systemd-sysvinit-249.16-150400.8.33.1 updated - dracut-055+suse.347.gdcb9bdbf-150400.3.28.1 updated - lvm2-2.03.05-150400.188.1 updated - kernel-firmware-usb-network-20220509-150400.4.22.1 updated - kernel-firmware-realtek-20220509-150400.4.22.1 updated - kernel-firmware-qlogic-20220509-150400.4.22.1 updated - kernel-firmware-platform-20220509-150400.4.22.1 updated - kernel-firmware-network-20220509-150400.4.22.1 updated - kernel-firmware-mellanox-20220509-150400.4.22.1 updated - kernel-firmware-mediatek-20220509-150400.4.22.1 updated - kernel-firmware-marvell-20220509-150400.4.22.1 updated - kernel-firmware-liquidio-20220509-150400.4.22.1 updated - kernel-firmware-iwlwifi-20220509-150400.4.22.1 updated - kernel-firmware-intel-20220509-150400.4.22.1 updated - kernel-firmware-i915-20220509-150400.4.22.1 updated - kernel-firmware-chelsio-20220509-150400.4.22.1 updated - kernel-firmware-bnx2-20220509-150400.4.22.1 updated - NetworkManager-1.38.2-150400.3.3.1 updated - libcontainers-common-20230214-150400.3.5.2 added - libisofs6-1.5.6-150400.2.1 added - mtools-4.0.35-150400.1.11 added - runc-1.1.4-150000.36.1 added - slirp4netns-0.4.7-150100.3.18.1 added - cni-0.7.1-150100.3.8.1 added - cni-plugins-0.8.6-150100.3.11.1 added - fuse-overlayfs-1.1.2-3.9.1 added - libisoburn1-1.5.6-150400.1.1 added - podman-4.3.1-150400.4.11.1 added - xorriso-1.5.6-150400.1.1 added - elemental-cli-0.11.1-150400.2.1 updated - elemental-init-setup-0.11.1-150400.1.1 updated - elemental-init-services-0.11.1-150400.1.1 updated - elemental-init-recovery-0.11.1-150400.1.1 updated - elemental-init-network-0.11.1-150400.1.1 updated - elemental-init-live-0.11.1-150400.1.1 updated - elemental-init-boot-assessment-0.11.1-150400.1.1 updated - elemental-init-config-0.11.1-150400.1.1 updated - elemental-toolkit-0.11.1-150400.1.1 updated - elemental-1.2.2-150400.1.1 updated - k9s-0.27.4-150400.2.1 updated - container:suse-sle-micro-rancher-5.4-latest-- added - container:suse-sle-micro-rancher-5.3-latest-- removed - libsemanage1-3.1-150400.1.65 removed - libsepol1-3.1-150400.1.70 removed From sle-updates at lists.suse.com Fri Oct 20 10:10:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Oct 2023 12:10:02 +0200 (CEST) Subject: SUSE-CU-2023:3477-1: Security update of rancher/elemental-operator Message-ID: <20231020101002.453A1F417@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3477-1 Container Tags : rancher/elemental-operator:1.3.4 , rancher/elemental-operator:1.3.4-3.2.1 , rancher/elemental-operator:latest Container Release : 3.2.1 Severity : critical Type : security References : 1089497 1105435 1114407 1124223 1125410 1126377 1131060 1131686 1174673 1177864 1181994 1186606 1188006 1190858 1194038 1194609 1194900 1199079 1202868 1204690 1206212 1206622 1206627 1208194 1208721 1209229 1209741 1210702 1210999 1211576 1211828 1212434 1213185 1213189 1213237 1213487 1213517 1213575 1213853 1213873 1214054 1214248 CVE-2018-1000654 CVE-2019-3880 CVE-2021-46848 CVE-2023-31484 CVE-2023-32001 CVE-2023-3446 CVE-2023-36054 CVE-2023-3817 ----------------------------------------------------------------- The container rancher/elemental-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1040-1 Released: Thu Apr 25 17:09:21 2019 Summary: Security update for samba Type: security Severity: important References: 1114407,1124223,1125410,1126377,1131060,1131686,CVE-2019-3880 This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060). ldb was updated to version 1.2.4 (bsc#1125410 bsc#1131686): - Out of bound read in ldb_wildcard_compare - Hold at most 10 outstanding paged result cookies - Put 'results_store' into a doubly linked list - Refuse to build Samba against a newer minor version of ldb Non-security issues fixed: - Fixed update-apparmor-samba-profile script after apparmor switched to using named profiles (bsc#1126377). - Abide to the load_printers parameter in smb.conf (bsc#1124223). - Provide the 32bit samba winbind PAM module and its dependend 32bit libraries. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1372-1 Released: Tue May 28 16:53:28 2019 Summary: Security update for libtasn1 Type: security Severity: moderate References: 1105435,CVE-2018-1000654 This update for libtasn1 fixes the following issues: Security issue fixed: - CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2148-1 Released: Thu Aug 6 13:36:17 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1174673 This update for ca-certificates-mozilla fixes the following issues: Update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673) Removed CAs: * AddTrust External CA Root * AddTrust Class 1 CA Root * LuxTrust Global Root 2 * Staat der Nederlanden Root CA - G2 * Symantec Class 1 Public Primary Certification Authority - G4 * Symantec Class 2 Public Primary Certification Authority - G4 * VeriSign Class 3 Public Primary Certification Authority - G3 Added CAs: * certSIGN Root CA G2 * e-Szigno Root CA 2017 * Microsoft ECC Root Certificate Authority 2017 * Microsoft RSA Root Certificate Authority 2017 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3157-1 Released: Wed Nov 4 15:37:05 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1177864 This update for ca-certificates-mozilla fixes the following issues: The SSL Root CA store was updated to the 2.44 state of the Mozilla NSS Certificate store (bsc#1177864) - Removed CAs: - EE Certification Centre Root CA - Taiwan GRCA - Added CAs: - Trustwave Global Certification Authority - Trustwave Global ECC P256 Certification Authority - Trustwave Global ECC P384 Certification Authority ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3274-1 Released: Fri Oct 1 10:34:17 2021 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1190858 This update for ca-certificates-mozilla fixes the following issues: - remove one of the Letsencrypt CAs DST_Root_CA_X3.pem, as it expires September 30th 2021 and openssl certificate chain handling does not handle this correctly in openssl 1.0.2 and older. (bsc#1190858) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3382-1 Released: Tue Oct 12 14:30:17 2021 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: This update for ca-certificates-mozilla fixes the following issues: - A new sub-package for minimal base containers (jsc#SLE-22162) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3395-1 Released: Mon Sep 26 16:35:18 2022 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1181994,1188006,1199079,1202868 This update for ca-certificates-mozilla fixes the following issues: Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868) - Added: - Certainly Root E1 - Certainly Root R1 - DigiCert SMIME ECC P384 Root G5 - DigiCert SMIME RSA4096 Root G5 - DigiCert TLS ECC P384 Root G5 - DigiCert TLS RSA4096 Root G5 - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Removed: - Hellenic Academic and Research Institutions RootCA 2011 Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079) - Added: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - D-TRUST BR Root CA 1 2020 - D-TRUST EV Root CA 1 2020 - GlobalSign ECC Root CA R4 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 - HiPKI Root CA - G1 - ISRG Root X2 - Telia Root CA v2 - vTrus ECC Root CA - vTrus Root CA - Removed: - Cybertrust Global Root - DST Root CA X3 - DigiNotar PKIoverheid CA Organisatie - G2 - GlobalSign ECC Root CA R4 - GlobalSign Root CA R2 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 Updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006) - Added: - HARICA Client ECC Root CA 2021 - HARICA Client RSA Root CA 2021 - HARICA TLS ECC Root CA 2021 - HARICA TLS RSA Root CA 2021 - TunTrust Root CA Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994) - Added new root CAs: - NAVER Global Root Certification Authority - Removed old root CAs: - GeoTrust Global CA - GeoTrust Primary Certification Authority - GeoTrust Primary Certification Authority - G3 - GeoTrust Universal CA - GeoTrust Universal CA 2 - thawte Primary Root CA - thawte Primary Root CA - G2 - thawte Primary Root CA - G3 - VeriSign Class 3 Public Primary Certification Authority - G4 - VeriSign Class 3 Public Primary Certification Authority - G5 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3784-1 Released: Wed Oct 26 18:03:28 2022 Summary: Security update for libtasn1 Type: security Severity: critical References: 1204690,CVE-2021-46848 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:37-1 Released: Fri Jan 6 15:35:49 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1206212,1206622 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022' and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2918-1 Released: Thu Jul 20 12:00:17 2023 Summary: Recommended update for gpgme Type: recommended Severity: moderate References: 1089497 This update for gpgme fixes the following issues: gpgme: - Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497) libassuan: - Version upgrade to 2.5.5 in LTSS to address gpgme new requirements ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2962-1 Released: Tue Jul 25 09:34:53 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3286-1 Released: Fri Aug 11 10:32:03 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1194900 This update for util-linux fixes the following issues: - Fix blkid for floppy drives (bsc#1194900) - Fix rpmbuild %checks fail when @ in the directory path (bsc#1194038) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3363-1 Released: Fri Aug 18 14:54:16 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3397-1 Released: Wed Aug 23 18:35:56 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213517,1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) - Don't pass zero length input to EVP_Cipher because s390x assembler optimized AES cannot handle zero size. (bsc#1213517) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3454-1 Released: Mon Aug 28 13:43:18 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1214248 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: - Atos TrustedRoot Root CA ECC G2 2020 - Atos TrustedRoot Root CA ECC TLS 2021 - Atos TrustedRoot Root CA RSA G2 2020 - Atos TrustedRoot Root CA RSA TLS 2021 - BJCA Global Root CA1 - BJCA Global Root CA2 - LAWtrust Root CA2 (4096) - Sectigo Public Email Protection Root E46 - Sectigo Public Email Protection Root R46 - Sectigo Public Server Authentication Root E46 - Sectigo Public Server Authentication Root R46 - SSL.com Client ECC Root CA 2022 - SSL.com Client RSA Root CA 2022 - SSL.com TLS ECC Root CA 2022 - SSL.com TLS RSA Root CA 2022 Removed CAs: - Chambers of Commerce Root - E-Tugra Certification Authority - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Hongkong Post Root CA 1 The following package changes have been done: - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - libuuid1-2.37.2-150400.8.20.1 updated - libudev1-249.16-150400.8.33.1 updated - libsmartcols1-2.37.2-150400.8.20.1 updated - libblkid1-2.37.2-150400.8.20.1 updated - libaudit1-3.0.6-150400.4.13.1 updated - libfdisk1-2.37.2-150400.8.20.1 updated - libassuan0-2.5.5-150000.4.5.2 updated - libsystemd0-249.16-150400.8.33.1 updated - libopenssl1_1-1.1.1l-150400.7.53.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.53.1 updated - libmount1-2.37.2-150400.8.20.1 updated - krb5-1.19.2-150400.3.6.1 updated - login_defs-4.8.1-150400.10.9.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - shadow-4.8.1-150400.10.9.1 updated - util-linux-2.37.2-150400.8.20.1 updated - libtasn1-6-4.13-150000.4.8.1 added - libtasn1-4.13-150000.4.8.1 added - crypto-policies-20210917.c9d86d1-150400.3.3.1 added - openssl-1_1-1.1.1l-150400.7.53.1 added - p11-kit-0.23.22-150400.1.10 added - p11-kit-tools-0.23.22-150400.1.10 added - ca-certificates-2+git20210309.21162a6-2.1 added - ca-certificates-mozilla-2.62-150200.30.1 added From sle-updates at lists.suse.com Fri Oct 20 10:10:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Oct 2023 12:10:05 +0200 (CEST) Subject: SUSE-CU-2023:3479-1: Security update of rancher/seedimage-builder Message-ID: <20231020101005.15EE8F417@maintenance.suse.de> SUSE Container Update Advisory: rancher/seedimage-builder ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3479-1 Container Tags : rancher/seedimage-builder:1.3.4 , rancher/seedimage-builder:1.3.4-3.2.1 , rancher/seedimage-builder:latest Container Release : 3.2.1 Severity : important Type : security References : 1089497 1186606 1194038 1194609 1194900 1206627 1208194 1208721 1209229 1209741 1210702 1210999 1211576 1211828 1212434 1213185 1213189 1213237 1213487 1213517 1213575 1213853 1213873 1214054 1214248 CVE-2023-31484 CVE-2023-32001 CVE-2023-3446 CVE-2023-36054 CVE-2023-3817 ----------------------------------------------------------------- The container rancher/seedimage-builder was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2918-1 Released: Thu Jul 20 12:00:17 2023 Summary: Recommended update for gpgme Type: recommended Severity: moderate References: 1089497 This update for gpgme fixes the following issues: gpgme: - Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497) libassuan: - Version upgrade to 2.5.5 in LTSS to address gpgme new requirements ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2962-1 Released: Tue Jul 25 09:34:53 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3286-1 Released: Fri Aug 11 10:32:03 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1194900 This update for util-linux fixes the following issues: - Fix blkid for floppy drives (bsc#1194900) - Fix rpmbuild %checks fail when @ in the directory path (bsc#1194038) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3363-1 Released: Fri Aug 18 14:54:16 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3397-1 Released: Wed Aug 23 18:35:56 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213517,1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) - Don't pass zero length input to EVP_Cipher because s390x assembler optimized AES cannot handle zero size. (bsc#1213517) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3454-1 Released: Mon Aug 28 13:43:18 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1214248 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: - Atos TrustedRoot Root CA ECC G2 2020 - Atos TrustedRoot Root CA ECC TLS 2021 - Atos TrustedRoot Root CA RSA G2 2020 - Atos TrustedRoot Root CA RSA TLS 2021 - BJCA Global Root CA1 - BJCA Global Root CA2 - LAWtrust Root CA2 (4096) - Sectigo Public Email Protection Root E46 - Sectigo Public Email Protection Root R46 - Sectigo Public Server Authentication Root E46 - Sectigo Public Server Authentication Root R46 - SSL.com Client ECC Root CA 2022 - SSL.com Client RSA Root CA 2022 - SSL.com TLS ECC Root CA 2022 - SSL.com TLS RSA Root CA 2022 Removed CAs: - Chambers of Commerce Root - E-Tugra Certification Authority - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Hongkong Post Root CA 1 The following package changes have been done: - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - libuuid1-2.37.2-150400.8.20.1 updated - libudev1-249.16-150400.8.33.1 updated - libsmartcols1-2.37.2-150400.8.20.1 updated - libblkid1-2.37.2-150400.8.20.1 updated - libaudit1-3.0.6-150400.4.13.1 updated - libfdisk1-2.37.2-150400.8.20.1 updated - libassuan0-2.5.5-150000.4.5.2 updated - libsystemd0-249.16-150400.8.33.1 updated - libopenssl1_1-1.1.1l-150400.7.53.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.53.1 updated - libmount1-2.37.2-150400.8.20.1 updated - krb5-1.19.2-150400.3.6.1 updated - login_defs-4.8.1-150400.10.9.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - shadow-4.8.1-150400.10.9.1 updated - util-linux-2.37.2-150400.8.20.1 updated - crypto-policies-20210917.c9d86d1-150400.3.3.1 updated - curl-8.0.1-150400.5.26.1 updated - openssl-1_1-1.1.1l-150400.7.53.1 updated - ca-certificates-mozilla-2.62-150200.30.1 updated From sle-updates at lists.suse.com Fri Oct 20 12:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Oct 2023 12:30:04 -0000 Subject: SUSE-RU-2023:4144-1: moderate: Recommended update for NetworkManager Message-ID: <169780500406.28145.11070973100762672530@smelt2.prg2.suse.org> # Recommended update for NetworkManager Announcement ID: SUSE-RU-2023:4144-1 Rating: moderate References: * bsc#1215003 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that has one fix can now be installed. ## Description: This update for NetworkManager fixes the following issue: * The typelib-1_0-NM package is shipped to the Server product instead of just the Workstation Extension, to allow use of firewalld from PackageHub. (bsc#1215003) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4144=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4144=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4144=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4144=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-4144=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * NetworkManager-debuginfo-1.0.12-13.14.1 * NetworkManager-1.0.12-13.14.1 * NetworkManager-debugsource-1.0.12-13.14.1 * NetworkManager-devel-1.0.12-13.14.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libnm-glib-vpn1-debuginfo-1.0.12-13.14.1 * libnm-util2-1.0.12-13.14.1 * libnm-util2-debuginfo-1.0.12-13.14.1 * typelib-1_0-NMClient-1_0-1.0.12-13.14.1 * libnm-glib4-1.0.12-13.14.1 * NetworkManager-debugsource-1.0.12-13.14.1 * libnm-glib4-debuginfo-1.0.12-13.14.1 * libnm0-debuginfo-1.0.12-13.14.1 * libnm0-1.0.12-13.14.1 * NetworkManager-debuginfo-1.0.12-13.14.1 * typelib-1_0-NM-1_0-1.0.12-13.14.1 * typelib-1_0-NetworkManager-1_0-1.0.12-13.14.1 * libnm-glib-vpn1-1.0.12-13.14.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libnm-glib-vpn1-debuginfo-1.0.12-13.14.1 * libnm-util2-1.0.12-13.14.1 * libnm-util2-debuginfo-1.0.12-13.14.1 * typelib-1_0-NMClient-1_0-1.0.12-13.14.1 * libnm-glib4-1.0.12-13.14.1 * NetworkManager-debugsource-1.0.12-13.14.1 * libnm-glib4-debuginfo-1.0.12-13.14.1 * libnm0-debuginfo-1.0.12-13.14.1 * libnm0-1.0.12-13.14.1 * NetworkManager-debuginfo-1.0.12-13.14.1 * typelib-1_0-NM-1_0-1.0.12-13.14.1 * typelib-1_0-NetworkManager-1_0-1.0.12-13.14.1 * libnm-glib-vpn1-1.0.12-13.14.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libnm-glib-vpn1-debuginfo-1.0.12-13.14.1 * libnm-util2-1.0.12-13.14.1 * libnm-util2-debuginfo-1.0.12-13.14.1 * typelib-1_0-NMClient-1_0-1.0.12-13.14.1 * libnm-glib4-1.0.12-13.14.1 * NetworkManager-debugsource-1.0.12-13.14.1 * libnm-glib4-debuginfo-1.0.12-13.14.1 * libnm0-debuginfo-1.0.12-13.14.1 * libnm0-1.0.12-13.14.1 * NetworkManager-debuginfo-1.0.12-13.14.1 * typelib-1_0-NM-1_0-1.0.12-13.14.1 * typelib-1_0-NetworkManager-1_0-1.0.12-13.14.1 * libnm-glib-vpn1-1.0.12-13.14.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * NetworkManager-debuginfo-1.0.12-13.14.1 * NetworkManager-1.0.12-13.14.1 * NetworkManager-debugsource-1.0.12-13.14.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (noarch) * NetworkManager-lang-1.0.12-13.14.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215003 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 20 12:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Oct 2023 12:30:07 -0000 Subject: SUSE-RU-2023:4143-1: moderate: Recommended update for brltty, harfbuzz, libcdr, libmspub, libreoffice, libzmf, tepl, vte Message-ID: <169780500705.28145.2654977072780004308@smelt2.prg2.suse.org> # Recommended update for brltty, harfbuzz, libcdr, libmspub, libreoffice, libzmf, tepl, vte Announcement ID: SUSE-RU-2023:4143-1 Rating: moderate References: * jsc#PED-6193 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that contains one feature can now be installed. ## Description: This update provides rebuilds of various packages against the newer icu73 to support GB18030-2023. This set contains libreoffice, various libraries used by libreoffice and GNOME, and brltty. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4143=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4143=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4143=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4143=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4143=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4143=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4143=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4143=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4143=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4143=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4143=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4143=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4143=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-4143=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4143=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libharfbuzz0-3.4.0-150400.3.8.1 * harfbuzz-debugsource-3.4.0-150400.3.8.1 * libharfbuzz-gobject0-3.4.0-150400.3.8.1 * libharfbuzz-gobject0-debuginfo-3.4.0-150400.3.8.1 * typelib-1_0-HarfBuzz-0_0-3.4.0-150400.3.8.1 * libharfbuzz0-debuginfo-3.4.0-150400.3.8.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * system-user-brltty-6.4-150400.4.5.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libharfbuzz0-3.4.0-150400.3.8.1 * harfbuzz-debugsource-3.4.0-150400.3.8.1 * libharfbuzz-gobject0-3.4.0-150400.3.8.1 * libharfbuzz-gobject0-debuginfo-3.4.0-150400.3.8.1 * typelib-1_0-HarfBuzz-0_0-3.4.0-150400.3.8.1 * libharfbuzz0-debuginfo-3.4.0-150400.3.8.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * system-user-brltty-6.4-150400.4.5.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libharfbuzz0-3.4.0-150400.3.8.1 * harfbuzz-debugsource-3.4.0-150400.3.8.1 * libharfbuzz-gobject0-3.4.0-150400.3.8.1 * libharfbuzz-gobject0-debuginfo-3.4.0-150400.3.8.1 * typelib-1_0-HarfBuzz-0_0-3.4.0-150400.3.8.1 * libharfbuzz0-debuginfo-3.4.0-150400.3.8.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * system-user-brltty-6.4-150400.4.5.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libharfbuzz0-3.4.0-150400.3.8.1 * harfbuzz-debugsource-3.4.0-150400.3.8.1 * libharfbuzz-gobject0-3.4.0-150400.3.8.1 * libharfbuzz-gobject0-debuginfo-3.4.0-150400.3.8.1 * typelib-1_0-HarfBuzz-0_0-3.4.0-150400.3.8.1 * libharfbuzz0-debuginfo-3.4.0-150400.3.8.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * system-user-brltty-6.4-150400.4.5.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * libharfbuzz0-3.4.0-150400.3.8.1 * harfbuzz-debugsource-3.4.0-150400.3.8.1 * libharfbuzz-gobject0-3.4.0-150400.3.8.1 * libharfbuzz-gobject0-debuginfo-3.4.0-150400.3.8.1 * typelib-1_0-HarfBuzz-0_0-3.4.0-150400.3.8.1 * libharfbuzz0-debuginfo-3.4.0-150400.3.8.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libharfbuzz0-3.4.0-150400.3.8.1 * libvte-2_91-0-0.66.2-150400.3.2.1 * libharfbuzz-icu0-3.4.0-150400.3.8.1 * vte-debugsource-0.66.2-150400.3.2.1 * python3-brlapi-6.4-150400.4.5.1 * brlapi-devel-6.4-150400.4.5.1 * vte-debuginfo-0.66.2-150400.3.2.1 * typelib-1_0-HarfBuzz-0_0-3.4.0-150400.3.8.1 * brltty-debuginfo-6.4-150400.4.5.1 * harfbuzz-debugsource-3.4.0-150400.3.8.1 * libharfbuzz-subset0-3.4.0-150400.3.8.1 * harfbuzz-devel-3.4.0-150400.3.8.1 * libharfbuzz-gobject0-3.4.0-150400.3.8.1 * libharfbuzz-icu0-debuginfo-3.4.0-150400.3.8.1 * libbrlapi0_8-debuginfo-6.4-150400.4.5.1 * libvte-2_91-0-debuginfo-0.66.2-150400.3.2.1 * libharfbuzz-subset0-debuginfo-3.4.0-150400.3.8.1 * brltty-debugsource-6.4-150400.4.5.1 * libharfbuzz0-debuginfo-3.4.0-150400.3.8.1 * python3-brlapi-debuginfo-6.4-150400.4.5.1 * typelib-1_0-Vte-2.91-0.66.2-150400.3.2.1 * libbrlapi0_8-6.4-150400.4.5.1 * libharfbuzz-gobject0-debuginfo-3.4.0-150400.3.8.1 * Basesystem Module 15-SP4 (noarch) * system-user-brltty-6.4-150400.4.5.1 * Basesystem Module 15-SP4 (x86_64) * libharfbuzz0-32bit-debuginfo-3.4.0-150400.3.8.1 * libharfbuzz0-32bit-3.4.0-150400.3.8.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libharfbuzz0-3.4.0-150400.3.8.1 * libvte-2_91-0-0.66.2-150400.3.2.1 * libharfbuzz-icu0-3.4.0-150400.3.8.1 * vte-debugsource-0.66.2-150400.3.2.1 * python3-brlapi-6.4-150400.4.5.1 * brlapi-devel-6.4-150400.4.5.1 * vte-debuginfo-0.66.2-150400.3.2.1 * typelib-1_0-HarfBuzz-0_0-3.4.0-150400.3.8.1 * brltty-debuginfo-6.4-150400.4.5.1 * harfbuzz-debugsource-3.4.0-150400.3.8.1 * libharfbuzz-subset0-3.4.0-150400.3.8.1 * harfbuzz-devel-3.4.0-150400.3.8.1 * libharfbuzz-gobject0-3.4.0-150400.3.8.1 * libharfbuzz-icu0-debuginfo-3.4.0-150400.3.8.1 * libbrlapi0_8-debuginfo-6.4-150400.4.5.1 * libvte-2_91-0-debuginfo-0.66.2-150400.3.2.1 * libharfbuzz-subset0-debuginfo-3.4.0-150400.3.8.1 * brltty-debugsource-6.4-150400.4.5.1 * libharfbuzz0-debuginfo-3.4.0-150400.3.8.1 * python3-brlapi-debuginfo-6.4-150400.4.5.1 * typelib-1_0-Vte-2.91-0.66.2-150400.3.2.1 * libbrlapi0_8-6.4-150400.4.5.1 * libharfbuzz-gobject0-debuginfo-3.4.0-150400.3.8.1 * Basesystem Module 15-SP5 (noarch) * system-user-brltty-6.4-150400.4.5.1 * Basesystem Module 15-SP5 (x86_64) * libharfbuzz0-32bit-debuginfo-3.4.0-150400.3.8.1 * libharfbuzz0-32bit-3.4.0-150400.3.8.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * brltty-debuginfo-6.4-150400.4.5.1 * libtepl-6-0-debuginfo-6.00.0-150400.3.2.1 * typelib-1_0-Tepl-6-6.00.0-150400.3.2.1 * brltty-driver-speech-dispatcher-6.4-150400.4.5.1 * vte-debugsource-0.66.2-150400.3.2.1 * tepl-debugsource-6.00.0-150400.3.2.1 * vte-devel-0.66.2-150400.3.2.1 * brltty-driver-brlapi-debuginfo-6.4-150400.4.5.1 * brltty-driver-at-spi2-6.4-150400.4.5.1 * brltty-debugsource-6.4-150400.4.5.1 * libtepl-6-0-6.00.0-150400.3.2.1 * tepl-devel-6.00.0-150400.3.2.1 * vte-debuginfo-0.66.2-150400.3.2.1 * brltty-driver-brlapi-6.4-150400.4.5.1 * brltty-driver-speech-dispatcher-debuginfo-6.4-150400.4.5.1 * brltty-driver-at-spi2-debuginfo-6.4-150400.4.5.1 * brltty-6.4-150400.4.5.1 * Desktop Applications Module 15-SP4 (noarch) * vte-lang-0.66.2-150400.3.2.1 * brltty-lang-6.4-150400.4.5.1 * system-user-brltty-6.4-150400.4.5.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * brltty-debuginfo-6.4-150400.4.5.1 * libtepl-6-0-debuginfo-6.00.0-150400.3.2.1 * typelib-1_0-Tepl-6-6.00.0-150400.3.2.1 * brltty-driver-speech-dispatcher-6.4-150400.4.5.1 * vte-debugsource-0.66.2-150400.3.2.1 * tepl-debugsource-6.00.0-150400.3.2.1 * vte-devel-0.66.2-150400.3.2.1 * brltty-driver-brlapi-debuginfo-6.4-150400.4.5.1 * brltty-driver-at-spi2-6.4-150400.4.5.1 * brltty-debugsource-6.4-150400.4.5.1 * libtepl-6-0-6.00.0-150400.3.2.1 * tepl-devel-6.00.0-150400.3.2.1 * vte-debuginfo-0.66.2-150400.3.2.1 * brltty-driver-brlapi-6.4-150400.4.5.1 * brltty-driver-speech-dispatcher-debuginfo-6.4-150400.4.5.1 * brltty-driver-at-spi2-debuginfo-6.4-150400.4.5.1 * brltty-6.4-150400.4.5.1 * Desktop Applications Module 15-SP5 (noarch) * vte-lang-0.66.2-150400.3.2.1 * brltty-lang-6.4-150400.4.5.1 * system-user-brltty-6.4-150400.4.5.1 * Development Tools Module 15-SP4 (noarch) * system-user-brltty-6.4-150400.4.5.1 * Development Tools Module 15-SP5 (noarch) * system-user-brltty-6.4-150400.4.5.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x) * freerdp-debuginfo-2.4.0-150400.3.20.1 * libcdr-devel-0.1.4-150200.9.6.1 * freerdp-debugsource-2.4.0-150400.3.20.1 * libzmf-debuginfo-0.0.2-150200.9.2.1 * libmspub-devel-0.1.4-150200.9.2.1 * libmspub-0_1-1-debuginfo-0.1.4-150200.9.2.1 * libzmf-0_0-0-debuginfo-0.0.2-150200.9.2.1 * libcdr-0_1-1-debuginfo-0.1.4-150200.9.6.1 * freerdp-devel-2.4.0-150400.3.20.1 * libmspub-debuginfo-0.1.4-150200.9.2.1 * libmspub-tools-debuginfo-0.1.4-150200.9.2.1 * libmspub-tools-0.1.4-150200.9.2.1 * libmspub-0_1-1-0.1.4-150200.9.2.1 * freerdp-2.4.0-150400.3.20.1 * libwinpr2-2.4.0-150400.3.20.1 * libzmf-tools-0.0.2-150200.9.2.1 * libzmf-debugsource-0.0.2-150200.9.2.1 * libwinpr2-debuginfo-2.4.0-150400.3.20.1 * libmspub-debugsource-0.1.4-150200.9.2.1 * libcdr-debuginfo-0.1.4-150200.9.6.1 * libzmf-tools-debuginfo-0.0.2-150200.9.2.1 * libfreerdp2-debuginfo-2.4.0-150400.3.20.1 * libcdr-tools-debuginfo-0.1.4-150200.9.6.1 * freerdp-proxy-2.4.0-150400.3.20.1 * libfreerdp2-2.4.0-150400.3.20.1 * libzmf-devel-0.0.2-150200.9.2.1 * libcdr-0_1-1-0.1.4-150200.9.6.1 * freerdp-proxy-debuginfo-2.4.0-150400.3.20.1 * libzmf-0_0-0-0.0.2-150200.9.2.1 * libcdr-tools-0.1.4-150200.9.6.1 * libcdr-debugsource-0.1.4-150200.9.6.1 * winpr2-devel-2.4.0-150400.3.20.1 * SUSE Package Hub 15 15-SP4 (noarch) * libreoffice-l10n-en-7.5.4.1-150400.17.14.1 * libreoffice-l10n-nb-7.5.4.1-150400.17.14.1 * libzmf-devel-doc-0.0.2-150200.9.2.1 * libreoffice-l10n-hu-7.5.4.1-150400.17.14.1 * libreoffice-l10n-lo-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ar-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ko-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ve-7.5.4.1-150400.17.14.1 * libreoffice-l10n-gl-7.5.4.1-150400.17.14.1 * libreoffice-l10n-he-7.5.4.1-150400.17.14.1 * libreoffice-l10n-mni-7.5.4.1-150400.17.14.1 * libreoffice-l10n-sv-7.5.4.1-150400.17.14.1 * libreoffice-l10n-da-7.5.4.1-150400.17.14.1 * libreoffice-l10n-cs-7.5.4.1-150400.17.14.1 * libreoffice-l10n-en_GB-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ss-7.5.4.1-150400.17.14.1 * libreoffice-l10n-hr-7.5.4.1-150400.17.14.1 * libreoffice-l10n-zh_CN-7.5.4.1-150400.17.14.1 * libreoffice-l10n-id-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ml-7.5.4.1-150400.17.14.1 * libreoffice-icon-themes-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ga-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ks-7.5.4.1-150400.17.14.1 * libreoffice-l10n-pt_PT-7.5.4.1-150400.17.14.1 * libreoffice-l10n-el-7.5.4.1-150400.17.14.1 * libreoffice-l10n-tn-7.5.4.1-150400.17.14.1 * libreoffice-l10n-fi-7.5.4.1-150400.17.14.1 * libreoffice-l10n-fr-7.5.4.1-150400.17.14.1 * libreoffice-l10n-my-7.5.4.1-150400.17.14.1 * libreoffice-l10n-dz-7.5.4.1-150400.17.14.1 * libreoffice-l10n-as-7.5.4.1-150400.17.14.1 * libreoffice-l10n-sat-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ca-7.5.4.1-150400.17.14.1 * libreoffice-l10n-gu-7.5.4.1-150400.17.14.1 * libreoffice-l10n-eo-7.5.4.1-150400.17.14.1 * libreoffice-l10n-sq-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ro-7.5.4.1-150400.17.14.1 * libreoffice-l10n-tr-7.5.4.1-150400.17.14.1 * libreoffice-l10n-mr-7.5.4.1-150400.17.14.1 * libreoffice-l10n-es-7.5.4.1-150400.17.14.1 * libreoffice-l10n-rw-7.5.4.1-150400.17.14.1 * libreoffice-l10n-te-7.5.4.1-150400.17.14.1 * libreoffice-l10n-mai-7.5.4.1-150400.17.14.1 * libreoffice-l10n-pt_BR-7.5.4.1-150400.17.14.1 * libmspub-devel-doc-0.1.4-150200.9.2.1 * libreoffice-l10n-oc-7.5.4.1-150400.17.14.1 * libreoffice-l10n-th-7.5.4.1-150400.17.14.1 * libreoffice-l10n-mn-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ug-7.5.4.1-150400.17.14.1 * libreoffice-l10n-km-7.5.4.1-150400.17.14.1 * libreoffice-l10n-zh_TW-7.5.4.1-150400.17.14.1 * libreoffice-l10n-bn-7.5.4.1-150400.17.14.1 * libreoffice-l10n-mk-7.5.4.1-150400.17.14.1 * libreoffice-l10n-pa-7.5.4.1-150400.17.14.1 * libreoffice-l10n-fur-7.5.4.1-150400.17.14.1 * libreoffice-l10n-bo-7.5.4.1-150400.17.14.1 * libreoffice-l10n-kok-7.5.4.1-150400.17.14.1 * libreoffice-glade-7.5.4.1-150400.17.14.1 * libreoffice-l10n-kab-7.5.4.1-150400.17.14.1 * libreoffice-l10n-vi-7.5.4.1-150400.17.14.1 * libreoffice-l10n-lv-7.5.4.1-150400.17.14.1 * libreoffice-l10n-br-7.5.4.1-150400.17.14.1 * libreoffice-l10n-dsb-7.5.4.1-150400.17.14.1 * libreoffice-l10n-vec-7.5.4.1-150400.17.14.1 * libreoffice-l10n-szl-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ta-7.5.4.1-150400.17.14.1 * libreoffice-l10n-sk-7.5.4.1-150400.17.14.1 * libreoffice-l10n-sid-7.5.4.1-150400.17.14.1 * libreoffice-l10n-sw_TZ-7.5.4.1-150400.17.14.1 * libreoffice-l10n-nl-7.5.4.1-150400.17.14.1 * libreoffice-l10n-st-7.5.4.1-150400.17.14.1 * libreoffice-l10n-be-7.5.4.1-150400.17.14.1 * libcdr-devel-doc-0.1.4-150200.9.6.1 * libreoffice-l10n-tg-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ja-7.5.4.1-150400.17.14.1 * libreoffice-l10n-si-7.5.4.1-150400.17.14.1 * libreoffice-l10n-sl-7.5.4.1-150400.17.14.1 * libreoffice-l10n-tt-7.5.4.1-150400.17.14.1 * libreoffice-l10n-kn-7.5.4.1-150400.17.14.1 * libreoffice-l10n-nso-7.5.4.1-150400.17.14.1 * libreoffice-l10n-dgo-7.5.4.1-150400.17.14.1 * libreoffice-l10n-om-7.5.4.1-150400.17.14.1 * libreoffice-l10n-eu-7.5.4.1-150400.17.14.1 * libreoffice-l10n-pl-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ts-7.5.4.1-150400.17.14.1 * libreoffice-l10n-am-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ckb-7.5.4.1-150400.17.14.1 * libreoffice-l10n-nn-7.5.4.1-150400.17.14.1 * libreoffice-l10n-hi-7.5.4.1-150400.17.14.1 * libreoffice-l10n-de-7.5.4.1-150400.17.14.1 * libreoffice-branding-upstream-7.5.4.1-150400.17.14.1 * libreoffice-l10n-fy-7.5.4.1-150400.17.14.1 * libreoffice-l10n-sd-7.5.4.1-150400.17.14.1 * libreoffice-l10n-kk-7.5.4.1-150400.17.14.1 * libreoffice-l10n-brx-7.5.4.1-150400.17.14.1 * libreoffice-l10n-uz-7.5.4.1-150400.17.14.1 * libreoffice-l10n-bs-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ca_valencia-7.5.4.1-150400.17.14.1 * libreoffice-l10n-is-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ru-7.5.4.1-150400.17.14.1 * libreoffice-l10n-gug-7.5.4.1-150400.17.14.1 * libreoffice-l10n-bn_IN-7.5.4.1-150400.17.14.1 * libreoffice-l10n-kmr_Latn-7.5.4.1-150400.17.14.1 * libreoffice-l10n-hsb-7.5.4.1-150400.17.14.1 * libreoffice-l10n-bg-7.5.4.1-150400.17.14.1 * libreoffice-l10n-fa-7.5.4.1-150400.17.14.1 * libreoffice-l10n-lb-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ast-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ne-7.5.4.1-150400.17.14.1 * libreoffice-l10n-cy-7.5.4.1-150400.17.14.1 * libreoffice-l10n-it-7.5.4.1-150400.17.14.1 * libreoffice-l10n-gd-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ka-7.5.4.1-150400.17.14.1 * libreoffice-l10n-zu-7.5.4.1-150400.17.14.1 * libreoffice-gdb-pretty-printers-7.5.4.1-150400.17.14.1 * libreoffice-l10n-sr-7.5.4.1-150400.17.14.1 * libreoffice-l10n-af-7.5.4.1-150400.17.14.1 * libreoffice-l10n-nr-7.5.4.1-150400.17.14.1 * libreoffice-l10n-et-7.5.4.1-150400.17.14.1 * libreoffice-l10n-uk-7.5.4.1-150400.17.14.1 * libreoffice-l10n-xh-7.5.4.1-150400.17.14.1 * libreoffice-l10n-en_ZA-7.5.4.1-150400.17.14.1 * libreoffice-l10n-lt-7.5.4.1-150400.17.14.1 * libreoffice-l10n-sa_IN-7.5.4.1-150400.17.14.1 * libreoffice-l10n-or-7.5.4.1-150400.17.14.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le) * libreoffice-gnome-debuginfo-7.5.4.1-150400.17.14.1 * libreoffice-mailmerge-7.5.4.1-150400.17.14.1 * libreoffice-officebean-7.5.4.1-150400.17.14.1 * libreofficekit-7.5.4.1-150400.17.14.1 * libreoffice-draw-7.5.4.1-150400.17.14.1 * libreoffice-impress-7.5.4.1-150400.17.14.1 * libreoffice-writer-debuginfo-7.5.4.1-150400.17.14.1 * libreoffice-sdk-debuginfo-7.5.4.1-150400.17.14.1 * libreoffice-math-7.5.4.1-150400.17.14.1 * libreoffice-writer-extensions-7.5.4.1-150400.17.14.1 * libreoffice-base-debuginfo-7.5.4.1-150400.17.14.1 * libreoffice-sdk-7.5.4.1-150400.17.14.1 * libreoffice-librelogo-7.5.4.1-150400.17.14.1 * libreoffice-gnome-7.5.4.1-150400.17.14.1 * libreofficekit-devel-7.5.4.1-150400.17.14.1 * libreoffice-officebean-debuginfo-7.5.4.1-150400.17.14.1 * libreoffice-qt5-7.5.4.1-150400.17.14.1 * libreoffice-base-drivers-postgresql-7.5.4.1-150400.17.14.1 * libreoffice-gtk3-7.5.4.1-150400.17.14.1 * libreoffice-7.5.4.1-150400.17.14.1 * libreoffice-base-7.5.4.1-150400.17.14.1 * libreoffice-calc-debuginfo-7.5.4.1-150400.17.14.1 * libreoffice-math-debuginfo-7.5.4.1-150400.17.14.1 * libreoffice-filters-optional-7.5.4.1-150400.17.14.1 * libreoffice-pyuno-debuginfo-7.5.4.1-150400.17.14.1 * libreoffice-calc-7.5.4.1-150400.17.14.1 * libreoffice-gtk3-debuginfo-7.5.4.1-150400.17.14.1 * libreoffice-debugsource-7.5.4.1-150400.17.14.1 * libreoffice-base-drivers-postgresql-debuginfo-7.5.4.1-150400.17.14.1 * libreoffice-writer-7.5.4.1-150400.17.14.1 * libreoffice-debuginfo-7.5.4.1-150400.17.14.1 * libreoffice-calc-extensions-7.5.4.1-150400.17.14.1 * libreoffice-draw-debuginfo-7.5.4.1-150400.17.14.1 * libreoffice-sdk-doc-7.5.4.1-150400.17.14.1 * libreoffice-qt5-debuginfo-7.5.4.1-150400.17.14.1 * libreoffice-impress-debuginfo-7.5.4.1-150400.17.14.1 * libreoffice-pyuno-7.5.4.1-150400.17.14.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x) * freerdp-debuginfo-2.4.0-150400.3.20.1 * libcdr-devel-0.1.4-150200.9.6.1 * freerdp-debugsource-2.4.0-150400.3.20.1 * libzmf-debuginfo-0.0.2-150200.9.2.1 * freerdp-wayland-debuginfo-2.4.0-150400.3.20.1 * libmspub-devel-0.1.4-150200.9.2.1 * libmspub-0_1-1-debuginfo-0.1.4-150200.9.2.1 * libzmf-0_0-0-debuginfo-0.0.2-150200.9.2.1 * libcdr-0_1-1-debuginfo-0.1.4-150200.9.6.1 * freerdp-devel-2.4.0-150400.3.20.1 * libmspub-debuginfo-0.1.4-150200.9.2.1 * freerdp-wayland-2.4.0-150400.3.20.1 * libmspub-tools-debuginfo-0.1.4-150200.9.2.1 * libmspub-tools-0.1.4-150200.9.2.1 * libmspub-0_1-1-0.1.4-150200.9.2.1 * freerdp-2.4.0-150400.3.20.1 * libwinpr2-2.4.0-150400.3.20.1 * libzmf-tools-0.0.2-150200.9.2.1 * libzmf-debugsource-0.0.2-150200.9.2.1 * uwac0-0-devel-2.4.0-150400.3.20.1 * libwinpr2-debuginfo-2.4.0-150400.3.20.1 * winpr2-devel-2.4.0-150400.3.20.1 * libmspub-debugsource-0.1.4-150200.9.2.1 * libcdr-debuginfo-0.1.4-150200.9.6.1 * libuwac0-0-debuginfo-2.4.0-150400.3.20.1 * libzmf-tools-debuginfo-0.0.2-150200.9.2.1 * libfreerdp2-debuginfo-2.4.0-150400.3.20.1 * libcdr-tools-debuginfo-0.1.4-150200.9.6.1 * freerdp-proxy-2.4.0-150400.3.20.1 * freerdp-server-2.4.0-150400.3.20.1 * libfreerdp2-2.4.0-150400.3.20.1 * libzmf-devel-0.0.2-150200.9.2.1 * libcdr-0_1-1-0.1.4-150200.9.6.1 * freerdp-proxy-debuginfo-2.4.0-150400.3.20.1 * libzmf-0_0-0-0.0.2-150200.9.2.1 * libcdr-tools-0.1.4-150200.9.6.1 * libuwac0-0-2.4.0-150400.3.20.1 * libcdr-debugsource-0.1.4-150200.9.6.1 * freerdp-server-debuginfo-2.4.0-150400.3.20.1 * SUSE Package Hub 15 15-SP5 (noarch) * libreoffice-l10n-en-7.5.4.1-150400.17.14.1 * libreoffice-l10n-nb-7.5.4.1-150400.17.14.1 * libzmf-devel-doc-0.0.2-150200.9.2.1 * libreoffice-l10n-hu-7.5.4.1-150400.17.14.1 * libreoffice-l10n-lo-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ar-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ko-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ve-7.5.4.1-150400.17.14.1 * libreoffice-l10n-gl-7.5.4.1-150400.17.14.1 * libreoffice-l10n-he-7.5.4.1-150400.17.14.1 * libreoffice-l10n-mni-7.5.4.1-150400.17.14.1 * libreoffice-l10n-sv-7.5.4.1-150400.17.14.1 * libreoffice-l10n-da-7.5.4.1-150400.17.14.1 * libreoffice-l10n-cs-7.5.4.1-150400.17.14.1 * libreoffice-l10n-en_GB-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ss-7.5.4.1-150400.17.14.1 * libreoffice-l10n-hr-7.5.4.1-150400.17.14.1 * libreoffice-l10n-zh_CN-7.5.4.1-150400.17.14.1 * libreoffice-l10n-id-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ml-7.5.4.1-150400.17.14.1 * libreoffice-icon-themes-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ga-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ks-7.5.4.1-150400.17.14.1 * libreoffice-l10n-pt_PT-7.5.4.1-150400.17.14.1 * libreoffice-l10n-el-7.5.4.1-150400.17.14.1 * libreoffice-l10n-tn-7.5.4.1-150400.17.14.1 * libreoffice-l10n-fi-7.5.4.1-150400.17.14.1 * libreoffice-l10n-fr-7.5.4.1-150400.17.14.1 * libreoffice-l10n-my-7.5.4.1-150400.17.14.1 * libreoffice-l10n-dz-7.5.4.1-150400.17.14.1 * libreoffice-l10n-as-7.5.4.1-150400.17.14.1 * libreoffice-l10n-sat-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ca-7.5.4.1-150400.17.14.1 * libreoffice-l10n-gu-7.5.4.1-150400.17.14.1 * libreoffice-l10n-eo-7.5.4.1-150400.17.14.1 * libreoffice-l10n-sq-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ro-7.5.4.1-150400.17.14.1 * libreoffice-l10n-tr-7.5.4.1-150400.17.14.1 * libreoffice-l10n-mr-7.5.4.1-150400.17.14.1 * libreoffice-l10n-es-7.5.4.1-150400.17.14.1 * libreoffice-l10n-rw-7.5.4.1-150400.17.14.1 * libreoffice-l10n-te-7.5.4.1-150400.17.14.1 * libreoffice-l10n-mai-7.5.4.1-150400.17.14.1 * libreoffice-l10n-pt_BR-7.5.4.1-150400.17.14.1 * libmspub-devel-doc-0.1.4-150200.9.2.1 * libreoffice-l10n-oc-7.5.4.1-150400.17.14.1 * libreoffice-l10n-th-7.5.4.1-150400.17.14.1 * libreoffice-l10n-mn-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ug-7.5.4.1-150400.17.14.1 * libreoffice-l10n-km-7.5.4.1-150400.17.14.1 * libreoffice-l10n-zh_TW-7.5.4.1-150400.17.14.1 * libreoffice-l10n-bn-7.5.4.1-150400.17.14.1 * libreoffice-l10n-mk-7.5.4.1-150400.17.14.1 * libreoffice-l10n-pa-7.5.4.1-150400.17.14.1 * libreoffice-l10n-fur-7.5.4.1-150400.17.14.1 * libreoffice-l10n-bo-7.5.4.1-150400.17.14.1 * libreoffice-l10n-kok-7.5.4.1-150400.17.14.1 * libreoffice-glade-7.5.4.1-150400.17.14.1 * libreoffice-l10n-kab-7.5.4.1-150400.17.14.1 * libreoffice-l10n-vi-7.5.4.1-150400.17.14.1 * libreoffice-l10n-lv-7.5.4.1-150400.17.14.1 * libreoffice-l10n-br-7.5.4.1-150400.17.14.1 * libreoffice-l10n-dsb-7.5.4.1-150400.17.14.1 * libreoffice-l10n-vec-7.5.4.1-150400.17.14.1 * libreoffice-l10n-szl-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ta-7.5.4.1-150400.17.14.1 * libreoffice-l10n-sk-7.5.4.1-150400.17.14.1 * libreoffice-l10n-sid-7.5.4.1-150400.17.14.1 * libreoffice-l10n-sw_TZ-7.5.4.1-150400.17.14.1 * libreoffice-l10n-nl-7.5.4.1-150400.17.14.1 * libreoffice-l10n-st-7.5.4.1-150400.17.14.1 * libreoffice-l10n-be-7.5.4.1-150400.17.14.1 * libcdr-devel-doc-0.1.4-150200.9.6.1 * libreoffice-l10n-tg-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ja-7.5.4.1-150400.17.14.1 * libreoffice-l10n-si-7.5.4.1-150400.17.14.1 * libreoffice-l10n-sl-7.5.4.1-150400.17.14.1 * libreoffice-l10n-tt-7.5.4.1-150400.17.14.1 * libreoffice-l10n-kn-7.5.4.1-150400.17.14.1 * libreoffice-l10n-nso-7.5.4.1-150400.17.14.1 * libreoffice-l10n-dgo-7.5.4.1-150400.17.14.1 * libreoffice-l10n-om-7.5.4.1-150400.17.14.1 * libreoffice-l10n-eu-7.5.4.1-150400.17.14.1 * libreoffice-l10n-pl-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ts-7.5.4.1-150400.17.14.1 * libreoffice-l10n-am-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ckb-7.5.4.1-150400.17.14.1 * libreoffice-l10n-nn-7.5.4.1-150400.17.14.1 * libreoffice-l10n-hi-7.5.4.1-150400.17.14.1 * libreoffice-l10n-de-7.5.4.1-150400.17.14.1 * libreoffice-branding-upstream-7.5.4.1-150400.17.14.1 * libreoffice-l10n-fy-7.5.4.1-150400.17.14.1 * libreoffice-l10n-sd-7.5.4.1-150400.17.14.1 * libreoffice-l10n-kk-7.5.4.1-150400.17.14.1 * libreoffice-l10n-brx-7.5.4.1-150400.17.14.1 * libreoffice-l10n-uz-7.5.4.1-150400.17.14.1 * libreoffice-l10n-bs-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ca_valencia-7.5.4.1-150400.17.14.1 * libreoffice-l10n-is-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ru-7.5.4.1-150400.17.14.1 * libreoffice-l10n-gug-7.5.4.1-150400.17.14.1 * libreoffice-l10n-bn_IN-7.5.4.1-150400.17.14.1 * libreoffice-l10n-kmr_Latn-7.5.4.1-150400.17.14.1 * libreoffice-l10n-hsb-7.5.4.1-150400.17.14.1 * libreoffice-l10n-bg-7.5.4.1-150400.17.14.1 * libreoffice-l10n-fa-7.5.4.1-150400.17.14.1 * libreoffice-l10n-lb-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ast-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ne-7.5.4.1-150400.17.14.1 * libreoffice-l10n-cy-7.5.4.1-150400.17.14.1 * libreoffice-l10n-it-7.5.4.1-150400.17.14.1 * libreoffice-l10n-gd-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ka-7.5.4.1-150400.17.14.1 * libreoffice-l10n-zu-7.5.4.1-150400.17.14.1 * libreoffice-gdb-pretty-printers-7.5.4.1-150400.17.14.1 * libreoffice-l10n-sr-7.5.4.1-150400.17.14.1 * libreoffice-l10n-af-7.5.4.1-150400.17.14.1 * libreoffice-l10n-nr-7.5.4.1-150400.17.14.1 * libreoffice-l10n-et-7.5.4.1-150400.17.14.1 * libreoffice-l10n-uk-7.5.4.1-150400.17.14.1 * libreoffice-l10n-xh-7.5.4.1-150400.17.14.1 * libreoffice-l10n-en_ZA-7.5.4.1-150400.17.14.1 * libreoffice-l10n-lt-7.5.4.1-150400.17.14.1 * libreoffice-l10n-sa_IN-7.5.4.1-150400.17.14.1 * libreoffice-l10n-or-7.5.4.1-150400.17.14.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le) * libreoffice-gnome-debuginfo-7.5.4.1-150400.17.14.1 * libreoffice-mailmerge-7.5.4.1-150400.17.14.1 * libreoffice-officebean-7.5.4.1-150400.17.14.1 * libreofficekit-7.5.4.1-150400.17.14.1 * libreoffice-draw-7.5.4.1-150400.17.14.1 * libreoffice-impress-7.5.4.1-150400.17.14.1 * libreoffice-writer-debuginfo-7.5.4.1-150400.17.14.1 * libreoffice-sdk-debuginfo-7.5.4.1-150400.17.14.1 * libreoffice-math-7.5.4.1-150400.17.14.1 * libreoffice-writer-extensions-7.5.4.1-150400.17.14.1 * libreoffice-base-debuginfo-7.5.4.1-150400.17.14.1 * libreoffice-sdk-7.5.4.1-150400.17.14.1 * libreoffice-librelogo-7.5.4.1-150400.17.14.1 * libreoffice-gnome-7.5.4.1-150400.17.14.1 * libreofficekit-devel-7.5.4.1-150400.17.14.1 * libreoffice-officebean-debuginfo-7.5.4.1-150400.17.14.1 * libreoffice-qt5-7.5.4.1-150400.17.14.1 * libreoffice-base-drivers-postgresql-7.5.4.1-150400.17.14.1 * libreoffice-gtk3-7.5.4.1-150400.17.14.1 * libreoffice-7.5.4.1-150400.17.14.1 * libreoffice-base-7.5.4.1-150400.17.14.1 * libreoffice-calc-debuginfo-7.5.4.1-150400.17.14.1 * libreoffice-math-debuginfo-7.5.4.1-150400.17.14.1 * libreoffice-filters-optional-7.5.4.1-150400.17.14.1 * libreoffice-pyuno-debuginfo-7.5.4.1-150400.17.14.1 * libreoffice-calc-7.5.4.1-150400.17.14.1 * libreoffice-gtk3-debuginfo-7.5.4.1-150400.17.14.1 * libreoffice-debugsource-7.5.4.1-150400.17.14.1 * libreoffice-base-drivers-postgresql-debuginfo-7.5.4.1-150400.17.14.1 * libreoffice-writer-7.5.4.1-150400.17.14.1 * libreoffice-debuginfo-7.5.4.1-150400.17.14.1 * libreoffice-calc-extensions-7.5.4.1-150400.17.14.1 * libreoffice-draw-debuginfo-7.5.4.1-150400.17.14.1 * libreoffice-sdk-doc-7.5.4.1-150400.17.14.1 * libreoffice-qt5-debuginfo-7.5.4.1-150400.17.14.1 * libreoffice-impress-debuginfo-7.5.4.1-150400.17.14.1 * libreoffice-pyuno-7.5.4.1-150400.17.14.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * libreoffice-gnome-debuginfo-7.5.4.1-150400.17.14.1 * libreoffice-mailmerge-7.5.4.1-150400.17.14.1 * freerdp-debuginfo-2.4.0-150400.3.20.1 * libcdr-devel-0.1.4-150200.9.6.1 * libreoffice-officebean-7.5.4.1-150400.17.14.1 * freerdp-debugsource-2.4.0-150400.3.20.1 * libreofficekit-7.5.4.1-150400.17.14.1 * libreoffice-draw-7.5.4.1-150400.17.14.1 * libreoffice-impress-7.5.4.1-150400.17.14.1 * libzmf-debuginfo-0.0.2-150200.9.2.1 * libreoffice-writer-debuginfo-7.5.4.1-150400.17.14.1 * libmspub-devel-0.1.4-150200.9.2.1 * libreoffice-math-7.5.4.1-150400.17.14.1 * libreoffice-writer-extensions-7.5.4.1-150400.17.14.1 * libmspub-0_1-1-debuginfo-0.1.4-150200.9.2.1 * libreoffice-base-debuginfo-7.5.4.1-150400.17.14.1 * libcdr-0_1-1-debuginfo-0.1.4-150200.9.6.1 * libzmf-0_0-0-debuginfo-0.0.2-150200.9.2.1 * freerdp-devel-2.4.0-150400.3.20.1 * libreoffice-gnome-7.5.4.1-150400.17.14.1 * libmspub-debuginfo-0.1.4-150200.9.2.1 * libreoffice-officebean-debuginfo-7.5.4.1-150400.17.14.1 * libreoffice-base-drivers-postgresql-7.5.4.1-150400.17.14.1 * libreoffice-gtk3-7.5.4.1-150400.17.14.1 * libmspub-0_1-1-0.1.4-150200.9.2.1 * freerdp-2.4.0-150400.3.20.1 * libwinpr2-2.4.0-150400.3.20.1 * libreoffice-7.5.4.1-150400.17.14.1 * libzmf-debugsource-0.0.2-150200.9.2.1 * libreoffice-base-7.5.4.1-150400.17.14.1 * libreoffice-calc-debuginfo-7.5.4.1-150400.17.14.1 * libreoffice-math-debuginfo-7.5.4.1-150400.17.14.1 * libwinpr2-debuginfo-2.4.0-150400.3.20.1 * libreoffice-filters-optional-7.5.4.1-150400.17.14.1 * libreoffice-pyuno-debuginfo-7.5.4.1-150400.17.14.1 * libmspub-debugsource-0.1.4-150200.9.2.1 * libreoffice-calc-7.5.4.1-150400.17.14.1 * libreoffice-gtk3-debuginfo-7.5.4.1-150400.17.14.1 * libcdr-debuginfo-0.1.4-150200.9.6.1 * libreoffice-debugsource-7.5.4.1-150400.17.14.1 * libreoffice-base-drivers-postgresql-debuginfo-7.5.4.1-150400.17.14.1 * libreoffice-writer-7.5.4.1-150400.17.14.1 * libfreerdp2-debuginfo-2.4.0-150400.3.20.1 * libreoffice-debuginfo-7.5.4.1-150400.17.14.1 * freerdp-proxy-2.4.0-150400.3.20.1 * libreoffice-calc-extensions-7.5.4.1-150400.17.14.1 * libfreerdp2-2.4.0-150400.3.20.1 * libreoffice-draw-debuginfo-7.5.4.1-150400.17.14.1 * libzmf-devel-0.0.2-150200.9.2.1 * libcdr-0_1-1-0.1.4-150200.9.6.1 * freerdp-proxy-debuginfo-2.4.0-150400.3.20.1 * libzmf-0_0-0-0.0.2-150200.9.2.1 * libreoffice-impress-debuginfo-7.5.4.1-150400.17.14.1 * libreoffice-pyuno-7.5.4.1-150400.17.14.1 * libcdr-debugsource-0.1.4-150200.9.6.1 * winpr2-devel-2.4.0-150400.3.20.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (noarch) * libreoffice-l10n-en-7.5.4.1-150400.17.14.1 * libreoffice-l10n-te-7.5.4.1-150400.17.14.1 * libreoffice-l10n-kn-7.5.4.1-150400.17.14.1 * libreoffice-l10n-mai-7.5.4.1-150400.17.14.1 * libreoffice-l10n-nso-7.5.4.1-150400.17.14.1 * libreoffice-l10n-nb-7.5.4.1-150400.17.14.1 * libreoffice-l10n-hu-7.5.4.1-150400.17.14.1 * libreoffice-l10n-pt_BR-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ar-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ko-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ve-7.5.4.1-150400.17.14.1 * libreoffice-l10n-gl-7.5.4.1-150400.17.14.1 * libreoffice-l10n-he-7.5.4.1-150400.17.14.1 * libreoffice-l10n-th-7.5.4.1-150400.17.14.1 * libreoffice-l10n-eu-7.5.4.1-150400.17.14.1 * libreoffice-l10n-sv-7.5.4.1-150400.17.14.1 * libreoffice-l10n-pl-7.5.4.1-150400.17.14.1 * libreoffice-l10n-da-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ts-7.5.4.1-150400.17.14.1 * libreoffice-l10n-cs-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ss-7.5.4.1-150400.17.14.1 * libreoffice-l10n-bg-7.5.4.1-150400.17.14.1 * libreoffice-l10n-fa-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ckb-7.5.4.1-150400.17.14.1 * libreoffice-l10n-zh_TW-7.5.4.1-150400.17.14.1 * libreoffice-l10n-bn-7.5.4.1-150400.17.14.1 * libreoffice-l10n-pa-7.5.4.1-150400.17.14.1 * libreoffice-l10n-nn-7.5.4.1-150400.17.14.1 * libreoffice-l10n-fur-7.5.4.1-150400.17.14.1 * libreoffice-l10n-cy-7.5.4.1-150400.17.14.1 * libreoffice-l10n-hr-7.5.4.1-150400.17.14.1 * libreoffice-l10n-zh_CN-7.5.4.1-150400.17.14.1 * libreoffice-l10n-hi-7.5.4.1-150400.17.14.1 * libreoffice-l10n-it-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ml-7.5.4.1-150400.17.14.1 * libreoffice-l10n-zu-7.5.4.1-150400.17.14.1 * libreoffice-l10n-de-7.5.4.1-150400.17.14.1 * libreoffice-l10n-br-7.5.4.1-150400.17.14.1 * libreoffice-icon-themes-7.5.4.1-150400.17.14.1 * libreoffice-branding-upstream-7.5.4.1-150400.17.14.1 * libreoffice-l10n-lv-7.5.4.1-150400.17.14.1 * libreoffice-l10n-sr-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ga-7.5.4.1-150400.17.14.1 * libreoffice-l10n-pt_PT-7.5.4.1-150400.17.14.1 * libreoffice-l10n-el-7.5.4.1-150400.17.14.1 * libreoffice-l10n-tn-7.5.4.1-150400.17.14.1 * libreoffice-l10n-fi-7.5.4.1-150400.17.14.1 * libreoffice-l10n-af-7.5.4.1-150400.17.14.1 * libreoffice-l10n-fr-7.5.4.1-150400.17.14.1 * libreoffice-l10n-nr-7.5.4.1-150400.17.14.1 * libreoffice-l10n-dz-7.5.4.1-150400.17.14.1 * libreoffice-l10n-kk-7.5.4.1-150400.17.14.1 * libreoffice-l10n-sk-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ta-7.5.4.1-150400.17.14.1 * libreoffice-l10n-nl-7.5.4.1-150400.17.14.1 * libreoffice-l10n-et-7.5.4.1-150400.17.14.1 * libreoffice-l10n-as-7.5.4.1-150400.17.14.1 * libreoffice-l10n-st-7.5.4.1-150400.17.14.1 * libreoffice-l10n-uk-7.5.4.1-150400.17.14.1 * libreoffice-l10n-xh-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ca-7.5.4.1-150400.17.14.1 * libreoffice-l10n-gu-7.5.4.1-150400.17.14.1 * libreoffice-l10n-eo-7.5.4.1-150400.17.14.1 * libreoffice-l10n-lt-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ja-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ru-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ro-7.5.4.1-150400.17.14.1 * libreoffice-l10n-tr-7.5.4.1-150400.17.14.1 * libreoffice-l10n-si-7.5.4.1-150400.17.14.1 * libreoffice-l10n-mr-7.5.4.1-150400.17.14.1 * libreoffice-l10n-es-7.5.4.1-150400.17.14.1 * libreoffice-l10n-or-7.5.4.1-150400.17.14.1 * libreoffice-l10n-sl-7.5.4.1-150400.17.14.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * libreoffice-gnome-debuginfo-7.5.4.1-150400.17.14.1 * libreoffice-mailmerge-7.5.4.1-150400.17.14.1 * freerdp-debuginfo-2.4.0-150400.3.20.1 * libcdr-devel-0.1.4-150200.9.6.1 * libreoffice-officebean-7.5.4.1-150400.17.14.1 * freerdp-debugsource-2.4.0-150400.3.20.1 * libreofficekit-7.5.4.1-150400.17.14.1 * libreoffice-draw-7.5.4.1-150400.17.14.1 * libreoffice-impress-7.5.4.1-150400.17.14.1 * libzmf-debuginfo-0.0.2-150200.9.2.1 * libreoffice-writer-debuginfo-7.5.4.1-150400.17.14.1 * libmspub-devel-0.1.4-150200.9.2.1 * libreoffice-math-7.5.4.1-150400.17.14.1 * libreoffice-writer-extensions-7.5.4.1-150400.17.14.1 * libmspub-0_1-1-debuginfo-0.1.4-150200.9.2.1 * libreoffice-base-debuginfo-7.5.4.1-150400.17.14.1 * libcdr-0_1-1-debuginfo-0.1.4-150200.9.6.1 * libzmf-0_0-0-debuginfo-0.0.2-150200.9.2.1 * freerdp-devel-2.4.0-150400.3.20.1 * libreoffice-gnome-7.5.4.1-150400.17.14.1 * libmspub-debuginfo-0.1.4-150200.9.2.1 * libreoffice-officebean-debuginfo-7.5.4.1-150400.17.14.1 * libreoffice-base-drivers-postgresql-7.5.4.1-150400.17.14.1 * libreoffice-gtk3-7.5.4.1-150400.17.14.1 * libmspub-0_1-1-0.1.4-150200.9.2.1 * freerdp-2.4.0-150400.3.20.1 * libwinpr2-2.4.0-150400.3.20.1 * libreoffice-7.5.4.1-150400.17.14.1 * libzmf-debugsource-0.0.2-150200.9.2.1 * libreoffice-base-7.5.4.1-150400.17.14.1 * libreoffice-calc-debuginfo-7.5.4.1-150400.17.14.1 * libreoffice-math-debuginfo-7.5.4.1-150400.17.14.1 * libwinpr2-debuginfo-2.4.0-150400.3.20.1 * libreoffice-filters-optional-7.5.4.1-150400.17.14.1 * libreoffice-pyuno-debuginfo-7.5.4.1-150400.17.14.1 * libmspub-debugsource-0.1.4-150200.9.2.1 * libreoffice-calc-7.5.4.1-150400.17.14.1 * libreoffice-gtk3-debuginfo-7.5.4.1-150400.17.14.1 * libcdr-debuginfo-0.1.4-150200.9.6.1 * libreoffice-debugsource-7.5.4.1-150400.17.14.1 * libreoffice-base-drivers-postgresql-debuginfo-7.5.4.1-150400.17.14.1 * libreoffice-writer-7.5.4.1-150400.17.14.1 * libfreerdp2-debuginfo-2.4.0-150400.3.20.1 * libreoffice-debuginfo-7.5.4.1-150400.17.14.1 * freerdp-proxy-2.4.0-150400.3.20.1 * libreoffice-calc-extensions-7.5.4.1-150400.17.14.1 * libfreerdp2-2.4.0-150400.3.20.1 * libreoffice-draw-debuginfo-7.5.4.1-150400.17.14.1 * libzmf-devel-0.0.2-150200.9.2.1 * libcdr-0_1-1-0.1.4-150200.9.6.1 * freerdp-proxy-debuginfo-2.4.0-150400.3.20.1 * libzmf-0_0-0-0.0.2-150200.9.2.1 * libreoffice-impress-debuginfo-7.5.4.1-150400.17.14.1 * libreoffice-pyuno-7.5.4.1-150400.17.14.1 * libcdr-debugsource-0.1.4-150200.9.6.1 * winpr2-devel-2.4.0-150400.3.20.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (noarch) * libreoffice-l10n-en-7.5.4.1-150400.17.14.1 * libreoffice-l10n-te-7.5.4.1-150400.17.14.1 * libreoffice-l10n-kn-7.5.4.1-150400.17.14.1 * libreoffice-l10n-mai-7.5.4.1-150400.17.14.1 * libreoffice-l10n-nso-7.5.4.1-150400.17.14.1 * libreoffice-l10n-nb-7.5.4.1-150400.17.14.1 * libreoffice-l10n-hu-7.5.4.1-150400.17.14.1 * libreoffice-l10n-pt_BR-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ar-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ko-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ve-7.5.4.1-150400.17.14.1 * libreoffice-l10n-gl-7.5.4.1-150400.17.14.1 * libreoffice-l10n-he-7.5.4.1-150400.17.14.1 * libreoffice-l10n-th-7.5.4.1-150400.17.14.1 * libreoffice-l10n-eu-7.5.4.1-150400.17.14.1 * libreoffice-l10n-sv-7.5.4.1-150400.17.14.1 * libreoffice-l10n-pl-7.5.4.1-150400.17.14.1 * libreoffice-l10n-da-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ts-7.5.4.1-150400.17.14.1 * libreoffice-l10n-cs-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ss-7.5.4.1-150400.17.14.1 * libreoffice-l10n-bg-7.5.4.1-150400.17.14.1 * libreoffice-l10n-fa-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ckb-7.5.4.1-150400.17.14.1 * libreoffice-l10n-zh_TW-7.5.4.1-150400.17.14.1 * libreoffice-l10n-bn-7.5.4.1-150400.17.14.1 * libreoffice-l10n-pa-7.5.4.1-150400.17.14.1 * libreoffice-l10n-nn-7.5.4.1-150400.17.14.1 * libreoffice-l10n-fur-7.5.4.1-150400.17.14.1 * libreoffice-l10n-cy-7.5.4.1-150400.17.14.1 * libreoffice-l10n-hr-7.5.4.1-150400.17.14.1 * libreoffice-l10n-zh_CN-7.5.4.1-150400.17.14.1 * libreoffice-l10n-hi-7.5.4.1-150400.17.14.1 * libreoffice-l10n-it-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ml-7.5.4.1-150400.17.14.1 * libreoffice-l10n-zu-7.5.4.1-150400.17.14.1 * libreoffice-l10n-de-7.5.4.1-150400.17.14.1 * libreoffice-l10n-br-7.5.4.1-150400.17.14.1 * libreoffice-icon-themes-7.5.4.1-150400.17.14.1 * libreoffice-branding-upstream-7.5.4.1-150400.17.14.1 * libreoffice-l10n-lv-7.5.4.1-150400.17.14.1 * libreoffice-l10n-sr-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ga-7.5.4.1-150400.17.14.1 * libreoffice-l10n-pt_PT-7.5.4.1-150400.17.14.1 * libreoffice-l10n-el-7.5.4.1-150400.17.14.1 * libreoffice-l10n-tn-7.5.4.1-150400.17.14.1 * libreoffice-l10n-fi-7.5.4.1-150400.17.14.1 * libreoffice-l10n-af-7.5.4.1-150400.17.14.1 * libreoffice-l10n-fr-7.5.4.1-150400.17.14.1 * libreoffice-l10n-nr-7.5.4.1-150400.17.14.1 * libreoffice-l10n-dz-7.5.4.1-150400.17.14.1 * libreoffice-l10n-kk-7.5.4.1-150400.17.14.1 * libreoffice-l10n-sk-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ta-7.5.4.1-150400.17.14.1 * libreoffice-l10n-nl-7.5.4.1-150400.17.14.1 * libreoffice-l10n-et-7.5.4.1-150400.17.14.1 * libreoffice-l10n-as-7.5.4.1-150400.17.14.1 * libreoffice-l10n-st-7.5.4.1-150400.17.14.1 * libreoffice-l10n-uk-7.5.4.1-150400.17.14.1 * libreoffice-l10n-xh-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ca-7.5.4.1-150400.17.14.1 * libreoffice-l10n-gu-7.5.4.1-150400.17.14.1 * libreoffice-l10n-eo-7.5.4.1-150400.17.14.1 * libreoffice-l10n-lt-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ja-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ru-7.5.4.1-150400.17.14.1 * libreoffice-l10n-ro-7.5.4.1-150400.17.14.1 * libreoffice-l10n-tr-7.5.4.1-150400.17.14.1 * libreoffice-l10n-si-7.5.4.1-150400.17.14.1 * libreoffice-l10n-mr-7.5.4.1-150400.17.14.1 * libreoffice-l10n-es-7.5.4.1-150400.17.14.1 * libreoffice-l10n-or-7.5.4.1-150400.17.14.1 * libreoffice-l10n-sl-7.5.4.1-150400.17.14.1 ## References: * https://jira.suse.com/browse/PED-6193 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 20 12:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Oct 2023 12:30:14 -0000 Subject: SUSE-SU-2023:4142-1: important: Security update for the Linux Kernel Message-ID: <169780501441.28145.1443024623146549633@smelt2.prg2.suse.org> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4142-1 Rating: important References: * bsc#1176588 * bsc#1202845 * bsc#1207270 * bsc#1208995 * bsc#1210169 * bsc#1210643 * bsc#1210658 * bsc#1212703 * bsc#1213812 * bsc#1214233 * bsc#1214351 * bsc#1214380 * bsc#1214386 * bsc#1215115 * bsc#1215117 * bsc#1215150 * bsc#1215221 * bsc#1215275 * bsc#1215299 * bsc#1215322 * bsc#1215356 Cross-References: * CVE-2020-36766 * CVE-2023-1192 * CVE-2023-1206 * CVE-2023-1859 * CVE-2023-2177 * CVE-2023-4004 * CVE-2023-40283 * CVE-2023-42753 * CVE-2023-4389 * CVE-2023-4622 * CVE-2023-4623 * CVE-2023-4881 * CVE-2023-4921 CVSS scores: * CVE-2020-36766 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2020-36766 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-1192 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1206 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1206 ( NVD ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1859 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L * CVE-2023-1859 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2177 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2177 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4004 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-40283 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-40283 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-42753 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4389 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-4389 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4881 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-4881 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2023-4921 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4921 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves 13 vulnerabilities and has eight security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351). * CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150). * CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703). * CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275). * CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812). * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117). * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). * CVE-2020-36766: Fixed a potential information leak in in the CEC driver (bsc#1215299). * CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169). * CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system (bsc#1210643). * CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). * CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233). * CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995). The following non-security bugs were fixed: * bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322). * check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380). gcc7 on SLE 15 does not support this while later gcc does. * locking/rwsem: Disable reader optimistic spinning (bnc#1176588). * mkspec: Allow unsupported KMPs (bsc#1214386) * scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658). * x86/pkeys: Revert a5eff7259790 ("x86/pkeys: Add PKRU value to init_fpstate") (bsc#1215356). * x86/srso: Do not probe microcode in a guest (git-fixes). * x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes). * x86/srso: Fix srso_show_state() side effect (git-fixes). * x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4142=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4142=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4142=1 ## Package List: * SUSE Linux Enterprise Micro 5.1 (nosrc x86_64) * kernel-rt-5.3.18-150300.144.1 * SUSE Linux Enterprise Micro 5.1 (x86_64) * kernel-rt-debugsource-5.3.18-150300.144.1 * kernel-rt-debuginfo-5.3.18-150300.144.1 * SUSE Linux Enterprise Micro 5.2 (nosrc x86_64) * kernel-rt-5.3.18-150300.144.1 * SUSE Linux Enterprise Micro 5.2 (x86_64) * kernel-rt-debugsource-5.3.18-150300.144.1 * kernel-rt-debuginfo-5.3.18-150300.144.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (nosrc x86_64) * kernel-rt-5.3.18-150300.144.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * kernel-rt-debugsource-5.3.18-150300.144.1 * kernel-rt-debuginfo-5.3.18-150300.144.1 ## References: * https://www.suse.com/security/cve/CVE-2020-36766.html * https://www.suse.com/security/cve/CVE-2023-1192.html * https://www.suse.com/security/cve/CVE-2023-1206.html * https://www.suse.com/security/cve/CVE-2023-1859.html * https://www.suse.com/security/cve/CVE-2023-2177.html * https://www.suse.com/security/cve/CVE-2023-4004.html * https://www.suse.com/security/cve/CVE-2023-40283.html * https://www.suse.com/security/cve/CVE-2023-42753.html * https://www.suse.com/security/cve/CVE-2023-4389.html * https://www.suse.com/security/cve/CVE-2023-4622.html * https://www.suse.com/security/cve/CVE-2023-4623.html * https://www.suse.com/security/cve/CVE-2023-4881.html * https://www.suse.com/security/cve/CVE-2023-4921.html * https://bugzilla.suse.com/show_bug.cgi?id=1176588 * https://bugzilla.suse.com/show_bug.cgi?id=1202845 * https://bugzilla.suse.com/show_bug.cgi?id=1207270 * https://bugzilla.suse.com/show_bug.cgi?id=1208995 * https://bugzilla.suse.com/show_bug.cgi?id=1210169 * https://bugzilla.suse.com/show_bug.cgi?id=1210643 * https://bugzilla.suse.com/show_bug.cgi?id=1210658 * https://bugzilla.suse.com/show_bug.cgi?id=1212703 * https://bugzilla.suse.com/show_bug.cgi?id=1213812 * https://bugzilla.suse.com/show_bug.cgi?id=1214233 * https://bugzilla.suse.com/show_bug.cgi?id=1214351 * https://bugzilla.suse.com/show_bug.cgi?id=1214380 * https://bugzilla.suse.com/show_bug.cgi?id=1214386 * https://bugzilla.suse.com/show_bug.cgi?id=1215115 * https://bugzilla.suse.com/show_bug.cgi?id=1215117 * https://bugzilla.suse.com/show_bug.cgi?id=1215150 * https://bugzilla.suse.com/show_bug.cgi?id=1215221 * https://bugzilla.suse.com/show_bug.cgi?id=1215275 * https://bugzilla.suse.com/show_bug.cgi?id=1215299 * https://bugzilla.suse.com/show_bug.cgi?id=1215322 * https://bugzilla.suse.com/show_bug.cgi?id=1215356 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 20 12:30:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Oct 2023 12:30:18 -0000 Subject: SUSE-SU-2023:4141-1: important: Security update for grub2 Message-ID: <169780501825.28145.1013533761853721986@smelt2.prg2.suse.org> # Security update for grub2 Announcement ID: SUSE-SU-2023:4141-1 Rating: important References: * bsc#1201300 * bsc#1215935 * bsc#1215936 Cross-References: * CVE-2023-4692 * CVE-2023-4693 CVSS scores: * CVE-2023-4692 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4693 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for grub2 fixes the following issues: Security fixes: \- CVE-2023-4692: Fixed an out-of-bounds write at fs/ntfs.c which may lead to unsigned code execution. (bsc#1215935) \- CVE-2023-4693: Fixed an out-of-bounds read at fs/ntfs.c which may lead to leak sensitive information. (bsc#1215936) Other fixes: \- Fix a boot delay issue in PowerPC PXE boot (bsc#1201300) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4141=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4141=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4141=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * grub2-2.06-150500.29.8.1 * grub2-debugsource-2.06-150500.29.8.1 * grub2-debuginfo-2.06-150500.29.8.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * grub2-i386-pc-2.06-150500.29.8.1 * grub2-arm64-efi-2.06-150500.29.8.1 * grub2-snapper-plugin-2.06-150500.29.8.1 * grub2-x86_64-efi-2.06-150500.29.8.1 * grub2-x86_64-xen-2.06-150500.29.8.1 * SUSE Linux Enterprise Micro 5.5 (s390x) * grub2-s390x-emu-2.06-150500.29.8.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * grub2-2.06-150500.29.8.1 * grub2-debuginfo-2.06-150500.29.8.1 * Basesystem Module 15-SP5 (noarch) * grub2-i386-pc-2.06-150500.29.8.1 * grub2-arm64-efi-2.06-150500.29.8.1 * grub2-snapper-plugin-2.06-150500.29.8.1 * grub2-powerpc-ieee1275-2.06-150500.29.8.1 * grub2-x86_64-efi-2.06-150500.29.8.1 * grub2-systemd-sleep-plugin-2.06-150500.29.8.1 * Basesystem Module 15-SP5 (aarch64 s390x x86_64) * grub2-debugsource-2.06-150500.29.8.1 * Basesystem Module 15-SP5 (s390x) * grub2-s390x-emu-2.06-150500.29.8.1 * Server Applications Module 15-SP5 (noarch) * grub2-x86_64-xen-2.06-150500.29.8.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4692.html * https://www.suse.com/security/cve/CVE-2023-4693.html * https://bugzilla.suse.com/show_bug.cgi?id=1201300 * https://bugzilla.suse.com/show_bug.cgi?id=1215935 * https://bugzilla.suse.com/show_bug.cgi?id=1215936 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 20 12:30:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Oct 2023 12:30:21 -0000 Subject: SUSE-SU-2023:4140-1: important: Security update for grub2 Message-ID: <169780502182.28145.8683437478708146861@smelt2.prg2.suse.org> # Security update for grub2 Announcement ID: SUSE-SU-2023:4140-1 Rating: important References: * bsc#1201300 * bsc#1215935 * bsc#1215936 Cross-References: * CVE-2023-4692 * CVE-2023-4693 CVSS scores: * CVE-2023-4692 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4693 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 Module 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for grub2 fixes the following issues: Security fixes: \- CVE-2023-4692: Fixed an out-of-bounds write at fs/ntfs.c which may lead to unsigned code execution. (bsc#1215935) \- CVE-2023-4693: Fixed an out-of-bounds read at fs/ntfs.c which may lead to leak sensitive information. (bsc#1215936) Other fixes: \- Fix a boot delay issue in PowerPC PXE boot (bsc#1201300) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4140=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4140=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4140=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4140=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4140=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4140=1 * SUSE Manager Proxy 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2023-4140=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * grub2-2.06-150400.11.38.1 * grub2-debugsource-2.06-150400.11.38.1 * grub2-debuginfo-2.06-150400.11.38.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * grub2-snapper-plugin-2.06-150400.11.38.1 * grub2-x86_64-efi-2.06-150400.11.38.1 * grub2-i386-pc-2.06-150400.11.38.1 * grub2-arm64-efi-2.06-150400.11.38.1 * grub2-x86_64-xen-2.06-150400.11.38.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (s390x) * grub2-s390x-emu-2.06-150400.11.38.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * grub2-2.06-150400.11.38.1 * grub2-debugsource-2.06-150400.11.38.1 * grub2-debuginfo-2.06-150400.11.38.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * grub2-snapper-plugin-2.06-150400.11.38.1 * grub2-x86_64-efi-2.06-150400.11.38.1 * grub2-i386-pc-2.06-150400.11.38.1 * grub2-arm64-efi-2.06-150400.11.38.1 * grub2-x86_64-xen-2.06-150400.11.38.1 * SUSE Linux Enterprise Micro 5.3 (s390x) * grub2-s390x-emu-2.06-150400.11.38.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * grub2-2.06-150400.11.38.1 * grub2-debugsource-2.06-150400.11.38.1 * grub2-debuginfo-2.06-150400.11.38.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * grub2-snapper-plugin-2.06-150400.11.38.1 * grub2-x86_64-efi-2.06-150400.11.38.1 * grub2-i386-pc-2.06-150400.11.38.1 * grub2-arm64-efi-2.06-150400.11.38.1 * grub2-x86_64-xen-2.06-150400.11.38.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (s390x) * grub2-s390x-emu-2.06-150400.11.38.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * grub2-2.06-150400.11.38.1 * grub2-debugsource-2.06-150400.11.38.1 * grub2-debuginfo-2.06-150400.11.38.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * grub2-snapper-plugin-2.06-150400.11.38.1 * grub2-x86_64-efi-2.06-150400.11.38.1 * grub2-i386-pc-2.06-150400.11.38.1 * grub2-arm64-efi-2.06-150400.11.38.1 * grub2-x86_64-xen-2.06-150400.11.38.1 * SUSE Linux Enterprise Micro 5.4 (s390x) * grub2-s390x-emu-2.06-150400.11.38.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * grub2-2.06-150400.11.38.1 * grub2-debuginfo-2.06-150400.11.38.1 * Basesystem Module 15-SP4 (noarch) * grub2-snapper-plugin-2.06-150400.11.38.1 * grub2-powerpc-ieee1275-2.06-150400.11.38.1 * grub2-x86_64-efi-2.06-150400.11.38.1 * grub2-i386-pc-2.06-150400.11.38.1 * grub2-arm64-efi-2.06-150400.11.38.1 * grub2-systemd-sleep-plugin-2.06-150400.11.38.1 * Basesystem Module 15-SP4 (aarch64 s390x x86_64) * grub2-debugsource-2.06-150400.11.38.1 * Basesystem Module 15-SP4 (s390x) * grub2-s390x-emu-2.06-150400.11.38.1 * Server Applications Module 15-SP4 (noarch) * grub2-x86_64-xen-2.06-150400.11.38.1 * SUSE Manager Proxy 4.3 Module 4.3 (noarch) * grub2-arm64-efi-2.06-150400.11.38.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4692.html * https://www.suse.com/security/cve/CVE-2023-4693.html * https://bugzilla.suse.com/show_bug.cgi?id=1201300 * https://bugzilla.suse.com/show_bug.cgi?id=1215935 * https://bugzilla.suse.com/show_bug.cgi?id=1215936 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 20 12:30:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Oct 2023 12:30:26 -0000 Subject: SUSE-RU-2023:4139-1: moderate: Recommended update for containerd, runc Message-ID: <169780502640.28145.4011800769300592772@smelt2.prg2.suse.org> # Recommended update for containerd, runc Announcement ID: SUSE-RU-2023:4139-1 Rating: moderate References: * bsc#1215323 Affected Products: * Containers Module 15-SP4 * Containers Module 15-SP5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for containerd, runc fixes the following issues: runc was updated to v1.1.9. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.9 containerd was updated to containerd v1.7.7 for Docker v24.0.6-ce. Upstream release notes: * https://github.com/containerd/containerd/releases/tag/v1.7.7 * https://github.com/containerd/containerd/releases/tag/v1.7.6 bsc#1215323 * Add `Provides: cri-runtime` to use containerd as container runtime in Factory Kubernetes packages ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4139=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4139=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4139=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4139=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4139=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-4139=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-4139=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4139=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4139=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4139=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4139=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4139=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4139=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4139=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4139=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4139=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4139=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4139=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4139=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4139=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4139=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * containerd-1.7.7-150000.100.1 * runc-1.1.9-150000.52.2 * runc-debuginfo-1.1.9-150000.52.2 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * containerd-1.7.7-150000.100.1 * runc-1.1.9-150000.52.2 * runc-debuginfo-1.1.9-150000.52.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * containerd-1.7.7-150000.100.1 * runc-1.1.9-150000.52.2 * runc-debuginfo-1.1.9-150000.52.2 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * containerd-1.7.7-150000.100.1 * runc-1.1.9-150000.52.2 * runc-debuginfo-1.1.9-150000.52.2 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * containerd-1.7.7-150000.100.1 * runc-1.1.9-150000.52.2 * runc-debuginfo-1.1.9-150000.52.2 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * runc-1.1.9-150000.52.2 * containerd-ctr-1.7.7-150000.100.1 * containerd-1.7.7-150000.100.1 * runc-debuginfo-1.1.9-150000.52.2 * containerd-devel-1.7.7-150000.100.1 * Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64) * runc-1.1.9-150000.52.2 * containerd-ctr-1.7.7-150000.100.1 * containerd-1.7.7-150000.100.1 * runc-debuginfo-1.1.9-150000.52.2 * containerd-devel-1.7.7-150000.100.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * containerd-ctr-1.7.7-150000.100.1 * containerd-1.7.7-150000.100.1 * runc-1.1.9-150000.52.2 * runc-debuginfo-1.1.9-150000.52.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * containerd-ctr-1.7.7-150000.100.1 * containerd-1.7.7-150000.100.1 * runc-1.1.9-150000.52.2 * runc-debuginfo-1.1.9-150000.52.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * containerd-ctr-1.7.7-150000.100.1 * containerd-1.7.7-150000.100.1 * runc-1.1.9-150000.52.2 * runc-debuginfo-1.1.9-150000.52.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * containerd-ctr-1.7.7-150000.100.1 * containerd-1.7.7-150000.100.1 * runc-1.1.9-150000.52.2 * runc-debuginfo-1.1.9-150000.52.2 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * containerd-ctr-1.7.7-150000.100.1 * containerd-1.7.7-150000.100.1 * runc-1.1.9-150000.52.2 * runc-debuginfo-1.1.9-150000.52.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * containerd-ctr-1.7.7-150000.100.1 * containerd-1.7.7-150000.100.1 * runc-1.1.9-150000.52.2 * runc-debuginfo-1.1.9-150000.52.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * containerd-ctr-1.7.7-150000.100.1 * containerd-1.7.7-150000.100.1 * runc-1.1.9-150000.52.2 * runc-debuginfo-1.1.9-150000.52.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * containerd-ctr-1.7.7-150000.100.1 * containerd-1.7.7-150000.100.1 * runc-1.1.9-150000.52.2 * runc-debuginfo-1.1.9-150000.52.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * containerd-ctr-1.7.7-150000.100.1 * containerd-1.7.7-150000.100.1 * runc-1.1.9-150000.52.2 * runc-debuginfo-1.1.9-150000.52.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * containerd-ctr-1.7.7-150000.100.1 * containerd-1.7.7-150000.100.1 * runc-1.1.9-150000.52.2 * runc-debuginfo-1.1.9-150000.52.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * containerd-ctr-1.7.7-150000.100.1 * containerd-1.7.7-150000.100.1 * runc-1.1.9-150000.52.2 * runc-debuginfo-1.1.9-150000.52.2 * SUSE CaaS Platform 4.0 (x86_64) * containerd-ctr-1.7.7-150000.100.1 * containerd-1.7.7-150000.100.1 * runc-1.1.9-150000.52.2 * runc-debuginfo-1.1.9-150000.52.2 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * containerd-1.7.7-150000.100.1 * runc-1.1.9-150000.52.2 * runc-debuginfo-1.1.9-150000.52.2 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * containerd-1.7.7-150000.100.1 * runc-1.1.9-150000.52.2 * runc-debuginfo-1.1.9-150000.52.2 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * containerd-1.7.7-150000.100.1 * runc-1.1.9-150000.52.2 * runc-debuginfo-1.1.9-150000.52.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215323 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 20 16:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Oct 2023 16:30:01 -0000 Subject: SUSE-SU-2023:4152-1: important: Security update for java-11-openjdk Message-ID: <169781940183.20698.9886070391307930220@smelt2.prg2.suse.org> # Security update for java-11-openjdk Announcement ID: SUSE-SU-2023:4152-1 Rating: important References: * bsc#1214790 * bsc#1216374 Cross-References: * CVE-2023-22081 CVSS scores: * CVE-2023-22081 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-22081 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for java-11-openjdk fixes the following issues: * Upgraded to JDK 11.0.21+9 (October 2023 CPU): * CVE-2023-22081: Fixed a partial denial of service issue that could be triggered via HTTPS (bsc#1216374). Please visit the Oracle Release Notes page for the full changelog: https://www.oracle.com/java/technologies/javase/11all-relnotes.html ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4152=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4152=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4152=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * java-11-openjdk-debuginfo-11.0.21.0-3.69.1 * java-11-openjdk-debugsource-11.0.21.0-3.69.1 * java-11-openjdk-11.0.21.0-3.69.1 * java-11-openjdk-headless-11.0.21.0-3.69.1 * java-11-openjdk-devel-11.0.21.0-3.69.1 * java-11-openjdk-demo-11.0.21.0-3.69.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-debuginfo-11.0.21.0-3.69.1 * java-11-openjdk-debugsource-11.0.21.0-3.69.1 * java-11-openjdk-11.0.21.0-3.69.1 * java-11-openjdk-headless-11.0.21.0-3.69.1 * java-11-openjdk-devel-11.0.21.0-3.69.1 * java-11-openjdk-demo-11.0.21.0-3.69.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * java-11-openjdk-debuginfo-11.0.21.0-3.69.1 * java-11-openjdk-debugsource-11.0.21.0-3.69.1 * java-11-openjdk-11.0.21.0-3.69.1 * java-11-openjdk-headless-11.0.21.0-3.69.1 * java-11-openjdk-devel-11.0.21.0-3.69.1 * java-11-openjdk-demo-11.0.21.0-3.69.1 ## References: * https://www.suse.com/security/cve/CVE-2023-22081.html * https://bugzilla.suse.com/show_bug.cgi?id=1214790 * https://bugzilla.suse.com/show_bug.cgi?id=1216374 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 20 16:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Oct 2023 16:30:05 -0000 Subject: SUSE-SU-2023:4150-1: important: Security update for nodejs18 Message-ID: <169781940507.20698.5665932558606649474@smelt2.prg2.suse.org> # Security update for nodejs18 Announcement ID: SUSE-SU-2023:4150-1 Rating: important References: * bsc#1216190 * bsc#1216205 * bsc#1216272 * bsc#1216273 Cross-References: * CVE-2023-38552 * CVE-2023-39333 * CVE-2023-44487 * CVE-2023-45143 CVSS scores: * CVE-2023-38552 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-39333 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-45143 ( SUSE ): 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L * CVE-2023-45143 ( NVD ): 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * Web and Scripting Module 12 An update that solves four vulnerabilities can now be installed. ## Description: This update for nodejs18 fixes the following issues: * Update to version 18.18.2 * CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190) * CVE-2023-45143: Fixed a cookie leakage in undici. (bsc#1216205) * CVE-2023-38552: Fixed an integrity checks according to policies that could be circumvented. (bsc#1216272) * CVE-2023-39333: Fixed a code injection via WebAssembly export names. (bsc#1216273) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Web and Scripting Module 12 zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2023-4150=1 ## Package List: * Web and Scripting Module 12 (aarch64 ppc64le s390x x86_64) * nodejs16-16.20.2-8.36.1 * npm16-16.20.2-8.36.1 * nodejs16-debugsource-16.20.2-8.36.1 * nodejs16-devel-16.20.2-8.36.1 * nodejs16-debuginfo-16.20.2-8.36.1 * Web and Scripting Module 12 (noarch) * nodejs16-docs-16.20.2-8.36.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38552.html * https://www.suse.com/security/cve/CVE-2023-39333.html * https://www.suse.com/security/cve/CVE-2023-44487.html * https://www.suse.com/security/cve/CVE-2023-45143.html * https://bugzilla.suse.com/show_bug.cgi?id=1216190 * https://bugzilla.suse.com/show_bug.cgi?id=1216205 * https://bugzilla.suse.com/show_bug.cgi?id=1216272 * https://bugzilla.suse.com/show_bug.cgi?id=1216273 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 20 16:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Oct 2023 16:30:07 -0000 Subject: SUSE-RU-2023:4149-1: moderate: Recommended update for nethogs Message-ID: <169781940703.20698.7661783616836440899@smelt2.prg2.suse.org> # Recommended update for nethogs Announcement ID: SUSE-RU-2023:4149-1 Rating: moderate References: * bsc#1214584 * bsc#1214585 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has two fixes can now be installed. ## Description: This update for nethogs fixes the following issues: * only warn about missing file descriptor when in bughunt mode (bsc#1214584) * clarify the units in use (bytes and multiples), both in output and in documentation (bsc#1214585) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4149=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4149=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4149=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * nethogs-debugsource-0.8.1-5.3.1 * nethogs-debuginfo-0.8.1-5.3.1 * nethogs-0.8.1-5.3.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * nethogs-debugsource-0.8.1-5.3.1 * nethogs-debuginfo-0.8.1-5.3.1 * nethogs-0.8.1-5.3.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * nethogs-debugsource-0.8.1-5.3.1 * nethogs-debuginfo-0.8.1-5.3.1 * nethogs-0.8.1-5.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214584 * https://bugzilla.suse.com/show_bug.cgi?id=1214585 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 20 16:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Oct 2023 16:30:08 -0000 Subject: SUSE-RU-2023:4148-1: low: Recommended update for nethogs Message-ID: <169781940838.20698.14311488391027776191@smelt2.prg2.suse.org> # Recommended update for nethogs Announcement ID: SUSE-RU-2023:4148-1 Rating: low References: * bsc#1214585 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for nethogs fixes the following issues: * clarify the units in use (bytes and multiples), both in output and in documentation (bsc#1214585) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4148=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4148=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4148=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4148=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4148=1 ## Package List: * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * nethogs-debuginfo-0.8.5-150000.3.3.1 * nethogs-debugsource-0.8.5-150000.3.3.1 * nethogs-0.8.5-150000.3.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * nethogs-debuginfo-0.8.5-150000.3.3.1 * nethogs-debugsource-0.8.5-150000.3.3.1 * nethogs-0.8.5-150000.3.3.1 * SUSE Manager Proxy 4.2 (x86_64) * nethogs-debuginfo-0.8.5-150000.3.3.1 * nethogs-debugsource-0.8.5-150000.3.3.1 * nethogs-0.8.5-150000.3.3.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * nethogs-debuginfo-0.8.5-150000.3.3.1 * nethogs-debugsource-0.8.5-150000.3.3.1 * nethogs-0.8.5-150000.3.3.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * nethogs-debuginfo-0.8.5-150000.3.3.1 * nethogs-debugsource-0.8.5-150000.3.3.1 * nethogs-0.8.5-150000.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214585 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 20 16:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Oct 2023 16:30:10 -0000 Subject: SUSE-RU-2023:4147-1: moderate: Recommended update for libphonenumber Message-ID: <169781941002.20698.17868521953447675400@smelt2.prg2.suse.org> # Recommended update for libphonenumber Announcement ID: SUSE-RU-2023:4147-1 Rating: moderate References: * bsc#1215825 Affected Products: * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that has one fix can now be installed. ## Description: libphonenumber was updated to ship libphonenumber8 to PackageHub on all architectures. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4147=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4147=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-4147=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4147=1 ## Package List: * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * libphonenumber8-8.12.23-150400.3.4.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * libphonenumber8-8.12.23-150400.3.4.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * libphonenumber8-8.12.23-150400.3.4.1 * libphonenumber8-debuginfo-8.12.23-150400.3.4.1 * libphonenumber-debugsource-8.12.23-150400.3.4.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * libphonenumber8-8.12.23-150400.3.4.1 * libphonenumber8-debuginfo-8.12.23-150400.3.4.1 * libphonenumber-debugsource-8.12.23-150400.3.4.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215825 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 20 16:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Oct 2023 16:30:11 -0000 Subject: SUSE-RU-2023:4073-2: low: Recommended update for rpm Message-ID: <169781941182.20698.300357846754956795@smelt2.prg2.suse.org> # Recommended update for rpm Announcement ID: SUSE-RU-2023:4073-2 Rating: low References: * jsc#PED-1988 * jsc#PED-68 Affected Products: * Python 3 Module 15-SP4 * Python 3 Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains two features can now be installed. ## Description: This update for rpm fixes the following issue: * Enables build for all python modules (jsc#PED-68, jsc#PED-1988) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Python 3 Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Python3-15-SP4-2023-4073=1 * Python 3 Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Python3-15-SP5-2023-4073=1 ## Package List: * Python 3 Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python311-rpm-4.14.3-150400.59.3.1 * python311-rpm-debuginfo-4.14.3-150400.59.3.1 * Python 3 Module 15-SP5 (aarch64 ppc64le s390x x86_64) * python311-rpm-4.14.3-150400.59.3.1 * python311-rpm-debuginfo-4.14.3-150400.59.3.1 ## References: * https://jira.suse.com/browse/PED-1988 * https://jira.suse.com/browse/PED-68 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 20 20:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Oct 2023 20:30:04 -0000 Subject: SUSE-RU-2023:4154-1: moderate: Recommended update for aaa_base Message-ID: <169783380430.12315.1373042222973113037@smelt2.prg2.suse.org> # Recommended update for aaa_base Announcement ID: SUSE-RU-2023:4154-1 Rating: moderate References: * bsc#1107342 * bsc#1215434 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has two fixes can now be installed. ## Description: This update for aaa_base fixes the following issues: * Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4154=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4154=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4154=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4154=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4154=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4154=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4154=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4154=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4154=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4154=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4154=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4154=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4154=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4154=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4154=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4154=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4154=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4154=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4154=1 ## Package List: * SUSE Manager Retail Branch Server 4.2 (x86_64) * aaa_base-extras-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-debugsource-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-debuginfo-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * aaa_base-extras-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-debugsource-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-debuginfo-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * aaa_base-debugsource-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-debuginfo-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-extras-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-malloccheck-84.87+git20180409.04c9dae-150300.10.6.2 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * aaa_base-debugsource-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-debuginfo-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * aaa_base-debugsource-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-debuginfo-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * aaa_base-debugsource-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-debuginfo-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * aaa_base-debugsource-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-debuginfo-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * aaa_base-debugsource-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-debuginfo-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * aaa_base-debugsource-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-debuginfo-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * aaa_base-debugsource-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-debuginfo-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * aaa_base-extras-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-debugsource-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-debuginfo-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * aaa_base-extras-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-debugsource-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-debuginfo-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * aaa_base-debugsource-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-debuginfo-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-malloccheck-84.87+git20180409.04c9dae-150300.10.6.2 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * aaa_base-debugsource-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-debuginfo-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-malloccheck-84.87+git20180409.04c9dae-150300.10.6.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * aaa_base-debugsource-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-debuginfo-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-extras-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-malloccheck-84.87+git20180409.04c9dae-150300.10.6.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * aaa_base-debugsource-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-debuginfo-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-extras-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-malloccheck-84.87+git20180409.04c9dae-150300.10.6.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * aaa_base-debugsource-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-debuginfo-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-extras-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-malloccheck-84.87+git20180409.04c9dae-150300.10.6.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * aaa_base-debugsource-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-debuginfo-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-extras-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-malloccheck-84.87+git20180409.04c9dae-150300.10.6.2 * SUSE Manager Proxy 4.2 (x86_64) * aaa_base-extras-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-debugsource-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-debuginfo-84.87+git20180409.04c9dae-150300.10.6.2 * aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1107342 * https://bugzilla.suse.com/show_bug.cgi?id=1215434 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 20 20:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Oct 2023 20:30:06 -0000 Subject: SUSE-RU-2023:4153-1: moderate: Recommended update for systemd Message-ID: <169783380643.12315.9374936148775301540@smelt2.prg2.suse.org> # Recommended update for systemd Announcement ID: SUSE-RU-2023:4153-1 Rating: moderate References: * bsc#1215313 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that has one fix can now be installed. ## Description: This update for systemd fixes the following issues: * Fix mismatch of nss-resolve version in Package Hub (no source code changes) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4153=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4153=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4153=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4153=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4153=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4153=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4153=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4153=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4153=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libudev1-249.16-150400.8.35.5 * udev-249.16-150400.8.35.5 * systemd-journal-remote-249.16-150400.8.35.5 * systemd-journal-remote-debuginfo-249.16-150400.8.35.5 * systemd-container-debuginfo-249.16-150400.8.35.5 * systemd-container-249.16-150400.8.35.5 * udev-debuginfo-249.16-150400.8.35.5 * libsystemd0-249.16-150400.8.35.5 * libsystemd0-debuginfo-249.16-150400.8.35.5 * systemd-249.16-150400.8.35.5 * libudev1-debuginfo-249.16-150400.8.35.5 * systemd-debuginfo-249.16-150400.8.35.5 * systemd-sysvinit-249.16-150400.8.35.5 * systemd-debugsource-249.16-150400.8.35.5 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libudev1-249.16-150400.8.35.5 * udev-249.16-150400.8.35.5 * systemd-journal-remote-249.16-150400.8.35.5 * systemd-journal-remote-debuginfo-249.16-150400.8.35.5 * systemd-container-debuginfo-249.16-150400.8.35.5 * systemd-container-249.16-150400.8.35.5 * udev-debuginfo-249.16-150400.8.35.5 * libsystemd0-249.16-150400.8.35.5 * libsystemd0-debuginfo-249.16-150400.8.35.5 * systemd-249.16-150400.8.35.5 * libudev1-debuginfo-249.16-150400.8.35.5 * systemd-debuginfo-249.16-150400.8.35.5 * systemd-sysvinit-249.16-150400.8.35.5 * systemd-debugsource-249.16-150400.8.35.5 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libudev1-249.16-150400.8.35.5 * udev-249.16-150400.8.35.5 * systemd-journal-remote-249.16-150400.8.35.5 * systemd-journal-remote-debuginfo-249.16-150400.8.35.5 * systemd-container-debuginfo-249.16-150400.8.35.5 * systemd-container-249.16-150400.8.35.5 * udev-debuginfo-249.16-150400.8.35.5 * libsystemd0-249.16-150400.8.35.5 * libsystemd0-debuginfo-249.16-150400.8.35.5 * systemd-249.16-150400.8.35.5 * libudev1-debuginfo-249.16-150400.8.35.5 * systemd-debuginfo-249.16-150400.8.35.5 * systemd-sysvinit-249.16-150400.8.35.5 * systemd-debugsource-249.16-150400.8.35.5 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libudev1-249.16-150400.8.35.5 * udev-249.16-150400.8.35.5 * systemd-journal-remote-249.16-150400.8.35.5 * systemd-journal-remote-debuginfo-249.16-150400.8.35.5 * systemd-container-debuginfo-249.16-150400.8.35.5 * systemd-container-249.16-150400.8.35.5 * udev-debuginfo-249.16-150400.8.35.5 * libsystemd0-249.16-150400.8.35.5 * libsystemd0-debuginfo-249.16-150400.8.35.5 * systemd-249.16-150400.8.35.5 * libudev1-debuginfo-249.16-150400.8.35.5 * systemd-debuginfo-249.16-150400.8.35.5 * systemd-sysvinit-249.16-150400.8.35.5 * systemd-debugsource-249.16-150400.8.35.5 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * libudev1-249.16-150400.8.35.5 * udev-249.16-150400.8.35.5 * systemd-journal-remote-249.16-150400.8.35.5 * systemd-journal-remote-debuginfo-249.16-150400.8.35.5 * systemd-container-debuginfo-249.16-150400.8.35.5 * systemd-container-249.16-150400.8.35.5 * udev-debuginfo-249.16-150400.8.35.5 * libsystemd0-249.16-150400.8.35.5 * libsystemd0-debuginfo-249.16-150400.8.35.5 * systemd-249.16-150400.8.35.5 * libudev1-debuginfo-249.16-150400.8.35.5 * systemd-debuginfo-249.16-150400.8.35.5 * systemd-sysvinit-249.16-150400.8.35.5 * systemd-debugsource-249.16-150400.8.35.5 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libudev1-249.16-150400.8.35.5 * systemd-coredump-debuginfo-249.16-150400.8.35.5 * systemd-doc-249.16-150400.8.35.5 * udev-249.16-150400.8.35.5 * systemd-devel-249.16-150400.8.35.5 * systemd-container-debuginfo-249.16-150400.8.35.5 * systemd-container-249.16-150400.8.35.5 * systemd-coredump-249.16-150400.8.35.5 * libsystemd0-249.16-150400.8.35.5 * libsystemd0-debuginfo-249.16-150400.8.35.5 * udev-debuginfo-249.16-150400.8.35.5 * systemd-249.16-150400.8.35.5 * libudev1-debuginfo-249.16-150400.8.35.5 * systemd-debuginfo-249.16-150400.8.35.5 * systemd-sysvinit-249.16-150400.8.35.5 * systemd-debugsource-249.16-150400.8.35.5 * Basesystem Module 15-SP4 (noarch) * systemd-lang-249.16-150400.8.35.5 * Basesystem Module 15-SP4 (x86_64) * libsystemd0-32bit-debuginfo-249.16-150400.8.35.5 * libsystemd0-32bit-249.16-150400.8.35.5 * systemd-32bit-debuginfo-249.16-150400.8.35.5 * libudev1-32bit-249.16-150400.8.35.5 * libudev1-32bit-debuginfo-249.16-150400.8.35.5 * systemd-32bit-249.16-150400.8.35.5 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libudev1-249.16-150400.8.35.5 * systemd-coredump-debuginfo-249.16-150400.8.35.5 * systemd-doc-249.16-150400.8.35.5 * udev-249.16-150400.8.35.5 * systemd-devel-249.16-150400.8.35.5 * systemd-container-debuginfo-249.16-150400.8.35.5 * systemd-container-249.16-150400.8.35.5 * systemd-coredump-249.16-150400.8.35.5 * libsystemd0-249.16-150400.8.35.5 * libsystemd0-debuginfo-249.16-150400.8.35.5 * udev-debuginfo-249.16-150400.8.35.5 * systemd-249.16-150400.8.35.5 * libudev1-debuginfo-249.16-150400.8.35.5 * systemd-debuginfo-249.16-150400.8.35.5 * systemd-sysvinit-249.16-150400.8.35.5 * systemd-debugsource-249.16-150400.8.35.5 * Basesystem Module 15-SP5 (noarch) * systemd-lang-249.16-150400.8.35.5 * Basesystem Module 15-SP5 (x86_64) * libsystemd0-32bit-debuginfo-249.16-150400.8.35.5 * libsystemd0-32bit-249.16-150400.8.35.5 * systemd-32bit-debuginfo-249.16-150400.8.35.5 * libudev1-32bit-249.16-150400.8.35.5 * libudev1-32bit-debuginfo-249.16-150400.8.35.5 * systemd-32bit-249.16-150400.8.35.5 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * systemd-network-249.16-150400.8.35.5 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * systemd-network-249.16-150400.8.35.5 * systemd-network-debuginfo-249.16-150400.8.35.5 * systemd-debugsource-249.16-150400.8.35.5 * systemd-debuginfo-249.16-150400.8.35.5 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215313 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Sat Oct 21 07:01:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 21 Oct 2023 09:01:27 +0200 (CEST) Subject: SUSE-CU-2023:3480-1: Security update of rancher/elemental-teal-iso/5.4 Message-ID: <20231021070127.427E3F417@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-teal-iso/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3480-1 Container Tags : rancher/elemental-teal-iso/5.4:1.2.3 , rancher/elemental-teal-iso/5.4:1.2.3-4.5.2 , rancher/elemental-teal-iso/5.4:latest Container Release : 4.5.2 Severity : important Type : security References : 1211078 1211829 1212819 1212910 1214052 1214458 1214768 1215026 1215215 1215286 1215713 1215888 1215889 1215891 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 CVE-2023-35945 CVE-2023-38039 CVE-2023-38545 CVE-2023-38546 CVE-2023-39615 CVE-2023-4039 CVE-2023-4813 ----------------------------------------------------------------- The container rancher/elemental-teal-iso/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3699-1 Released: Wed Sep 20 11:02:50 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3814-1 Released: Wed Sep 27 18:08:17 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1211829,1212819,1212910 This update for glibc fixes the following issues: - nscd: Fix netlink cache invalidation if epoll is used (bsc#1212910, BZ #29415) - Restore lookup of IPv4 mapped addresses in files database (bsc#1212819, BZ #25457) - elf: Remove excessive p_align check on PT_LOAD segments (bsc#1211829, BZ #28688) - elf: Properly align PT_LOAD segments (bsc#1211829, BZ #28676) - ld.so: Always use MAP_COPY to map the first segment (BZ #30452) - add GB18030-2022 charmap (jsc#PED-4908, BZ #30243) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3823-1 Released: Wed Sep 27 18:42:38 2023 Summary: Security update for curl Type: security Severity: important References: 1215026,CVE-2023-38039 This update for curl fixes the following issues: - CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. (bsc#1215026) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3856-1 Released: Thu Sep 28 09:42:16 2023 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1214458 This update for apparmor fixes the following issues: - Update zgrep profile to allow egrep helper use (bsc#1214458) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4122-1 Released: Thu Oct 19 08:24:34 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4138-1 Released: Thu Oct 19 17:15:38 2023 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: This update for systemd-rpm-macros fixes the following issues: - Switch to `systemd-hwdb` tool when updating the HW database. It's been introduced in systemd v219 and replaces the deprecated command `udevadm hwdb`. The following package changes have been done: - glibc-2.31-150300.63.1 updated - libnghttp2-14-1.40.0-150200.9.1 updated - libeconf0-0.5.2-150400.3.6.1 updated - libapparmor1-3.0.4-150400.5.9.1 updated - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - libxml2-2-2.9.14-150400.5.22.1 updated - login_defs-4.8.1-150400.3.3.1 updated - glibc-locale-base-2.31-150300.63.1 updated - systemd-rpm-macros-14-150000.7.36.1 updated - libopenssl1_1-1.1.1l-150400.7.57.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - shadow-4.8.1-150400.3.3.1 updated - sysuser-shadow-3.2-150400.3.5.3 updated From sle-updates at lists.suse.com Sat Oct 21 07:01:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 21 Oct 2023 09:01:29 +0200 (CEST) Subject: SUSE-CU-2023:3482-1: Security update of rancher/elemental-teal-rt/5.4 Message-ID: <20231021070129.98FB2F417@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-teal-rt/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3482-1 Container Tags : rancher/elemental-teal-rt/5.4:1.2.3 , rancher/elemental-teal-rt/5.4:1.2.3-2.2.19 , rancher/elemental-teal-rt/5.4:latest Container Release : 2.2.19 Severity : important Type : security References : 1201066 1205767 1210335 1211078 1211829 1212819 1212910 1213428 1214052 1214458 1214768 1215026 1215064 1215215 1215286 1215713 1215888 1215889 1215891 CVE-2023-1829 CVE-2023-22652 CVE-2023-23559 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 CVE-2023-35945 CVE-2023-38039 CVE-2023-38545 CVE-2023-38546 CVE-2023-39615 CVE-2023-4039 CVE-2023-4813 ----------------------------------------------------------------- The container rancher/elemental-teal-rt/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3663-1 Released: Mon Sep 18 21:49:09 2023 Summary: Recommended update for perl-Bootloader Type: recommended Severity: important References: 1215064 This update for perl-Bootloader fixes the following issues: - bootloader_entry script can have an optional 'force-default' argument (bsc#1215064) - skip warning about unsupported options when in compat mode ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3699-1 Released: Wed Sep 20 11:02:50 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3814-1 Released: Wed Sep 27 18:08:17 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1211829,1212819,1212910 This update for glibc fixes the following issues: - nscd: Fix netlink cache invalidation if epoll is used (bsc#1212910, BZ #29415) - Restore lookup of IPv4 mapped addresses in files database (bsc#1212819, BZ #25457) - elf: Remove excessive p_align check on PT_LOAD segments (bsc#1211829, BZ #28688) - elf: Properly align PT_LOAD segments (bsc#1211829, BZ #28676) - ld.so: Always use MAP_COPY to map the first segment (BZ #30452) - add GB18030-2022 charmap (jsc#PED-4908, BZ #30243) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3823-1 Released: Wed Sep 27 18:42:38 2023 Summary: Security update for curl Type: security Severity: important References: 1215026,CVE-2023-38039 This update for curl fixes the following issues: - CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. (bsc#1215026) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3856-1 Released: Thu Sep 28 09:42:16 2023 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1214458 This update for apparmor fixes the following issues: - Update zgrep profile to allow egrep helper use (bsc#1214458) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3986-1 Released: Thu Oct 5 14:07:58 2023 Summary: Recommended update for suse-module-tools Type: recommended Severity: important References: 1201066,1213428 This update for suse-module-tools fixes the following issues: - Update to version 15.4.17: * cert-script: warn only once about non-writable efivarfs * cert-script: skip cert handling if efivarfs is not writable (bsc#1213428, bsc#1201066) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4122-1 Released: Thu Oct 19 08:24:34 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4135-1 Released: Thu Oct 19 14:14:23 2023 Summary: Security update for suse-module-tools Type: security Severity: important References: 1205767,1210335,CVE-2023-1829,CVE-2023-23559 This update for suse-module-tools fixes the following issues: - Updated to version 15.4.18: - CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier module (bsc#1210335). - CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules (bsc#1205767, jsc#PED-5731). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4138-1 Released: Thu Oct 19 17:15:38 2023 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: This update for systemd-rpm-macros fixes the following issues: - Switch to `systemd-hwdb` tool when updating the HW database. It's been introduced in systemd v219 and replaces the deprecated command `udevadm hwdb`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4151-1 Released: Fri Oct 20 17:19:18 2023 Summary: Recommended update for build-iso, elemental, elemental-operator, elemental-operator-crds-helm, elemental-operator-helm, elemental-system-agent, operator-image, seedimage-builder, teal-channel-image, teal-rt-channel-image Type: recommended Severity: moderate References: This update for build-iso, elemental, elemental-operator, elemental-operator-crds-helm, elemental-operator-helm, elemental-system-agent, operator-image, seedimage-builder, teal-channel-image, teal-rt-channel-image fixes the following issues: - Update build-iso to version 1.2.3: * Include system agent unit file in specfile - Update to version 1.3.5: * Use the proper format for command arguments * Prevent recalling bootstrap.sh on 'systemctl restart elemental-system-agent' * Small refactor to centralize registration config checks * Ensure Elemental registration data includes the registration URL * Remove --debug flag from helm pull * Attempt to use charts from PR project in e2e tests * Publish OBS charts to gh-pages * Apply a regex on tags to match the same criteria as in OBS * Publish all OBS repositories on PRs * Fix repository url * Use OBS PR builds for the e2e tests * Build and publish charts for OBS/IBS artifacts in gh-pages - Update to elemental-operator version 1.3.5 - Remove the systemd unit file as this is now included as part of elemental package The following package changes have been done: - glibc-2.31-150300.63.1 updated - libnghttp2-14-1.40.0-150200.9.1 updated - libeconf0-0.5.2-150400.3.6.1 updated - libapparmor1-3.0.4-150400.5.9.1 updated - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - elemental-system-agent-0.3.3-150400.4.3.1 updated - elemental-updater-1.2.3-150400.3.3.1 updated - libxml2-2-2.9.14-150400.5.22.1 updated - login_defs-4.8.1-150400.3.3.1 updated - glibc-locale-base-2.31-150300.63.1 updated - systemd-rpm-macros-14-150000.7.36.1 updated - perl-Bootloader-0.945-150400.3.9.1 updated - libopenssl1_1-1.1.1l-150400.7.57.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - shadow-4.8.1-150400.3.3.1 updated - sysuser-shadow-3.2-150400.3.5.3 updated - suse-module-tools-15.4.18-150400.3.14.1 updated - elemental-register-1.3.5-150400.4.3.1 updated - elemental-support-1.3.5-150400.4.3.1 updated - elemental-1.2.3-150400.3.3.1 updated From sle-updates at lists.suse.com Sat Oct 21 07:01:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 21 Oct 2023 09:01:30 +0200 (CEST) Subject: SUSE-CU-2023:3483-1: Security update of rancher/elemental-teal/5.4 Message-ID: <20231021070130.E7A43F417@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-teal/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3483-1 Container Tags : rancher/elemental-teal/5.4:1.2.3 , rancher/elemental-teal/5.4:1.2.3-3.2.19 , rancher/elemental-teal/5.4:latest Container Release : 3.2.19 Severity : important Type : security References : 1201066 1205767 1210335 1211078 1211829 1212819 1212910 1213428 1214052 1214458 1214768 1215026 1215064 1215215 1215286 1215713 1215888 1215889 1215891 CVE-2023-1829 CVE-2023-22652 CVE-2023-23559 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 CVE-2023-35945 CVE-2023-38039 CVE-2023-38545 CVE-2023-38546 CVE-2023-39615 CVE-2023-4039 CVE-2023-4813 ----------------------------------------------------------------- The container rancher/elemental-teal/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3663-1 Released: Mon Sep 18 21:49:09 2023 Summary: Recommended update for perl-Bootloader Type: recommended Severity: important References: 1215064 This update for perl-Bootloader fixes the following issues: - bootloader_entry script can have an optional 'force-default' argument (bsc#1215064) - skip warning about unsupported options when in compat mode ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3699-1 Released: Wed Sep 20 11:02:50 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3814-1 Released: Wed Sep 27 18:08:17 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1211829,1212819,1212910 This update for glibc fixes the following issues: - nscd: Fix netlink cache invalidation if epoll is used (bsc#1212910, BZ #29415) - Restore lookup of IPv4 mapped addresses in files database (bsc#1212819, BZ #25457) - elf: Remove excessive p_align check on PT_LOAD segments (bsc#1211829, BZ #28688) - elf: Properly align PT_LOAD segments (bsc#1211829, BZ #28676) - ld.so: Always use MAP_COPY to map the first segment (BZ #30452) - add GB18030-2022 charmap (jsc#PED-4908, BZ #30243) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3823-1 Released: Wed Sep 27 18:42:38 2023 Summary: Security update for curl Type: security Severity: important References: 1215026,CVE-2023-38039 This update for curl fixes the following issues: - CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. (bsc#1215026) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3856-1 Released: Thu Sep 28 09:42:16 2023 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1214458 This update for apparmor fixes the following issues: - Update zgrep profile to allow egrep helper use (bsc#1214458) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3986-1 Released: Thu Oct 5 14:07:58 2023 Summary: Recommended update for suse-module-tools Type: recommended Severity: important References: 1201066,1213428 This update for suse-module-tools fixes the following issues: - Update to version 15.4.17: * cert-script: warn only once about non-writable efivarfs * cert-script: skip cert handling if efivarfs is not writable (bsc#1213428, bsc#1201066) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4122-1 Released: Thu Oct 19 08:24:34 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4135-1 Released: Thu Oct 19 14:14:23 2023 Summary: Security update for suse-module-tools Type: security Severity: important References: 1205767,1210335,CVE-2023-1829,CVE-2023-23559 This update for suse-module-tools fixes the following issues: - Updated to version 15.4.18: - CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier module (bsc#1210335). - CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules (bsc#1205767, jsc#PED-5731). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4138-1 Released: Thu Oct 19 17:15:38 2023 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: This update for systemd-rpm-macros fixes the following issues: - Switch to `systemd-hwdb` tool when updating the HW database. It's been introduced in systemd v219 and replaces the deprecated command `udevadm hwdb`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4151-1 Released: Fri Oct 20 17:19:18 2023 Summary: Recommended update for build-iso, elemental, elemental-operator, elemental-operator-crds-helm, elemental-operator-helm, elemental-system-agent, operator-image, seedimage-builder, teal-channel-image, teal-rt-channel-image Type: recommended Severity: moderate References: This update for build-iso, elemental, elemental-operator, elemental-operator-crds-helm, elemental-operator-helm, elemental-system-agent, operator-image, seedimage-builder, teal-channel-image, teal-rt-channel-image fixes the following issues: - Update build-iso to version 1.2.3: * Include system agent unit file in specfile - Update to version 1.3.5: * Use the proper format for command arguments * Prevent recalling bootstrap.sh on 'systemctl restart elemental-system-agent' * Small refactor to centralize registration config checks * Ensure Elemental registration data includes the registration URL * Remove --debug flag from helm pull * Attempt to use charts from PR project in e2e tests * Publish OBS charts to gh-pages * Apply a regex on tags to match the same criteria as in OBS * Publish all OBS repositories on PRs * Fix repository url * Use OBS PR builds for the e2e tests * Build and publish charts for OBS/IBS artifacts in gh-pages - Update to elemental-operator version 1.3.5 - Remove the systemd unit file as this is now included as part of elemental package The following package changes have been done: - glibc-2.31-150300.63.1 updated - libnghttp2-14-1.40.0-150200.9.1 updated - libeconf0-0.5.2-150400.3.6.1 updated - libapparmor1-3.0.4-150400.5.9.1 updated - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - elemental-register-1.3.5-150400.4.3.1 updated - elemental-support-1.3.5-150400.4.3.1 updated - elemental-system-agent-0.3.3-150400.4.3.1 updated - elemental-updater-1.2.3-150400.3.3.1 updated - libxml2-2-2.9.14-150400.5.22.1 updated - login_defs-4.8.1-150400.3.3.1 updated - glibc-locale-base-2.31-150300.63.1 updated - systemd-rpm-macros-14-150000.7.36.1 updated - perl-Bootloader-0.945-150400.3.9.1 updated - libopenssl1_1-1.1.1l-150400.7.57.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - shadow-4.8.1-150400.3.3.1 updated - sysuser-shadow-3.2-150400.3.5.3 updated - suse-module-tools-15.4.18-150400.3.14.1 updated - elemental-1.2.3-150400.3.3.1 updated From sle-updates at lists.suse.com Sat Oct 21 07:01:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 21 Oct 2023 09:01:32 +0200 (CEST) Subject: SUSE-CU-2023:3484-1: Security update of rancher/elemental-operator Message-ID: <20231021070132.1FA57F417@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3484-1 Container Tags : rancher/elemental-operator:1.3.5 , rancher/elemental-operator:1.3.5-4.5.1 , rancher/elemental-operator:latest Container Release : 4.5.1 Severity : important Type : security References : 1211078 1211829 1212819 1212910 1214052 1214768 1214806 1215026 1215713 1215888 1215889 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 CVE-2023-35945 CVE-2023-38039 CVE-2023-38545 CVE-2023-38546 CVE-2023-39615 CVE-2023-4039 CVE-2023-4641 ----------------------------------------------------------------- The container rancher/elemental-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3699-1 Released: Wed Sep 20 11:02:50 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3814-1 Released: Wed Sep 27 18:08:17 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1211829,1212819,1212910 This update for glibc fixes the following issues: - nscd: Fix netlink cache invalidation if epoll is used (bsc#1212910, BZ #29415) - Restore lookup of IPv4 mapped addresses in files database (bsc#1212819, BZ #25457) - elf: Remove excessive p_align check on PT_LOAD segments (bsc#1211829, BZ #28688) - elf: Properly align PT_LOAD segments (bsc#1211829, BZ #28676) - ld.so: Always use MAP_COPY to map the first segment (BZ #30452) - add GB18030-2022 charmap (jsc#PED-4908, BZ #30243) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3823-1 Released: Wed Sep 27 18:42:38 2023 Summary: Security update for curl Type: security Severity: important References: 1215026,CVE-2023-38039 This update for curl fixes the following issues: - CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. (bsc#1215026) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) The following package changes have been done: - glibc-2.31-150300.58.1 updated - libnghttp2-14-1.40.0-150200.9.1 updated - libeconf0-0.5.2-150400.3.6.1 updated - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - libxml2-2-2.9.14-150400.5.22.1 updated - login_defs-4.8.1-150400.10.12.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - shadow-4.8.1-150400.10.12.1 updated - sysuser-shadow-3.2-150400.3.5.3 updated From sle-updates at lists.suse.com Sat Oct 21 07:01:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 21 Oct 2023 09:01:33 +0200 (CEST) Subject: SUSE-CU-2023:3485-1: Security update of rancher/seedimage-builder Message-ID: <20231021070133.524DEF417@maintenance.suse.de> SUSE Container Update Advisory: rancher/seedimage-builder ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3485-1 Container Tags : rancher/seedimage-builder:1.3.5 , rancher/seedimage-builder:1.3.5-4.5.1 , rancher/seedimage-builder:latest Container Release : 4.5.1 Severity : important Type : security References : 1211078 1211829 1212819 1212910 1214052 1214768 1214806 1215026 1215713 1215888 1215889 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 CVE-2023-35945 CVE-2023-38039 CVE-2023-38545 CVE-2023-38546 CVE-2023-39615 CVE-2023-4039 CVE-2023-4641 ----------------------------------------------------------------- The container rancher/seedimage-builder was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3699-1 Released: Wed Sep 20 11:02:50 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3814-1 Released: Wed Sep 27 18:08:17 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1211829,1212819,1212910 This update for glibc fixes the following issues: - nscd: Fix netlink cache invalidation if epoll is used (bsc#1212910, BZ #29415) - Restore lookup of IPv4 mapped addresses in files database (bsc#1212819, BZ #25457) - elf: Remove excessive p_align check on PT_LOAD segments (bsc#1211829, BZ #28688) - elf: Properly align PT_LOAD segments (bsc#1211829, BZ #28676) - ld.so: Always use MAP_COPY to map the first segment (BZ #30452) - add GB18030-2022 charmap (jsc#PED-4908, BZ #30243) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3823-1 Released: Wed Sep 27 18:42:38 2023 Summary: Security update for curl Type: security Severity: important References: 1215026,CVE-2023-38039 This update for curl fixes the following issues: - CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. (bsc#1215026) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) The following package changes have been done: - glibc-2.31-150300.58.1 updated - libnghttp2-14-1.40.0-150200.9.1 updated - libeconf0-0.5.2-150400.3.6.1 updated - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - libxml2-2-2.9.14-150400.5.22.1 updated - login_defs-4.8.1-150400.10.12.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - shadow-4.8.1-150400.10.12.1 updated - sysuser-shadow-3.2-150400.3.5.3 updated - curl-8.0.1-150400.5.32.1 updated From sle-updates at lists.suse.com Sat Oct 21 07:03:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 21 Oct 2023 09:03:09 +0200 (CEST) Subject: SUSE-CU-2023:3490-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20231021070309.5443FF417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3490-1 Container Tags : suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.79 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.79 Severity : important Type : security References : 1205767 1210335 CVE-2023-1829 CVE-2023-23559 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4136-1 Released: Thu Oct 19 14:15:02 2023 Summary: Security update for suse-module-tools Type: security Severity: important References: 1205767,1210335,CVE-2023-1829,CVE-2023-23559 This update for suse-module-tools fixes the following issues: - Update to version 15.5.3: - CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier module (bsc#1210335). - CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules (bsc#1205767, jsc#PED-5731). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4138-1 Released: Thu Oct 19 17:15:38 2023 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: This update for systemd-rpm-macros fixes the following issues: - Switch to `systemd-hwdb` tool when updating the HW database. It's been introduced in systemd v219 and replaces the deprecated command `udevadm hwdb`. The following package changes have been done: - suse-module-tools-15.5.3-150500.3.6.1 updated - systemd-rpm-macros-14-150000.7.36.1 updated From sle-updates at lists.suse.com Sat Oct 21 07:03:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 21 Oct 2023 09:03:44 +0200 (CEST) Subject: SUSE-CU-2023:3491-1: Recommended update of bci/dotnet-aspnet Message-ID: <20231021070344.4A7BBF417@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3491-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-16.6 , bci/dotnet-aspnet:6.0.23 , bci/dotnet-aspnet:6.0.23-16.6 Container Release : 16.6 Severity : moderate Type : recommended References : 1107342 1215313 1215434 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) The following package changes have been done: - libsystemd0-249.16-150400.8.35.5 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - container:sles15-image-15.0.0-36.5.46 updated From sle-updates at lists.suse.com Sat Oct 21 07:03:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 21 Oct 2023 09:03:54 +0200 (CEST) Subject: SUSE-CU-2023:3492-1: Recommended update of bci/dotnet-aspnet Message-ID: <20231021070354.A497DF417@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3492-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-16.6 , bci/dotnet-aspnet:7.0.12 , bci/dotnet-aspnet:7.0.12-16.6 , bci/dotnet-aspnet:latest Container Release : 16.6 Severity : moderate Type : recommended References : 1107342 1215313 1215434 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) The following package changes have been done: - libsystemd0-249.16-150400.8.35.5 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - container:sles15-image-15.0.0-36.5.46 updated From sle-updates at lists.suse.com Sat Oct 21 07:04:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 21 Oct 2023 09:04:06 +0200 (CEST) Subject: SUSE-CU-2023:3493-1: Recommended update of bci/dotnet-sdk Message-ID: <20231021070406.0E44FF417@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3493-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-15.6 , bci/dotnet-sdk:6.0.23 , bci/dotnet-sdk:6.0.23-15.6 Container Release : 15.6 Severity : moderate Type : recommended References : 1107342 1215313 1215434 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) The following package changes have been done: - libsystemd0-249.16-150400.8.35.5 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - container:sles15-image-15.0.0-36.5.46 updated From sle-updates at lists.suse.com Sat Oct 21 07:04:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 21 Oct 2023 09:04:20 +0200 (CEST) Subject: SUSE-CU-2023:3494-1: Recommended update of bci/dotnet-sdk Message-ID: <20231021070420.9D1B3F417@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3494-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-17.6 , bci/dotnet-sdk:7.0.12 , bci/dotnet-sdk:7.0.12-17.6 , bci/dotnet-sdk:latest Container Release : 17.6 Severity : moderate Type : recommended References : 1107342 1215313 1215434 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) The following package changes have been done: - libsystemd0-249.16-150400.8.35.5 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - container:sles15-image-15.0.0-36.5.46 updated From sle-updates at lists.suse.com Sat Oct 21 07:04:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 21 Oct 2023 09:04:31 +0200 (CEST) Subject: SUSE-CU-2023:3495-1: Recommended update of bci/dotnet-runtime Message-ID: <20231021070431.EB917F417@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3495-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-17.6 , bci/dotnet-runtime:7.0.12 , bci/dotnet-runtime:7.0.12-17.6 , bci/dotnet-runtime:latest Container Release : 17.6 Severity : moderate Type : recommended References : 1107342 1215313 1215434 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) The following package changes have been done: - libsystemd0-249.16-150400.8.35.5 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - container:sles15-image-15.0.0-36.5.46 updated From sle-updates at lists.suse.com Sat Oct 21 14:52:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 21 Oct 2023 16:52:04 +0200 (CEST) Subject: SUSE-CU-2023:3497-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20231021145204.9E2D3F417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3497-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.238 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.238 Severity : important Type : security References : 1205767 1210335 1215286 1215313 1215891 CVE-2023-1829 CVE-2023-23559 CVE-2023-4813 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4135-1 Released: Thu Oct 19 14:14:23 2023 Summary: Security update for suse-module-tools Type: security Severity: important References: 1205767,1210335,CVE-2023-1829,CVE-2023-23559 This update for suse-module-tools fixes the following issues: - Updated to version 15.4.18: - CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier module (bsc#1210335). - CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules (bsc#1205767, jsc#PED-5731). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4138-1 Released: Thu Oct 19 17:15:38 2023 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: This update for systemd-rpm-macros fixes the following issues: - Switch to `systemd-hwdb` tool when updating the HW database. It's been introduced in systemd v219 and replaces the deprecated command `udevadm hwdb`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) The following package changes have been done: - glibc-locale-base-2.31-150300.63.1 updated - glibc-locale-2.31-150300.63.1 updated - suse-module-tools-15.4.18-150400.3.14.1 updated - systemd-rpm-macros-14-150000.7.36.1 updated - systemd-249.16-150400.8.35.5 updated From sle-updates at lists.suse.com Sat Oct 21 14:52:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 21 Oct 2023 16:52:30 +0200 (CEST) Subject: SUSE-CU-2023:3498-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20231021145230.32B41F417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3498-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.135 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.135 Severity : important Type : security References : 1205767 1210335 1215313 CVE-2023-1829 CVE-2023-23559 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4135-1 Released: Thu Oct 19 14:14:23 2023 Summary: Security update for suse-module-tools Type: security Severity: important References: 1205767,1210335,CVE-2023-1829,CVE-2023-23559 This update for suse-module-tools fixes the following issues: - Updated to version 15.4.18: - CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier module (bsc#1210335). - CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules (bsc#1205767, jsc#PED-5731). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4138-1 Released: Thu Oct 19 17:15:38 2023 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: This update for systemd-rpm-macros fixes the following issues: - Switch to `systemd-hwdb` tool when updating the HW database. It's been introduced in systemd v219 and replaces the deprecated command `udevadm hwdb`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) The following package changes have been done: - suse-module-tools-15.4.18-150400.3.14.1 updated - systemd-rpm-macros-14-150000.7.36.1 updated - systemd-249.16-150400.8.35.5 updated From sle-updates at lists.suse.com Sat Oct 21 14:52:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 21 Oct 2023 16:52:39 +0200 (CEST) Subject: SUSE-CU-2023:3499-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20231021145239.84C7EF417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3499-1 Container Tags : suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.80 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.80 Severity : moderate Type : recommended References : 1215313 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) The following package changes have been done: - systemd-249.16-150400.8.35.5 updated From sle-updates at lists.suse.com Sat Oct 21 14:53:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 21 Oct 2023 16:53:15 +0200 (CEST) Subject: SUSE-CU-2023:3500-1: Recommended update of bci/dotnet-runtime Message-ID: <20231021145315.9C9E2F417@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3500-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-15.6 , bci/dotnet-runtime:6.0.23 , bci/dotnet-runtime:6.0.23-15.6 Container Release : 15.6 Severity : moderate Type : recommended References : 1107342 1215313 1215434 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) The following package changes have been done: - libsystemd0-249.16-150400.8.35.5 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - container:sles15-image-15.0.0-36.5.46 updated From sle-updates at lists.suse.com Mon Oct 23 07:02:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Oct 2023 09:02:45 +0200 (CEST) Subject: SUSE-CU-2023:3501-1: Security update of suse/sle15 Message-ID: <20231023070245.82D9AF417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3501-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.199 , suse/sle15:15.3 , suse/sle15:15.3.17.20.199 Container Release : 17.20.199 Severity : important Type : security References : 1107342 1212475 1215286 1215434 1215891 CVE-2023-4813 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4125-1 Released: Thu Oct 19 09:34:58 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - container-suseconnect-2.4.0-150000.4.40.2 updated - glibc-2.31-150300.63.1 updated From sle-updates at lists.suse.com Mon Oct 23 07:02:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Oct 2023 09:02:56 +0200 (CEST) Subject: SUSE-CU-2023:3502-1: Security update of suse/postgres Message-ID: <20231023070256.7790FF417@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3502-1 Container Tags : suse/postgres:14 , suse/postgres:14-23.9 , suse/postgres:14.9 , suse/postgres:14.9-23.9 Container Release : 23.9 Severity : important Type : security References : 1107342 1215215 1215286 1215313 1215434 1215891 CVE-2023-4813 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4122-1 Released: Thu Oct 19 08:24:34 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) The following package changes have been done: - glibc-2.31-150300.63.1 updated - libudev1-249.16-150400.8.35.5 updated - libsystemd0-249.16-150400.8.35.5 updated - libopenssl1_1-1.1.1l-150400.7.57.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.57.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - glibc-locale-base-2.31-150300.63.1 updated - glibc-locale-2.31-150300.63.1 updated - systemd-249.16-150400.8.35.5 updated - container:sles15-image-15.0.0-27.14.111 updated From sle-updates at lists.suse.com Mon Oct 23 07:03:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Oct 2023 09:03:28 +0200 (CEST) Subject: SUSE-CU-2023:3503-1: Security update of bci/python Message-ID: <20231023070328.22066F417@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3503-1 Container Tags : bci/python:3 , bci/python:3-16.9 , bci/python:3.10 , bci/python:3.10-16.9 Container Release : 16.9 Severity : important Type : security References : 1107342 1215215 1215286 1215313 1215434 1215891 CVE-2023-4813 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4122-1 Released: Thu Oct 19 08:24:34 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) The following package changes have been done: - glibc-2.31-150300.63.1 updated - libsystemd0-249.16-150400.8.35.5 updated - libopenssl1_1-1.1.1l-150400.7.57.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.57.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - openssl-1_1-1.1.1l-150400.7.57.1 updated - container:sles15-image-15.0.0-27.14.111 updated From sle-updates at lists.suse.com Mon Oct 23 07:03:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Oct 2023 09:03:53 +0200 (CEST) Subject: SUSE-CU-2023:3504-1: Security update of suse/sle15 Message-ID: <20231023070353.9A1A2F417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3504-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.111 , suse/sle15:15.4 , suse/sle15:15.4.27.14.111 Container Release : 27.14.111 Severity : important Type : security References : 1107342 1212475 1215215 1215286 1215313 1215434 1215891 CVE-2023-4813 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4122-1 Released: Thu Oct 19 08:24:34 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4125-1 Released: Thu Oct 19 09:34:58 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - container-suseconnect-2.4.0-150000.4.40.2 updated - glibc-2.31-150300.63.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.57.1 updated - libopenssl1_1-1.1.1l-150400.7.57.1 updated - libsystemd0-249.16-150400.8.35.5 updated - libudev1-249.16-150400.8.35.5 updated - openssl-1_1-1.1.1l-150400.7.57.1 updated - rpm-ndb-4.14.3-150400.59.3.1 updated From sle-updates at lists.suse.com Mon Oct 23 07:04:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Oct 2023 09:04:03 +0200 (CEST) Subject: SUSE-CU-2023:3505-1: Security update of suse/389-ds Message-ID: <20231023070403.209B0F417@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3505-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-16.20 , suse/389-ds:latest Container Release : 16.20 Severity : important Type : security References : 1107342 1215215 1215286 1215313 1215434 1215891 CVE-2023-4813 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4105-1 Released: Wed Oct 18 08:15:40 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) The following package changes have been done: - glibc-2.31-150300.63.1 updated - libsystemd0-249.16-150400.8.35.5 updated - libopenssl1_1-1.1.1l-150500.17.19.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.19.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - openssl-1_1-1.1.1l-150500.17.19.1 updated - container:sles15-image-15.0.0-36.5.46 updated From sle-updates at lists.suse.com Mon Oct 23 07:04:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Oct 2023 09:04:11 +0200 (CEST) Subject: SUSE-CU-2023:3506-1: Security update of bci/golang Message-ID: <20231023070411.AA29EF417@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3506-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-2.4.22 , bci/golang:oldstable , bci/golang:oldstable-2.4.22 Container Release : 4.22 Severity : important Type : security References : 1107342 1206346 1215215 1215286 1215313 1215434 1215891 1216109 CVE-2023-39325 CVE-2023-44487 CVE-2023-4813 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4068-1 Released: Fri Oct 13 10:06:38 2023 Summary: Security update for go1.20 Type: security Severity: important References: 1206346,1216109,CVE-2023-39325,CVE-2023-44487 This update for go1.20 fixes the following issues: - Update to go1.20.10 (bsc#1206346) - CVE-2023-39325: Fixed a flaw that can lead to a DoS due to a rapid stream resets causing excessive work. This is also known as CVE-2023-44487. (bsc#1216109) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4105-1 Released: Wed Oct 18 08:15:40 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) The following package changes have been done: - glibc-2.31-150300.63.1 updated - libsystemd0-249.16-150400.8.35.5 updated - libopenssl1_1-1.1.1l-150500.17.19.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.19.1 updated - rpm-ndb-4.14.3-150400.59.3.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - go1.20-doc-1.20.10-150000.1.29.1 updated - glibc-devel-2.31-150300.63.1 updated - go1.20-1.20.10-150000.1.29.1 updated - go1.20-race-1.20.10-150000.1.29.1 updated - container:sles15-image-15.0.0-36.5.46 updated From sle-updates at lists.suse.com Mon Oct 23 07:04:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Oct 2023 09:04:14 +0200 (CEST) Subject: SUSE-CU-2023:3507-1: Security update of bci/golang Message-ID: <20231023070414.C6EC4F417@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3507-1 Container Tags : bci/golang:1.19-openssl , bci/golang:1.19-openssl-7.21 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-7.21 Container Release : 7.21 Severity : important Type : security References : 1107342 1215215 1215286 1215313 1215434 1215891 CVE-2023-4813 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4105-1 Released: Wed Oct 18 08:15:40 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) The following package changes have been done: - glibc-2.31-150300.63.1 updated - libsystemd0-249.16-150400.8.35.5 updated - libopenssl1_1-1.1.1l-150500.17.19.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.19.1 updated - rpm-ndb-4.14.3-150400.59.3.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - openssl-1_1-1.1.1l-150500.17.19.1 updated - glibc-devel-2.31-150300.63.1 updated - libopenssl-1_1-devel-1.1.1l-150500.17.19.1 updated - container:sles15-image-15.0.0-36.5.46 updated From sle-updates at lists.suse.com Mon Oct 23 07:04:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Oct 2023 09:04:16 +0200 (CEST) Subject: SUSE-CU-2023:3508-1: Security update of suse/helm Message-ID: <20231023070416.1E24BF417@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3508-1 Container Tags : suse/helm:3.13 , suse/helm:3.13-3.6 , suse/helm:latest Container Release : 3.6 Severity : important Type : security References : 1183043 1215215 1215286 1215588 1215711 1215891 CVE-2022-41723 CVE-2023-25173 CVE-2023-4813 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4105-1 Released: Wed Oct 18 08:15:40 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4124-1 Released: Thu Oct 19 09:32:26 2023 Summary: Security update for helm Type: security Severity: important References: 1183043,1215588,1215711,CVE-2022-41723,CVE-2023-25173 This update for helm fixes the following issues: helm was updated to version 3.13.1: * Fixing precedence issue with the import of values. * Add missing with clause to release gh action * FIX Default ServiceAccount yaml * fix(registry): unswallow error * remove useless print during prepareUpgrade * fix(registry): address anonymous pull issue * Fix missing run statement on release action * Write latest version to get.helm.sh bucket * Increased release information key name max length. helm was updated to version 3.13.0 (bsc#1215588): * Fix leaking goroutines in Install * Update Helm to use k8s 1.28.2 libraries * make the dependabot k8s.io group explicit * use dependabot's group support for k8s.io dependencies * doc:Executing helm rollback release 0 will roll back to the previous release * Use labels instead of selectorLabels for pod labels * fix(helm): fix GetPodLogs, the hooks should be sorted before get the logs of each hook * chore: HTTPGetter add default timeout * Avoid nil dereference if passing a nil resolver * Add required changes after merge * Fix #3352, add support for --ignore-not-found just like kubectl delete * Fix helm may identify achieve of the application/x-gzip as application/vnd.ms-fontobject * Restore `helm get metadata` command * Revert 'Add `helm get metadata` command' * test: replace `ensure.TempDir` with `t.TempDir` * use json api url + report curl/wget error on fail * Added error in case try to supply custom label with name of system label during install/upgrade * fix(main): fix basic auth for helm pull or push * cmd: support generating index in JSON format * repo: detect JSON and unmarshal efficiently * Tweaking new dry-run internal handling * bump kubernetes modules to v0.27.3 * Remove warning for template directory not found. * Added tests for created OCI annotation time format * Add created OCI annotation * Fix multiple bugs in values handling * chore: fix a typo in `manager.go` * add GetRegistryClient method * oci: add tests for plain HTTP and insecure HTTPS registries * oci: Add flag `--plain-http` to enable working with HTTP registries * docs: add an example for using the upgrade command with existing values * Replace `fmt.Fprintf` with `fmt.Fprint` in get_metadata.go * Replace `fmt.Fprintln` with `fmt.Fprintf` in get_metadata.go * update kubernetes dependencies from v0.27.0 to v0.27.1 * Add ClientOptResolver to test util file * Check that missing keys are still handled in tpl * tests: change crd golden file to match after #11870 * Adding details on the Factory interface * update autoscaling/v2beta1 to autoscaling/v2 in skeleton chart * feat(helm): add ability for --dry-run to do lookup functions When a helm command is run with the --dry-run flag, it will try to connect to the cluster to be able to render lookup functions. Closes #8137 * bugfix:(#11391) helm lint infinite loop when malformed template object * pkg/engine: fix nil-dereference * pkg/chartutil: fix nil-dereference * pkg/action: fix nil-dereference * full source path when output-dir is not provided * added Contributing.md section and ref link in the README * feat(helm): add ability for --dry-run to do lookup functions When a helm command is run with the --dry-run flag, it will try to connect to the cluster if the value is 'server' to be able to render lookup functions. Closes #8137 * feat(helm): add ability for --dry-run to do lookup functions * Add `CHART`, `VERSION` and `APP_VERSION` fields to `get all` command output * Adjust `get` command description to account metadata * add volumes and volumeMounts in chartutil * Seed a default switch to control `automountServiceAccountToken` * Avoid confusing error when passing in '--version X.Y.Z' * Add `helm get metadata` command * Use wrapped error so that ErrNoObjectsVisited can be compared after return. * Add exact version test. * strict file permissions of repository.yaml * Check redefinition of define and include in tpl * Check that `.Template` is passed through `tpl` * Make sure empty `tpl` values render empty. * Pick the test improvement out of PR#8371 * #11369 Use the correct index repo cache directory in the `parallelRepoUpdate` method as well * #11369 Add a test case to prove the bug and its resolution * ref(helm): export DescriptorPullSummary fields * feat(helm): add 'ClientOptResolver' ClientOption * Fix flaky TestSQLCreate test by making sqlmock ignore order of sql requests * Fixing tests after adding labels to release fixture * Make default release fixture contain custom labels to make tests check that labels are not lost * Added support for storing custom labels in SQL storage driver * Adding support merging new custom labels with original release labels during upgrade * Added note to install/upgrade commands that original release labels wouldn't be persisted in upgraded release * Added unit tests for implemented install/upgrade labels logic * Remove redudant types from util_test.go * Added tests for newly introduced util.go functions * Fix broken tests for SQL storage driver * Fix broken tests for configmap and secret storage drivers * Make superseded releases keep labels * Support configmap storage driver for install/upgrade actions --labels argument * Added upgrade --install labels argument support * Add labels support for install action with secret storage backend * test: added tests to load plugin from home dir with space * fix: plugin does not load when helm base dir contains space * Add priority class to kind sorter * Fixes #10566 * test(search): add mixedCase test case * fix(search): print repo search result in original case * Adjust error message wrongly claiming that there is a resource conflict * Throw an error from jobReady() if the job exceeds its BackoffLimit * github: add Asset Transparency action for GitHub releases Update to version 3.12.3: * bump kubernetes modules to v0.27.3 * Add priority class to kind sorter Update to version 3.12.2: * add GetRegistryClient method Update to version 3.12.1: * bugfix:(#11391) helm lint infinite loop when malformed template object * update autoscaling/v2beta1 to autoscaling/v2 in skeleton chart * test(search): add mixedCase test case * fix(search): print repo search result in original case * strict file permissions of repository.yaml * update kubernetes dependencies from v0.27.0 to v0.27.1 Update to version 3.12.0: * Attach annotations to OCI artifacts * Fix goroutine leak in action install * fix quiet lint does not fail on non-linting errors * create failing test for quietly linting a chart that doesn't exist * Fixes Readiness Check for statefulsets using partitioned rolling update. (#11774) * fix: failed testcase on windows * Fix 32bit-x86 typo in testsuite * Handle failed DNS case for Go 1.20+ * Updating the Go version in go.mod * Fix goroutine leak in perform * Properly invalidate client after CRD install * Provide a helper to set the registryClient in cmd * Reimplemented change in httpgetter for insecure TLS option * Added insecure option to login subcommand * Added support for insecure OCI registries * Enable custom certificates option for OCI * Add testing to default and release branches * Remove job dependency. Should have done when I moved job to new file * Remove check to run only in helm org * Add why comments * Convert remaining CircleCI config to GitHub Actions * Changed how the setup-go action sets go version * chore:Use http constants as http.request parameters * update k8s registry domain * don't mark issues as stale where a PR is in progress * Update to func handling * Add option to support cascade deletion options * the linter varcheck and deadcode are deprecated (since v1.49.0) * Check status code before retrying request * Fix improper use of Table request/response to k8s API * fix template --output-dir issue * Add protection for stack-overflows for nested keys * feature(helm): add --set-literal flag for literal string interpretation Update to version 3.11.3: * Fix goroutine leak in perform * Fix goroutine leak in action install * Fix 32bit-x86 typo in testsuite * Fixes Readiness Check for statefulsets using partitioned rolling update. (#11774) - avoid CGO to workaround missing gold dependency (bsc#1183043) The following package changes have been done: - glibc-2.31-150300.63.1 updated - helm-3.13.1-150000.1.26.1 updated - libopenssl1_1-1.1.1l-150500.17.19.1 updated - openssl-1_1-1.1.1l-150500.17.19.1 updated - container:micro-image-15.5.0-12.2 updated From sle-updates at lists.suse.com Mon Oct 23 07:04:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Oct 2023 09:04:26 +0200 (CEST) Subject: SUSE-CU-2023:3509-1: Security update of bci/bci-init Message-ID: <20231023070426.689FAF417@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3509-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.10.19 , bci/bci-init:latest Container Release : 10.19 Severity : important Type : security References : 1107342 1215215 1215286 1215313 1215434 1215891 CVE-2023-4813 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4105-1 Released: Wed Oct 18 08:15:40 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) The following package changes have been done: - glibc-2.31-150300.63.1 updated - libudev1-249.16-150400.8.35.5 updated - libsystemd0-249.16-150400.8.35.5 updated - libopenssl1_1-1.1.1l-150500.17.19.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.19.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - systemd-249.16-150400.8.35.5 updated - container:sles15-image-15.0.0-36.5.46 updated From sle-updates at lists.suse.com Mon Oct 23 07:04:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Oct 2023 09:04:29 +0200 (CEST) Subject: SUSE-CU-2023:3510-1: Security update of bci/bci-micro Message-ID: <20231023070429.5187AF417@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3510-1 Container Tags : bci/bci-micro:15.5 , bci/bci-micro:15.5.12.2 , bci/bci-micro:latest Container Release : 12.2 Severity : important Type : security References : 1215286 1215891 CVE-2023-4813 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) The following package changes have been done: - glibc-2.31-150300.63.1 updated From sle-updates at lists.suse.com Mon Oct 23 07:04:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Oct 2023 09:04:33 +0200 (CEST) Subject: SUSE-CU-2023:3511-1: Security update of bci/bci-minimal Message-ID: <20231023070433.179B8F417@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3511-1 Container Tags : bci/bci-minimal:15.5 , bci/bci-minimal:15.5.13.6 , bci/bci-minimal:latest Container Release : 13.6 Severity : important Type : security References : 1215286 1215891 CVE-2023-4813 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) The following package changes have been done: - glibc-2.31-150300.63.1 updated - container:micro-image-15.5.0-12.2 updated From sle-updates at lists.suse.com Mon Oct 23 07:04:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Oct 2023 09:04:37 +0200 (CEST) Subject: SUSE-CU-2023:3512-1: Security update of suse/nginx Message-ID: <20231023070437.CA4D4F417@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3512-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-5.18 , suse/nginx:latest Container Release : 5.18 Severity : important Type : security References : 1107342 1215215 1215286 1215313 1215434 1215891 CVE-2023-4813 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4105-1 Released: Wed Oct 18 08:15:40 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) The following package changes have been done: - glibc-2.31-150300.63.1 updated - libsystemd0-249.16-150400.8.35.5 updated - libopenssl1_1-1.1.1l-150500.17.19.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.19.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - container:sles15-image-15.0.0-36.5.46 updated From sle-updates at lists.suse.com Mon Oct 23 07:04:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Oct 2023 09:04:48 +0200 (CEST) Subject: SUSE-CU-2023:3513-1: Security update of bci/nodejs Message-ID: <20231023070448.0AD9BF417@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3513-1 Container Tags : bci/node:18 , bci/node:18-11.20 , bci/node:latest , bci/nodejs:18 , bci/nodejs:18-11.20 , bci/nodejs:latest Container Release : 11.20 Severity : important Type : security References : 1030253 1095425 1103893 1107342 1112183 1146907 1158955 1159131 1161007 1162882 1166844 1167603 1182252 1182645 1192935 1193951 1215215 1215286 1215313 1215434 1215891 1216190 1216205 1216272 1216273 354372 437293 824262 CVE-2020-10531 CVE-2020-21913 CVE-2023-38552 CVE-2023-39333 CVE-2023-44487 CVE-2023-45143 CVE-2023-4813 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3563-1 Released: Fri Sep 8 15:28:17 2023 Summary: Security update for icu73_2 Type: security Severity: moderate References: 1030253,1095425,1103893,1112183,1146907,1158955,1159131,1161007,1162882,1166844,1167603,1182252,1182645,1192935,1193951,354372,437293,824262,CVE-2020-10531,CVE-2020-21913 This update for icu73_2 fixes the following issues: - Update to release 73.2 * CLDR extends the support for ???short??? Chinese sort orders to cover some additional, required characters for Level 2. This is carried over into ICU collation. * ICU has a modified character conversion table, mapping some GB18030 characters to Unicode characters that were encoded after GB18030-2005. - fixes builds where UCHAR_TYPE is re-defined such as libqt5-qtwebengine - Update to release 73.1 * Improved Japanese and Korean short-text line breaking * Reduction of C++ memory use in date formatting - Update to release 72.1 * Support for Unicode 15, including new characters, scripts, emoji, and corresponding API constants. * Support for CLDR 42 locale data with various additions and corrections. * Shift to tzdb 2022e. Pre-1970 data for a number of timezones has been removed. - bump library packagename to libicu71 to match the version. - update to 71.1: * updates to CLDR 41 locale data with various additions and corrections. * phrase-based line breaking for Japanese. Existing line breaking methods follow standards and conventions for body text but do not work well for short Japanese text, such as in titles and headings. This new feature is optimized for these use cases. * support for Hindi written in Latin letters (hi_Latn). The CLDR data for this increasingly popular locale has been significantly revised and expanded. Note that based on user expectations, hi_Latn incorporates a large amount of English, and can also be referred to as ???Hinglish???. * time zone data updated to version 2022a. Note that pre-1970 data for a number of time zones has been removed, as has been the case in the upstream tzdata release since 2021b. - ICU-21793 Fix ucptrietest golden diff [bsc#1192935] - Update to release 70.1: * Unicode 14 (new characters, scripts, emoji, and API constants) * CLDR 40 (many additions and corrections) * Fixes for measurement unit formatting * Can now be built with up to C++20 compilers - ICU-21613 Fix undefined behaviour in ComplexUnitsConverter::applyRounder - Update to release 69.1 * CLDR 39 * For Norwegian, 'no' is back to being the canonical code, with 'nb' treated as equivalent. This aligns handling of Norwegian with other macro language codes. * Binary prefixes in measurement units (KiB, MiB, etc.) * Time zone offsets from local time: New APIs BasicTimeZone::getOffsetFromLocal() (C++) and ucal_getTimeZoneOffsetFromLocal() - Backport ICU-21366 (bsc#1182645) - Update to release 68.2 * Fix memory problem in FormattedStringBuilder * Fix assertion when setKeywordValue w/ long value. * Fix UBSan breakage on 8bit of rbbi * fix int32_t overflow in listFormat * Fix memory handling in MemoryPool::operator=() * Fix memory leak in AliasReplacer - Add back icu.keyring, see https://unicode-org.atlassian.net/browse/ICU-21361 - Update to release 68.1 * CLDR 38 * Measurement unit preferences * PluralRules selection for ranges of numbers * Locale ID canonicalization now conforms to the CLDR spec including edge cases * DateIntervalFormat supports output options such as capitalization * Measurement units are normalized in skeleton string output * Time zone data (tzdata) version 2020d - Add the provides for libicu to Make .Net core can install successfully. (bsc#1167603, bsc#1161007) - Update to version 67.1 * Unicode 13 (ICU-20893, same as in ICU 66) + Total of 5930 new characters + 4 new scripts + 55 new emoji characters, plus additional new sequences + New CJK extension, first characters in plane 3: U+30000..U+3134A * CLDR 37 + New language at Modern coverage: Nigerian Pidgin + New languages at Basic coverage: Fulah (Adlam), Maithili, Manipuri, Santali, Sindhi (Devanagari), Sundanese + Region containment: EU no longer includes GB + Unicode 13 root collation data and Chinese data for collation and transliteration * DateTimePatternGenerator now obeys the 'hc' preference in the locale identifier (ICU-20442) * Various other improvements for ECMA-402 conformance * Number skeletons have a new 'concise' form that can be used in MessageFormat strings (ICU-20418) * Currency formatting options for formal and other currency display name variants (ICU-20854) * ListFormatter: new public API to select the style & type (ICU-12863) * ListFormatter now selects the proper ???and???/???or??? form for Spanish & Hebrew (ICU-21016) * Locale ID canonicalization upgraded to implement the complete CLDR spec (ICU-20834, ICU-20272) * LocaleMatcher: New option to ignore one-way matches (ICU-20936), and other tweaks to the code (ICU-20916, ICU-20917) and data (from CLDR) * acceptLanguage() reimplemented via LocaleMatcher (ICU-20700) * Data build tool: tzdbNames.res moved from the 'zone_tree' category to the 'zone_supplemental' category (ICU-21073) * Fixed uses of u8'literals' broken by the C++20 introduction of the incompatible char8_t type (ICU-20972), * and added a few API overloads to reduce the need for reinterpret_cast (ICU-20984). * Support for manipulating CLDR 37 unit identifiers in MeasureUnit. * Fix potential integer overflow in UnicodeString:doAppend (bsc#1166844, CVE-2020-10531). - Update to version 66.1 * Unicode 13 support * Fix uses of u8'literals' broken by C++20 introduction of incompatible char8_t type. (ICU-20972) * use LocalMemory for cmd to prevent use after free (bsc#1193951 CVE-2020-21913). - Remove /usr/lib(64)/icu/current [bsc#1158955]. - Update to release 65.1 (jsc#SLE-11118). * Updated to CLDR 36 locale data with many additions and corrections, and some new measurement units. * The Java LocaleMatcher API is improved, and ported to C++. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4105-1 Released: Wed Oct 18 08:15:40 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4133-1 Released: Thu Oct 19 12:03:10 2023 Summary: Security update for nodejs18 Type: security Severity: important References: 1216190,1216205,1216272,1216273,CVE-2023-38552,CVE-2023-39333,CVE-2023-44487,CVE-2023-45143 This update for nodejs18 fixes the following issues: - Update to version 18.18.2 - CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190) - CVE-2023-45143: Fixed a cookie leakage in undici. (bsc#1216205) - CVE-2023-38552: Fixed an integrity checks according to policies that could be circumvented. (bsc#1216272) - CVE-2023-39333: Fixed a code injection via WebAssembly export names. (bsc#1216273) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) The following package changes have been done: - glibc-2.31-150300.63.1 updated - libsystemd0-249.16-150400.8.35.5 updated - libopenssl1_1-1.1.1l-150500.17.19.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.19.1 updated - rpm-ndb-4.14.3-150400.59.3.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - libicu73_2-ledata-73.2-150000.1.3.1 added - libicu73_2-73.2-150000.1.3.1 added - nodejs18-18.18.2-150400.9.15.1 updated - npm18-18.18.2-150400.9.15.1 updated - container:sles15-image-15.0.0-36.5.46 updated - libicu69-69.1-7.3.2 removed - libicu69-ledata-69.1-7.3.2 removed From sle-updates at lists.suse.com Mon Oct 23 07:05:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Oct 2023 09:05:00 +0200 (CEST) Subject: SUSE-CU-2023:3514-1: Security update of bci/openjdk-devel Message-ID: <20231023070500.51D84F417@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3514-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-10.45 Container Release : 10.45 Severity : important Type : security References : 1107342 1215215 1215286 1215313 1215434 1215891 CVE-2023-4813 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4105-1 Released: Wed Oct 18 08:15:40 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4143-1 Released: Fri Oct 20 11:53:59 2023 Summary: Recommended update for brltty, harfbuzz, libcdr, libmspub, libreoffice, libzmf, tepl, vte Type: recommended Severity: moderate References: This update provides rebuilds of various packages against the newer icu73 to support GB18030-2023. This set contains libreoffice, various libraries used by libreoffice and GNOME, and brltty. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) The following package changes have been done: - glibc-2.31-150300.63.1 updated - libsystemd0-249.16-150400.8.35.5 updated - libopenssl1_1-1.1.1l-150500.17.19.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.19.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - openssl-1_1-1.1.1l-150500.17.19.1 updated - libharfbuzz0-3.4.0-150400.3.8.1 updated - container:bci-openjdk-11-15.5.11-11.21 updated From sle-updates at lists.suse.com Mon Oct 23 07:05:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Oct 2023 09:05:09 +0200 (CEST) Subject: SUSE-CU-2023:3515-1: Security update of bci/openjdk Message-ID: <20231023070509.7554BF417@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3515-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-11.21 Container Release : 11.21 Severity : important Type : security References : 1107342 1215215 1215286 1215313 1215434 1215891 CVE-2023-4813 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4105-1 Released: Wed Oct 18 08:15:40 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4143-1 Released: Fri Oct 20 11:53:59 2023 Summary: Recommended update for brltty, harfbuzz, libcdr, libmspub, libreoffice, libzmf, tepl, vte Type: recommended Severity: moderate References: This update provides rebuilds of various packages against the newer icu73 to support GB18030-2023. This set contains libreoffice, various libraries used by libreoffice and GNOME, and brltty. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) The following package changes have been done: - glibc-2.31-150300.63.1 updated - libsystemd0-249.16-150400.8.35.5 updated - libopenssl1_1-1.1.1l-150500.17.19.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.19.1 updated - rpm-ndb-4.14.3-150400.59.3.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - openssl-1_1-1.1.1l-150500.17.19.1 updated - libharfbuzz0-3.4.0-150400.3.8.1 updated - container:sles15-image-15.0.0-36.5.46 updated From sle-updates at lists.suse.com Mon Oct 23 07:05:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Oct 2023 09:05:20 +0200 (CEST) Subject: SUSE-CU-2023:3516-1: Security update of bci/openjdk-devel Message-ID: <20231023070520.A13E1F417@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3516-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-12.33 , bci/openjdk-devel:latest Container Release : 12.33 Severity : important Type : security References : 1107342 1215215 1215286 1215313 1215434 1215891 CVE-2023-4813 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4105-1 Released: Wed Oct 18 08:15:40 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) The following package changes have been done: - glibc-2.31-150300.63.1 updated - libsystemd0-249.16-150400.8.35.5 updated - libopenssl1_1-1.1.1l-150500.17.19.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.19.1 updated - rpm-ndb-4.14.3-150400.59.3.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - openssl-1_1-1.1.1l-150500.17.19.1 updated - container:bci-openjdk-17-15.5.17-12.18 updated From sle-updates at lists.suse.com Mon Oct 23 07:05:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Oct 2023 09:05:30 +0200 (CEST) Subject: SUSE-CU-2023:3517-1: Security update of bci/openjdk Message-ID: <20231023070530.6B0DBF417@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3517-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-12.18 , bci/openjdk:latest Container Release : 12.18 Severity : important Type : security References : 1107342 1215215 1215286 1215313 1215434 1215891 CVE-2023-4813 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4105-1 Released: Wed Oct 18 08:15:40 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) The following package changes have been done: - glibc-2.31-150300.63.1 updated - libsystemd0-249.16-150400.8.35.5 updated - libopenssl1_1-1.1.1l-150500.17.19.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.19.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - openssl-1_1-1.1.1l-150500.17.19.1 updated - container:sles15-image-15.0.0-36.5.46 updated From sle-updates at lists.suse.com Mon Oct 23 07:05:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Oct 2023 09:05:40 +0200 (CEST) Subject: SUSE-CU-2023:3518-1: Security update of suse/pcp Message-ID: <20231023070540.13A2BF417@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3518-1 Container Tags : suse/pcp:5 , suse/pcp:5-15.35 , suse/pcp:5.2 , suse/pcp:5.2-15.35 , suse/pcp:5.2.5 , suse/pcp:5.2.5-15.35 , suse/pcp:latest Container Release : 15.35 Severity : important Type : security References : 1107342 1215215 1215286 1215313 1215434 1215891 CVE-2023-4813 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4105-1 Released: Wed Oct 18 08:15:40 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) The following package changes have been done: - glibc-2.31-150300.63.1 updated - libudev1-249.16-150400.8.35.5 updated - libsystemd0-249.16-150400.8.35.5 updated - libopenssl1_1-1.1.1l-150500.17.19.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.19.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - systemd-249.16-150400.8.35.5 updated - container:bci-bci-init-15.5-15.5-10.19 updated From sle-updates at lists.suse.com Mon Oct 23 07:05:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Oct 2023 09:05:48 +0200 (CEST) Subject: SUSE-CU-2023:3519-1: Security update of bci/php-apache Message-ID: <20231023070548.A8A2AF417@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3519-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-8.17 Container Release : 8.17 Severity : important Type : security References : 1107342 1215215 1215286 1215313 1215434 1215891 CVE-2023-4813 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4105-1 Released: Wed Oct 18 08:15:40 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) The following package changes have been done: - glibc-2.31-150300.63.1 updated - libsystemd0-249.16-150400.8.35.5 updated - libopenssl1_1-1.1.1l-150500.17.19.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.19.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - container:sles15-image-15.0.0-36.5.46 updated From sle-updates at lists.suse.com Mon Oct 23 07:05:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Oct 2023 09:05:57 +0200 (CEST) Subject: SUSE-CU-2023:3520-1: Security update of bci/php-fpm Message-ID: <20231023070557.05A0EF417@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3520-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-8.19 Container Release : 8.19 Severity : important Type : security References : 1107342 1215215 1215286 1215313 1215434 1215891 CVE-2023-4813 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4105-1 Released: Wed Oct 18 08:15:40 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) The following package changes have been done: - glibc-2.31-150300.63.1 updated - libsystemd0-249.16-150400.8.35.5 updated - libopenssl1_1-1.1.1l-150500.17.19.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.19.1 updated - rpm-ndb-4.14.3-150400.59.3.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - container:sles15-image-15.0.0-36.5.46 updated From sle-updates at lists.suse.com Mon Oct 23 07:06:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Oct 2023 09:06:05 +0200 (CEST) Subject: SUSE-CU-2023:3521-1: Security update of bci/php Message-ID: <20231023070605.03508F417@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3521-1 Container Tags : bci/php:8 , bci/php:8-8.16 Container Release : 8.16 Severity : important Type : security References : 1107342 1215215 1215286 1215313 1215434 1215891 CVE-2023-4813 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4105-1 Released: Wed Oct 18 08:15:40 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) The following package changes have been done: - glibc-2.31-150300.63.1 updated - libsystemd0-249.16-150400.8.35.5 updated - libopenssl1_1-1.1.1l-150500.17.19.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.19.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - container:sles15-image-15.0.0-36.5.46 updated From sle-updates at lists.suse.com Mon Oct 23 07:12:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Oct 2023 09:12:16 +0200 (CEST) Subject: SUSE-CU-2023:3521-1: Security update of bci/php Message-ID: <20231023071216.E06C6F417@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3521-1 Container Tags : bci/php:8 , bci/php:8-8.16 Container Release : 8.16 Severity : important Type : security References : 1107342 1215215 1215286 1215313 1215434 1215891 CVE-2023-4813 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4105-1 Released: Wed Oct 18 08:15:40 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) The following package changes have been done: - glibc-2.31-150300.63.1 updated - libsystemd0-249.16-150400.8.35.5 updated - libopenssl1_1-1.1.1l-150500.17.19.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.19.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - container:sles15-image-15.0.0-36.5.46 updated From sle-updates at lists.suse.com Mon Oct 23 07:12:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Oct 2023 09:12:27 +0200 (CEST) Subject: SUSE-CU-2023:3522-1: Security update of suse/postgres Message-ID: <20231023071227.5B2E8F417@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3522-1 Container Tags : suse/postgres:15 , suse/postgres:15-11.17 , suse/postgres:15.4 , suse/postgres:15.4-11.17 , suse/postgres:latest Container Release : 11.17 Severity : important Type : security References : 1107342 1215215 1215286 1215313 1215434 1215891 CVE-2023-4813 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4105-1 Released: Wed Oct 18 08:15:40 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) The following package changes have been done: - glibc-2.31-150300.63.1 updated - libudev1-249.16-150400.8.35.5 updated - libsystemd0-249.16-150400.8.35.5 updated - libopenssl1_1-1.1.1l-150500.17.19.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.19.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - glibc-locale-base-2.31-150300.63.1 updated - glibc-locale-2.31-150300.63.1 updated - systemd-249.16-150400.8.35.5 updated - container:sles15-image-15.0.0-36.5.46 updated From sle-updates at lists.suse.com Mon Oct 23 07:12:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Oct 2023 09:12:39 +0200 (CEST) Subject: SUSE-CU-2023:3523-1: Security update of bci/python Message-ID: <20231023071239.82F0CF417@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3523-1 Container Tags : bci/python:3 , bci/python:3-12.12 , bci/python:3.11 , bci/python:3.11-12.12 , bci/python:latest Container Release : 12.12 Severity : important Type : security References : 1107342 1215215 1215286 1215313 1215434 1215891 CVE-2023-4813 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4105-1 Released: Wed Oct 18 08:15:40 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) The following package changes have been done: - glibc-2.31-150300.63.1 updated - libsystemd0-249.16-150400.8.35.5 updated - libopenssl1_1-1.1.1l-150500.17.19.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.19.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - openssl-1_1-1.1.1l-150500.17.19.1 updated - container:sles15-image-15.0.0-36.5.46 updated From sle-updates at lists.suse.com Mon Oct 23 07:12:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Oct 2023 09:12:52 +0200 (CEST) Subject: SUSE-CU-2023:3524-1: Security update of bci/python Message-ID: <20231023071252.7FE23F417@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3524-1 Container Tags : bci/python:3 , bci/python:3-14.12 , bci/python:3.6 , bci/python:3.6-14.12 Container Release : 14.12 Severity : important Type : security References : 1107342 1215215 1215286 1215313 1215434 1215891 CVE-2023-4813 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4105-1 Released: Wed Oct 18 08:15:40 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) The following package changes have been done: - glibc-2.31-150300.63.1 updated - libsystemd0-249.16-150400.8.35.5 updated - libopenssl1_1-1.1.1l-150500.17.19.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.19.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - openssl-1_1-1.1.1l-150500.17.19.1 updated - container:sles15-image-15.0.0-36.5.46 updated From sle-updates at lists.suse.com Mon Oct 23 07:13:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Oct 2023 09:13:01 +0200 (CEST) Subject: SUSE-CU-2023:3525-1: Security update of bci/ruby Message-ID: <20231023071301.8392FF417@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3525-1 Container Tags : bci/ruby:2 , bci/ruby:2-12.16 , bci/ruby:2.5 , bci/ruby:2.5-12.16 , bci/ruby:latest Container Release : 12.16 Severity : important Type : security References : 1107342 1215215 1215286 1215313 1215434 1215891 CVE-2023-4813 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4105-1 Released: Wed Oct 18 08:15:40 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) The following package changes have been done: - glibc-2.31-150300.63.1 updated - libsystemd0-249.16-150400.8.35.5 updated - libopenssl1_1-1.1.1l-150500.17.19.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.19.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - glibc-devel-2.31-150300.63.1 updated - container:sles15-image-15.0.0-36.5.46 updated From sle-updates at lists.suse.com Mon Oct 23 07:13:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Oct 2023 09:13:12 +0200 (CEST) Subject: SUSE-CU-2023:3526-1: Security update of bci/rust Message-ID: <20231023071312.8EE95F417@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3526-1 Container Tags : bci/rust:1.72 , bci/rust:1.72-2.2.8 , bci/rust:oldstable , bci/rust:oldstable-2.2.8 Container Release : 2.8 Severity : important Type : security References : 1107342 1215215 1215286 1215313 1215434 1215891 CVE-2023-4813 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4105-1 Released: Wed Oct 18 08:15:40 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) The following package changes have been done: - glibc-2.31-150300.63.1 updated - libsystemd0-249.16-150400.8.35.5 updated - libopenssl1_1-1.1.1l-150500.17.19.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.19.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - glibc-devel-2.31-150300.63.1 updated - container:sles15-image-15.0.0-36.5.46 updated From sle-updates at lists.suse.com Mon Oct 23 07:13:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Oct 2023 09:13:22 +0200 (CEST) Subject: SUSE-CU-2023:3527-1: Security update of bci/rust Message-ID: <20231023071322.34560F417@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3527-1 Container Tags : bci/rust:1.73 , bci/rust:1.73-1.2.7 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.7 Container Release : 2.7 Severity : important Type : security References : 1107342 1215215 1215286 1215313 1215434 1215891 CVE-2023-4813 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4105-1 Released: Wed Oct 18 08:15:40 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) The following package changes have been done: - glibc-2.31-150300.63.1 updated - libsystemd0-249.16-150400.8.35.5 updated - libopenssl1_1-1.1.1l-150500.17.19.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.19.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - glibc-devel-2.31-150300.63.1 updated - container:sles15-image-15.0.0-36.5.46 updated From sle-updates at lists.suse.com Mon Oct 23 07:13:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Oct 2023 09:13:31 +0200 (CEST) Subject: SUSE-CU-2023:3528-1: Security update of suse/sle15 Message-ID: <20231023071331.E9FEFF417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3528-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.47 , suse/sle15:15.5 , suse/sle15:15.5.36.5.47 Container Release : 36.5.47 Severity : important Type : security References : 1107342 1212475 1215215 1215286 1215313 1215434 1215891 CVE-2023-4813 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4105-1 Released: Wed Oct 18 08:15:40 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4125-1 Released: Thu Oct 19 09:34:58 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - container-suseconnect-2.4.0-150000.4.40.2 updated - glibc-2.31-150300.63.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.19.1 updated - libopenssl1_1-1.1.1l-150500.17.19.1 updated - libsystemd0-249.16-150400.8.35.5 updated - libudev1-249.16-150400.8.35.5 updated - openssl-1_1-1.1.1l-150500.17.19.1 updated From sle-updates at lists.suse.com Mon Oct 23 08:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Oct 2023 08:30:08 -0000 Subject: SUSE-SU-2023:4160-1: important: Security update for suse-module-tools Message-ID: <169804980898.8054.10175016971525005046@smelt2.prg2.suse.org> # Security update for suse-module-tools Announcement ID: SUSE-SU-2023:4160-1 Rating: important References: * bsc#1205767 * bsc#1210335 * jsc#PED-5731 Cross-References: * CVE-2023-1829 * CVE-2023-23559 CVSS scores: * CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23559 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L * CVE-2023-23559 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves two vulnerabilities and contains one feature can now be installed. ## Description: This update for suse-module-tools fixes the following issues: * Updated to version 15.1.25: * CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier module (bsc#1210335). * CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules (bsc#1205767, jsc#PED-5731). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4160=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4160=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4160=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * suse-module-tools-15.1.25-150100.3.25.1 * SUSE CaaS Platform 4.0 (x86_64) * suse-module-tools-15.1.25-150100.3.25.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * suse-module-tools-15.1.25-150100.3.25.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * suse-module-tools-15.1.25-150100.3.25.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1829.html * https://www.suse.com/security/cve/CVE-2023-23559.html * https://bugzilla.suse.com/show_bug.cgi?id=1205767 * https://bugzilla.suse.com/show_bug.cgi?id=1210335 * https://jira.suse.com/browse/PED-5731 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 23 08:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Oct 2023 08:30:12 -0000 Subject: SUSE-SU-2023:4159-1: important: Security update for suse-module-tools Message-ID: <169804981218.8054.4153744778419997272@smelt2.prg2.suse.org> # Security update for suse-module-tools Announcement ID: SUSE-SU-2023:4159-1 Rating: important References: * bsc#1187196 * bsc#1205767 * bsc#1210335 * jsc#PED-5731 Cross-References: * CVE-2023-1829 * CVE-2023-23559 CVSS scores: * CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23559 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L * CVE-2023-23559 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities, contains one feature and has one security fix can now be installed. ## Description: This update for suse-module-tools fixes the following issues: * Updated to version 12.13: * CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier module (bsc#1210335). * CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules (bsc#1205767, jsc#PED-5731). * Disabled the isst_if_mbox_msr driver (bsc#1187196). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4159=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4159=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4159=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * suse-module-tools-12.13-3.11.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * suse-module-tools-12.13-3.11.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * suse-module-tools-12.13-3.11.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1829.html * https://www.suse.com/security/cve/CVE-2023-23559.html * https://bugzilla.suse.com/show_bug.cgi?id=1187196 * https://bugzilla.suse.com/show_bug.cgi?id=1205767 * https://bugzilla.suse.com/show_bug.cgi?id=1210335 * https://jira.suse.com/browse/PED-5731 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 23 08:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Oct 2023 08:30:16 -0000 Subject: SUSE-SU-2023:4158-1: important: Security update for suse-module-tools Message-ID: <169804981604.8054.17869151977071948427@smelt2.prg2.suse.org> # Security update for suse-module-tools Announcement ID: SUSE-SU-2023:4158-1 Rating: important References: * bsc#1205767 * bsc#1207853 * bsc#1210335 * jsc#PED-5731 Cross-References: * CVE-2023-1829 * CVE-2023-23559 CVSS scores: * CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23559 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L * CVE-2023-23559 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves two vulnerabilities, contains one feature and has one security fix can now be installed. ## Description: This update for suse-module-tools fixes the following issues: * Updated to version 15.3.17: * CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier module (bsc#1210335). * CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules (bsc#1205767, jsc#PED-5731). * Updated to version 15.3.16: * Fixed a build issue for s390x (bsc#1207853). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4158=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4158=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4158=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4158=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4158=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4158=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4158=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4158=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4158=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4158=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4158=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * suse-module-tools-15.3.17-150300.3.22.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * suse-module-tools-15.3.17-150300.3.22.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * suse-module-tools-15.3.17-150300.3.22.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * suse-module-tools-15.3.17-150300.3.22.1 * SUSE Manager Proxy 4.2 (x86_64) * suse-module-tools-15.3.17-150300.3.22.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * suse-module-tools-15.3.17-150300.3.22.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * suse-module-tools-15.3.17-150300.3.22.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * suse-module-tools-15.3.17-150300.3.22.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * suse-module-tools-15.3.17-150300.3.22.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * suse-module-tools-15.3.17-150300.3.22.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * suse-module-tools-15.3.17-150300.3.22.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1829.html * https://www.suse.com/security/cve/CVE-2023-23559.html * https://bugzilla.suse.com/show_bug.cgi?id=1205767 * https://bugzilla.suse.com/show_bug.cgi?id=1207853 * https://bugzilla.suse.com/show_bug.cgi?id=1210335 * https://jira.suse.com/browse/PED-5731 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 23 08:30:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Oct 2023 08:30:18 -0000 Subject: SUSE-SU-2023:4157-1: moderate: Security update for python-urllib3 Message-ID: <169804981892.8054.7461706033224730208@smelt2.prg2.suse.org> # Security update for python-urllib3 Announcement ID: SUSE-SU-2023:4157-1 Rating: moderate References: * bsc#1215968 Cross-References: * CVE-2023-43804 CVSS scores: * CVE-2023-43804 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-43804 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N Affected Products: * HPE Helion OpenStack 8 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise Server 12 SP3 * SUSE OpenStack Cloud 8 * SUSE OpenStack Cloud Crowbar 8 An update that solves one vulnerability can now be installed. ## Description: This update for python-urllib3 fixes the following issues: * CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if the user manually set the corresponding header (bsc#1215968). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 8 zypper in -t patch SUSE-OpenStack-Cloud-8-2023-4157=1 * SUSE OpenStack Cloud Crowbar 8 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2023-4157=1 * HPE Helion OpenStack 8 zypper in -t patch HPE-Helion-OpenStack-8-2023-4157=1 ## Package List: * SUSE OpenStack Cloud 8 (noarch) * python-urllib3-1.25.10-5.22.1 * SUSE OpenStack Cloud Crowbar 8 (noarch) * python-urllib3-1.25.10-5.22.1 * HPE Helion OpenStack 8 (noarch) * python-urllib3-1.25.10-5.22.1 ## References: * https://www.suse.com/security/cve/CVE-2023-43804.html * https://bugzilla.suse.com/show_bug.cgi?id=1215968 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 23 08:30:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Oct 2023 08:30:21 -0000 Subject: SUSE-SU-2023:4155-1: important: Security update for nodejs18 Message-ID: <169804982150.8054.12132835468025559515@smelt2.prg2.suse.org> # Security update for nodejs18 Announcement ID: SUSE-SU-2023:4155-1 Rating: important References: * bsc#1216190 * bsc#1216205 * bsc#1216272 * bsc#1216273 Cross-References: * CVE-2023-38552 * CVE-2023-39333 * CVE-2023-44487 * CVE-2023-45143 CVSS scores: * CVE-2023-38552 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-39333 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-45143 ( SUSE ): 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L * CVE-2023-45143 ( NVD ): 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * Web and Scripting Module 15-SP4 An update that solves four vulnerabilities can now be installed. ## Description: This update for nodejs18 fixes the following issues: * Update to version 18.18.2 * CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190) * CVE-2023-45143: Fixed a cookie leakage in undici. (bsc#1216205) * CVE-2023-38552: Fixed an integrity checks according to policies that could be circumvented. (bsc#1216272) * CVE-2023-39333: Fixed a code injection via WebAssembly export names. (bsc#1216273) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Web and Scripting Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2023-4155=1 ## Package List: * Web and Scripting Module 15-SP4 (aarch64 ppc64le s390x x86_64) * nodejs16-debugsource-16.20.2-150400.3.27.2 * nodejs16-devel-16.20.2-150400.3.27.2 * nodejs16-16.20.2-150400.3.27.2 * nodejs16-debuginfo-16.20.2-150400.3.27.2 * npm16-16.20.2-150400.3.27.2 * Web and Scripting Module 15-SP4 (noarch) * nodejs16-docs-16.20.2-150400.3.27.2 ## References: * https://www.suse.com/security/cve/CVE-2023-38552.html * https://www.suse.com/security/cve/CVE-2023-39333.html * https://www.suse.com/security/cve/CVE-2023-44487.html * https://www.suse.com/security/cve/CVE-2023-45143.html * https://bugzilla.suse.com/show_bug.cgi?id=1216190 * https://bugzilla.suse.com/show_bug.cgi?id=1216205 * https://bugzilla.suse.com/show_bug.cgi?id=1216272 * https://bugzilla.suse.com/show_bug.cgi?id=1216273 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 23 16:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Oct 2023 16:30:04 -0000 Subject: SUSE-SU-2023:4162-1: important: Security update for gcc13 Message-ID: <169807860480.18156.2073875638404521881@smelt2.prg2.suse.org> # Security update for gcc13 Announcement ID: SUSE-SU-2023:4162-1 Rating: important References: * bsc#1206480 * bsc#1206684 * bsc#1210557 * bsc#1211427 * bsc#1212101 * bsc#1213915 * bsc#1214052 * bsc#1214460 * jsc#PED-153 * jsc#PED-2005 * jsc#PED-252 * jsc#PED-253 * jsc#PED-6584 Cross-References: * CVE-2023-4039 CVSS scores: * CVE-2023-4039 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4039 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability, contains five features and has seven security fixes can now be installed. ## Description: This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the "Development Tools" module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: * install "gcc13" or "gcc13-c++" or one of the other "gcc13-COMPILER" frontend packages. * override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) * Turn cross compiler to s390x to a glibc cross. [bsc#1214460] * Also handle -static-pie in the default-PIE specs * Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] * Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] * Add new x86-related intrinsics (amxcomplexintrin.h). * RISC-V: Add support for inlining subword atomic operations * Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. * Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. * Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. * Bump included newlib to version 4.3.0. * Also package libhwasan_preinit.o on aarch64. * Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. * Package libhwasan_preinit.o on x86_64. * Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] * Enable PRU flavour for gcc13 * update floatn fixinclude pickup to check each header separately (bsc#1206480) * Redo floatn fixinclude pick-up to simply keep what is there. * Bump libgo SONAME to libgo22. * Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. * Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. * Depend on at least LLVM 13 for GCN cross compiler. * Update embedded newlib to version 4.2.0 * Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4162=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4162=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4162=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4162=1 * SUSE Linux Enterprise Server 15 SP2 zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2023-4162=1 * SUSE Linux Enterprise Server 15 SP3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP3-2023-4162=1 * SUSE Linux Enterprise High Performance Computing 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4162=1 * SUSE Linux Enterprise Server 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4162=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4162=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4162=1 * SUSE Linux Enterprise Desktop 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4162=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4162=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4162=1 * SUSE Linux Enterprise High Performance Computing 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-4162=1 * SUSE Linux Enterprise Server 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-4162=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-4162=1 * SUSE Linux Enterprise Desktop 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-4162=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4162=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4162=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4162=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4162=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4162=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4162=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4162=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4162=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4162=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4162=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4162=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4162=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4162=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4162=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4162=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4162=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4162=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 ppc64le s390x x86_64) * gcc13-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-debugsource-13.2.1+git7813-150000.1.3.3 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libstdc++6-13.2.1+git7813-150000.1.3.3 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.3.3 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.3.3 * libgcc_s1-13.2.1+git7813-150000.1.3.3 * openSUSE Leap Micro 5.4 (aarch64 ppc64le s390x x86_64) * gcc13-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-debugsource-13.2.1+git7813-150000.1.3.3 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libstdc++6-13.2.1+git7813-150000.1.3.3 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.3.3 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.3.3 * libgcc_s1-13.2.1+git7813-150000.1.3.3 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libgo22-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-debugsource-13.2.1+git7813-150000.1.3.3 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.3.3 * libobjc4-debuginfo-13.2.1+git7813-150000.1.3.3 * libstdc++6-pp-13.2.1+git7813-150000.1.3.3 * libubsan1-13.2.1+git7813-150000.1.3.3 * gcc13-ada-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-go-13.2.1+git7813-150000.1.3.3 * gcc13-obj-c++-13.2.1+git7813-150000.1.3.3 * gcc13-fortran-13.2.1+git7813-150000.1.3.3 * libatomic1-13.2.1+git7813-150000.1.3.3 * gcc13-m2-13.2.1+git7813-150000.1.3.3 * libada13-13.2.1+git7813-150000.1.3.3 * libobjc4-13.2.1+git7813-150000.1.3.3 * libtsan2-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-debuginfo-13.2.1+git7813-150000.1.3.3 * libm2cor18-debuginfo-13.2.1+git7813-150000.1.3.3 * libm2pim18-13.2.1+git7813-150000.1.3.3 * libgomp1-13.2.1+git7813-150000.1.3.3 * gcc13-fortran-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-PIE-13.2.1+git7813-150000.1.3.3 * libm2cor18-13.2.1+git7813-150000.1.3.3 * libatomic1-debuginfo-13.2.1+git7813-150000.1.3.3 * cpp13-debuginfo-13.2.1+git7813-150000.1.3.3 * libgo22-13.2.1+git7813-150000.1.3.3 * libgomp1-debuginfo-13.2.1+git7813-150000.1.3.3 * libgfortran5-13.2.1+git7813-150000.1.3.3 * gcc13-objc-13.2.1+git7813-150000.1.3.3 * libitm1-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-ada-13.2.1+git7813-150000.1.3.3 * libm2log18-debuginfo-13.2.1+git7813-150000.1.3.3 * libstdc++6-locale-13.2.1+git7813-150000.1.3.3 * libm2iso18-13.2.1+git7813-150000.1.3.3 * liblsan0-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-locale-13.2.1+git7813-150000.1.3.3 * libubsan1-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-c++-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-m2-debuginfo-13.2.1+git7813-150000.1.3.3 * libm2min18-debuginfo-13.2.1+git7813-150000.1.3.3 * liblsan0-13.2.1+git7813-150000.1.3.3 * libstdc++6-devel-gcc13-13.2.1+git7813-150000.1.3.3 * libm2log18-13.2.1+git7813-150000.1.3.3 * gcc13-go-debuginfo-13.2.1+git7813-150000.1.3.3 * libm2min18-13.2.1+git7813-150000.1.3.3 * libasan8-13.2.1+git7813-150000.1.3.3 * cpp13-13.2.1+git7813-150000.1.3.3 * gcc13-objc-debuginfo-13.2.1+git7813-150000.1.3.3 * libstdc++6-13.2.1+git7813-150000.1.3.3 * libm2iso18-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-13.2.1+git7813-150000.1.3.3 * gcc13-c++-13.2.1+git7813-150000.1.3.3 * libasan8-debuginfo-13.2.1+git7813-150000.1.3.3 * libm2pim18-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-obj-c++-debuginfo-13.2.1+git7813-150000.1.3.3 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.3.3 * libgcc_s1-13.2.1+git7813-150000.1.3.3 * libitm1-13.2.1+git7813-150000.1.3.3 * libada13-debuginfo-13.2.1+git7813-150000.1.3.3 * libgfortran5-debuginfo-13.2.1+git7813-150000.1.3.3 * libtsan2-13.2.1+git7813-150000.1.3.3 * openSUSE Leap 15.4 (x86_64) * cross-nvptx-newlib13-devel-13.2.1+git7813-150000.1.3.2 * cross-nvptx-gcc13-13.2.1+git7813-150000.1.3.2 * libquadmath0-32bit-13.2.1+git7813-150000.1.3.3 * cross-nvptx-gcc13-debugsource-13.2.1+git7813-150000.1.3.2 * libquadmath0-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * cross-nvptx-gcc13-debuginfo-13.2.1+git7813-150000.1.3.2 * openSUSE Leap 15.4 (s390x x86_64) * libgo22-32bit-13.2.1+git7813-150000.1.3.3 * libm2pim18-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libgomp1-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libasan8-32bit-13.2.1+git7813-150000.1.3.3 * libgphobos4-32bit-13.2.1+git7813-150000.1.3.3 * libitm1-32bit-13.2.1+git7813-150000.1.3.3 * libm2cor18-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libasan8-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libgcc_s1-32bit-13.2.1+git7813-150000.1.3.3 * libm2log18-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libobjc4-32bit-13.2.1+git7813-150000.1.3.3 * gcc13-d-32bit-13.2.1+git7813-150000.1.3.3 * gcc13-go-32bit-13.2.1+git7813-150000.1.3.3 * libubsan1-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libatomic1-32bit-13.2.1+git7813-150000.1.3.3 * libstdc++6-32bit-13.2.1+git7813-150000.1.3.3 * libstdc++6-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-objc-32bit-13.2.1+git7813-150000.1.3.3 * gcc13-m2-32bit-13.2.1+git7813-150000.1.3.3 * libgdruntime4-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libm2iso18-32bit-13.2.1+git7813-150000.1.3.3 * libobjc4-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libgdruntime4-32bit-13.2.1+git7813-150000.1.3.3 * gcc13-32bit-13.2.1+git7813-150000.1.3.3 * libm2iso18-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libubsan1-32bit-13.2.1+git7813-150000.1.3.3 * libada13-32bit-13.2.1+git7813-150000.1.3.3 * gcc13-ada-32bit-13.2.1+git7813-150000.1.3.3 * libitm1-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libstdc++6-pp-32bit-13.2.1+git7813-150000.1.3.3 * libada13-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libgfortran5-32bit-13.2.1+git7813-150000.1.3.3 * libm2min18-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-obj-c++-32bit-13.2.1+git7813-150000.1.3.3 * libgomp1-32bit-13.2.1+git7813-150000.1.3.3 * libm2cor18-32bit-13.2.1+git7813-150000.1.3.3 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libgfortran5-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libm2min18-32bit-13.2.1+git7813-150000.1.3.3 * libgphobos4-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-c++-32bit-13.2.1+git7813-150000.1.3.3 * libgo22-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libm2pim18-32bit-13.2.1+git7813-150000.1.3.3 * libstdc++6-devel-gcc13-32bit-13.2.1+git7813-150000.1.3.3 * libm2log18-32bit-13.2.1+git7813-150000.1.3.3 * libatomic1-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-fortran-32bit-13.2.1+git7813-150000.1.3.3 * openSUSE Leap 15.4 (aarch64 s390x x86_64) * libgphobos4-13.2.1+git7813-150000.1.3.3 * gcc13-d-debuginfo-13.2.1+git7813-150000.1.3.3 * libgdruntime4-13.2.1+git7813-150000.1.3.3 * gcc13-d-13.2.1+git7813-150000.1.3.3 * libgdruntime4-debuginfo-13.2.1+git7813-150000.1.3.3 * libgphobos4-debuginfo-13.2.1+git7813-150000.1.3.3 * openSUSE Leap 15.4 (noarch) * gcc13-info-13.2.1+git7813-150000.1.3.3 * openSUSE Leap 15.4 (aarch64 x86_64) * libhwasan0-debuginfo-13.2.1+git7813-150000.1.3.3 * libhwasan0-13.2.1+git7813-150000.1.3.3 * openSUSE Leap 15.4 (ppc64le x86_64) * libquadmath0-debuginfo-13.2.1+git7813-150000.1.3.3 * libquadmath0-13.2.1+git7813-150000.1.3.3 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libgo22-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-debugsource-13.2.1+git7813-150000.1.3.3 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.3.3 * libobjc4-debuginfo-13.2.1+git7813-150000.1.3.3 * libstdc++6-pp-13.2.1+git7813-150000.1.3.3 * libubsan1-13.2.1+git7813-150000.1.3.3 * gcc13-ada-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-go-13.2.1+git7813-150000.1.3.3 * gcc13-obj-c++-13.2.1+git7813-150000.1.3.3 * gcc13-fortran-13.2.1+git7813-150000.1.3.3 * libatomic1-13.2.1+git7813-150000.1.3.3 * gcc13-m2-13.2.1+git7813-150000.1.3.3 * libada13-13.2.1+git7813-150000.1.3.3 * libobjc4-13.2.1+git7813-150000.1.3.3 * libtsan2-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-debuginfo-13.2.1+git7813-150000.1.3.3 * libm2cor18-debuginfo-13.2.1+git7813-150000.1.3.3 * libm2pim18-13.2.1+git7813-150000.1.3.3 * libgomp1-13.2.1+git7813-150000.1.3.3 * gcc13-fortran-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-PIE-13.2.1+git7813-150000.1.3.3 * libm2cor18-13.2.1+git7813-150000.1.3.3 * libatomic1-debuginfo-13.2.1+git7813-150000.1.3.3 * cpp13-debuginfo-13.2.1+git7813-150000.1.3.3 * libgo22-13.2.1+git7813-150000.1.3.3 * libgomp1-debuginfo-13.2.1+git7813-150000.1.3.3 * libgfortran5-13.2.1+git7813-150000.1.3.3 * gcc13-objc-13.2.1+git7813-150000.1.3.3 * libitm1-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-ada-13.2.1+git7813-150000.1.3.3 * libm2log18-debuginfo-13.2.1+git7813-150000.1.3.3 * libstdc++6-locale-13.2.1+git7813-150000.1.3.3 * libm2iso18-13.2.1+git7813-150000.1.3.3 * liblsan0-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-locale-13.2.1+git7813-150000.1.3.3 * libubsan1-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-c++-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-m2-debuginfo-13.2.1+git7813-150000.1.3.3 * libm2min18-debuginfo-13.2.1+git7813-150000.1.3.3 * liblsan0-13.2.1+git7813-150000.1.3.3 * libstdc++6-devel-gcc13-13.2.1+git7813-150000.1.3.3 * libm2log18-13.2.1+git7813-150000.1.3.3 * gcc13-go-debuginfo-13.2.1+git7813-150000.1.3.3 * libm2min18-13.2.1+git7813-150000.1.3.3 * libasan8-13.2.1+git7813-150000.1.3.3 * cpp13-13.2.1+git7813-150000.1.3.3 * gcc13-objc-debuginfo-13.2.1+git7813-150000.1.3.3 * libstdc++6-13.2.1+git7813-150000.1.3.3 * libm2iso18-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-13.2.1+git7813-150000.1.3.3 * gcc13-c++-13.2.1+git7813-150000.1.3.3 * libasan8-debuginfo-13.2.1+git7813-150000.1.3.3 * libm2pim18-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-obj-c++-debuginfo-13.2.1+git7813-150000.1.3.3 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.3.3 * libgcc_s1-13.2.1+git7813-150000.1.3.3 * libitm1-13.2.1+git7813-150000.1.3.3 * libada13-debuginfo-13.2.1+git7813-150000.1.3.3 * libgfortran5-debuginfo-13.2.1+git7813-150000.1.3.3 * libtsan2-13.2.1+git7813-150000.1.3.3 * openSUSE Leap 15.5 (x86_64) * cross-nvptx-newlib13-devel-13.2.1+git7813-150000.1.3.2 * cross-nvptx-gcc13-13.2.1+git7813-150000.1.3.2 * libquadmath0-32bit-13.2.1+git7813-150000.1.3.3 * cross-nvptx-gcc13-debugsource-13.2.1+git7813-150000.1.3.2 * libquadmath0-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * cross-nvptx-gcc13-debuginfo-13.2.1+git7813-150000.1.3.2 * openSUSE Leap 15.5 (s390x x86_64) * libgo22-32bit-13.2.1+git7813-150000.1.3.3 * libm2pim18-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libgomp1-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libasan8-32bit-13.2.1+git7813-150000.1.3.3 * libgphobos4-32bit-13.2.1+git7813-150000.1.3.3 * libitm1-32bit-13.2.1+git7813-150000.1.3.3 * libm2cor18-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libasan8-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libgcc_s1-32bit-13.2.1+git7813-150000.1.3.3 * libm2log18-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libobjc4-32bit-13.2.1+git7813-150000.1.3.3 * gcc13-d-32bit-13.2.1+git7813-150000.1.3.3 * gcc13-go-32bit-13.2.1+git7813-150000.1.3.3 * libubsan1-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libatomic1-32bit-13.2.1+git7813-150000.1.3.3 * libstdc++6-32bit-13.2.1+git7813-150000.1.3.3 * libstdc++6-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-objc-32bit-13.2.1+git7813-150000.1.3.3 * gcc13-m2-32bit-13.2.1+git7813-150000.1.3.3 * libgdruntime4-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libm2iso18-32bit-13.2.1+git7813-150000.1.3.3 * libobjc4-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libgdruntime4-32bit-13.2.1+git7813-150000.1.3.3 * gcc13-32bit-13.2.1+git7813-150000.1.3.3 * libm2iso18-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libubsan1-32bit-13.2.1+git7813-150000.1.3.3 * libada13-32bit-13.2.1+git7813-150000.1.3.3 * gcc13-ada-32bit-13.2.1+git7813-150000.1.3.3 * libitm1-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libstdc++6-pp-32bit-13.2.1+git7813-150000.1.3.3 * libada13-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libgfortran5-32bit-13.2.1+git7813-150000.1.3.3 * libm2min18-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-obj-c++-32bit-13.2.1+git7813-150000.1.3.3 * libgomp1-32bit-13.2.1+git7813-150000.1.3.3 * libm2cor18-32bit-13.2.1+git7813-150000.1.3.3 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libgfortran5-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libm2min18-32bit-13.2.1+git7813-150000.1.3.3 * libgphobos4-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-c++-32bit-13.2.1+git7813-150000.1.3.3 * libgo22-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libm2pim18-32bit-13.2.1+git7813-150000.1.3.3 * libstdc++6-devel-gcc13-32bit-13.2.1+git7813-150000.1.3.3 * libm2log18-32bit-13.2.1+git7813-150000.1.3.3 * libatomic1-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-fortran-32bit-13.2.1+git7813-150000.1.3.3 * openSUSE Leap 15.5 (aarch64 s390x x86_64) * libgphobos4-13.2.1+git7813-150000.1.3.3 * gcc13-d-debuginfo-13.2.1+git7813-150000.1.3.3 * libgdruntime4-13.2.1+git7813-150000.1.3.3 * gcc13-d-13.2.1+git7813-150000.1.3.3 * libgdruntime4-debuginfo-13.2.1+git7813-150000.1.3.3 * libgphobos4-debuginfo-13.2.1+git7813-150000.1.3.3 * openSUSE Leap 15.5 (noarch) * gcc13-info-13.2.1+git7813-150000.1.3.3 * openSUSE Leap 15.5 (aarch64 x86_64) * libhwasan0-debuginfo-13.2.1+git7813-150000.1.3.3 * libhwasan0-13.2.1+git7813-150000.1.3.3 * openSUSE Leap 15.5 (ppc64le x86_64) * libquadmath0-debuginfo-13.2.1+git7813-150000.1.3.3 * libquadmath0-13.2.1+git7813-150000.1.3.3 * SUSE Linux Enterprise Server 15 SP2 (aarch64 ppc64le s390x x86_64) * libstdc++6-13.2.1+git7813-150000.1.3.3 * SUSE Linux Enterprise Server 15 SP3 (aarch64 ppc64le s390x x86_64) * libstdc++6-13.2.1+git7813-150000.1.3.3 * SUSE Linux Enterprise High Performance Computing 15 SP4 (aarch64 x86_64) * libstdc++6-13.2.1+git7813-150000.1.3.3 * SUSE Linux Enterprise Server 15 SP4 (aarch64 ppc64le s390x x86_64) * libstdc++6-13.2.1+git7813-150000.1.3.3 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * libstdc++6-13.2.1+git7813-150000.1.3.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libstdc++6-13.2.1+git7813-150000.1.3.3 * SUSE Linux Enterprise Desktop 15 SP4 (x86_64) * libstdc++6-13.2.1+git7813-150000.1.3.3 * SUSE Manager Retail Branch Server 4.3 (x86_64) * libstdc++6-13.2.1+git7813-150000.1.3.3 * SUSE Manager Proxy 4.3 (x86_64) * libstdc++6-13.2.1+git7813-150000.1.3.3 * SUSE Linux Enterprise High Performance Computing 15 SP5 (aarch64 x86_64) * libstdc++6-13.2.1+git7813-150000.1.3.3 * SUSE Linux Enterprise Server 15 SP5 (aarch64 ppc64le s390x x86_64) * libstdc++6-13.2.1+git7813-150000.1.3.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libstdc++6-13.2.1+git7813-150000.1.3.3 * SUSE Linux Enterprise Desktop 15 SP5 (x86_64) * libstdc++6-13.2.1+git7813-150000.1.3.3 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * gcc13-debugsource-13.2.1+git7813-150000.1.3.3 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.3.3 * libstdc++6-13.2.1+git7813-150000.1.3.3 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.3.3 * libgcc_s1-13.2.1+git7813-150000.1.3.3 * gcc13-debuginfo-13.2.1+git7813-150000.1.3.3 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * gcc13-debugsource-13.2.1+git7813-150000.1.3.3 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.3.3 * libstdc++6-13.2.1+git7813-150000.1.3.3 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.3.3 * libgcc_s1-13.2.1+git7813-150000.1.3.3 * gcc13-debuginfo-13.2.1+git7813-150000.1.3.3 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * gcc13-debugsource-13.2.1+git7813-150000.1.3.3 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.3.3 * libstdc++6-13.2.1+git7813-150000.1.3.3 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.3.3 * libgcc_s1-13.2.1+git7813-150000.1.3.3 * gcc13-debuginfo-13.2.1+git7813-150000.1.3.3 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * gcc13-debugsource-13.2.1+git7813-150000.1.3.3 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.3.3 * libstdc++6-13.2.1+git7813-150000.1.3.3 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.3.3 * libgcc_s1-13.2.1+git7813-150000.1.3.3 * gcc13-debuginfo-13.2.1+git7813-150000.1.3.3 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * gcc13-debugsource-13.2.1+git7813-150000.1.3.3 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.3.3 * libstdc++6-13.2.1+git7813-150000.1.3.3 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.3.3 * libgcc_s1-13.2.1+git7813-150000.1.3.3 * gcc13-debuginfo-13.2.1+git7813-150000.1.3.3 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * gcc13-debugsource-13.2.1+git7813-150000.1.3.3 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.3.3 * libobjc4-debuginfo-13.2.1+git7813-150000.1.3.3 * libstdc++6-pp-13.2.1+git7813-150000.1.3.3 * libubsan1-13.2.1+git7813-150000.1.3.3 * libobjc4-13.2.1+git7813-150000.1.3.3 * libatomic1-13.2.1+git7813-150000.1.3.3 * libtsan2-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-debuginfo-13.2.1+git7813-150000.1.3.3 * libgomp1-13.2.1+git7813-150000.1.3.3 * libatomic1-debuginfo-13.2.1+git7813-150000.1.3.3 * libgomp1-debuginfo-13.2.1+git7813-150000.1.3.3 * libgfortran5-13.2.1+git7813-150000.1.3.3 * libitm1-debuginfo-13.2.1+git7813-150000.1.3.3 * libstdc++6-locale-13.2.1+git7813-150000.1.3.3 * liblsan0-debuginfo-13.2.1+git7813-150000.1.3.3 * libubsan1-debuginfo-13.2.1+git7813-150000.1.3.3 * liblsan0-13.2.1+git7813-150000.1.3.3 * libasan8-13.2.1+git7813-150000.1.3.3 * libstdc++6-13.2.1+git7813-150000.1.3.3 * libasan8-debuginfo-13.2.1+git7813-150000.1.3.3 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.3.3 * libgcc_s1-13.2.1+git7813-150000.1.3.3 * libitm1-13.2.1+git7813-150000.1.3.3 * libgfortran5-debuginfo-13.2.1+git7813-150000.1.3.3 * libtsan2-13.2.1+git7813-150000.1.3.3 * Basesystem Module 15-SP4 (aarch64 x86_64) * libhwasan0-debuginfo-13.2.1+git7813-150000.1.3.3 * libhwasan0-13.2.1+git7813-150000.1.3.3 * Basesystem Module 15-SP4 (ppc64le x86_64) * libquadmath0-debuginfo-13.2.1+git7813-150000.1.3.3 * libquadmath0-13.2.1+git7813-150000.1.3.3 * Basesystem Module 15-SP4 (x86_64) * libgomp1-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libasan8-32bit-13.2.1+git7813-150000.1.3.3 * libitm1-32bit-13.2.1+git7813-150000.1.3.3 * libasan8-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libgcc_s1-32bit-13.2.1+git7813-150000.1.3.3 * libobjc4-32bit-13.2.1+git7813-150000.1.3.3 * libubsan1-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libatomic1-32bit-13.2.1+git7813-150000.1.3.3 * libstdc++6-32bit-13.2.1+git7813-150000.1.3.3 * libstdc++6-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libobjc4-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libubsan1-32bit-13.2.1+git7813-150000.1.3.3 * libstdc++6-pp-32bit-13.2.1+git7813-150000.1.3.3 * libgfortran5-32bit-13.2.1+git7813-150000.1.3.3 * libquadmath0-32bit-13.2.1+git7813-150000.1.3.3 * libgomp1-32bit-13.2.1+git7813-150000.1.3.3 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libgfortran5-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libquadmath0-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libatomic1-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libitm1-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * gcc13-debugsource-13.2.1+git7813-150000.1.3.3 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.3.3 * libobjc4-debuginfo-13.2.1+git7813-150000.1.3.3 * libstdc++6-pp-13.2.1+git7813-150000.1.3.3 * libubsan1-13.2.1+git7813-150000.1.3.3 * libobjc4-13.2.1+git7813-150000.1.3.3 * libatomic1-13.2.1+git7813-150000.1.3.3 * libtsan2-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-debuginfo-13.2.1+git7813-150000.1.3.3 * libgomp1-13.2.1+git7813-150000.1.3.3 * libatomic1-debuginfo-13.2.1+git7813-150000.1.3.3 * libgomp1-debuginfo-13.2.1+git7813-150000.1.3.3 * libgfortran5-13.2.1+git7813-150000.1.3.3 * libitm1-debuginfo-13.2.1+git7813-150000.1.3.3 * libstdc++6-locale-13.2.1+git7813-150000.1.3.3 * liblsan0-debuginfo-13.2.1+git7813-150000.1.3.3 * libubsan1-debuginfo-13.2.1+git7813-150000.1.3.3 * liblsan0-13.2.1+git7813-150000.1.3.3 * libasan8-13.2.1+git7813-150000.1.3.3 * libstdc++6-13.2.1+git7813-150000.1.3.3 * libasan8-debuginfo-13.2.1+git7813-150000.1.3.3 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.3.3 * libgcc_s1-13.2.1+git7813-150000.1.3.3 * libitm1-13.2.1+git7813-150000.1.3.3 * libgfortran5-debuginfo-13.2.1+git7813-150000.1.3.3 * libtsan2-13.2.1+git7813-150000.1.3.3 * Basesystem Module 15-SP5 (aarch64 x86_64) * libhwasan0-debuginfo-13.2.1+git7813-150000.1.3.3 * libhwasan0-13.2.1+git7813-150000.1.3.3 * Basesystem Module 15-SP5 (ppc64le x86_64) * libquadmath0-debuginfo-13.2.1+git7813-150000.1.3.3 * libquadmath0-13.2.1+git7813-150000.1.3.3 * Basesystem Module 15-SP5 (x86_64) * libgomp1-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libasan8-32bit-13.2.1+git7813-150000.1.3.3 * libitm1-32bit-13.2.1+git7813-150000.1.3.3 * libasan8-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libgcc_s1-32bit-13.2.1+git7813-150000.1.3.3 * libobjc4-32bit-13.2.1+git7813-150000.1.3.3 * libubsan1-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libatomic1-32bit-13.2.1+git7813-150000.1.3.3 * libstdc++6-32bit-13.2.1+git7813-150000.1.3.3 * libstdc++6-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libobjc4-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libubsan1-32bit-13.2.1+git7813-150000.1.3.3 * libstdc++6-pp-32bit-13.2.1+git7813-150000.1.3.3 * libgfortran5-32bit-13.2.1+git7813-150000.1.3.3 * libquadmath0-32bit-13.2.1+git7813-150000.1.3.3 * libgomp1-32bit-13.2.1+git7813-150000.1.3.3 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libgfortran5-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libquadmath0-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libatomic1-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libitm1-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * cpp13-13.2.1+git7813-150000.1.3.3 * gcc13-debugsource-13.2.1+git7813-150000.1.3.3 * gcc13-fortran-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-locale-13.2.1+git7813-150000.1.3.3 * gcc13-13.2.1+git7813-150000.1.3.3 * gcc13-c++-13.2.1+git7813-150000.1.3.3 * gcc13-c++-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-PIE-13.2.1+git7813-150000.1.3.3 * gcc13-fortran-13.2.1+git7813-150000.1.3.3 * libstdc++6-devel-gcc13-13.2.1+git7813-150000.1.3.3 * cpp13-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-debuginfo-13.2.1+git7813-150000.1.3.3 * Development Tools Module 15-SP4 (noarch) * gcc13-info-13.2.1+git7813-150000.1.3.3 * Development Tools Module 15-SP4 (x86_64) * cross-nvptx-newlib13-devel-13.2.1+git7813-150000.1.3.2 * cross-nvptx-gcc13-13.2.1+git7813-150000.1.3.2 * gcc13-c++-32bit-13.2.1+git7813-150000.1.3.3 * libstdc++6-devel-gcc13-32bit-13.2.1+git7813-150000.1.3.3 * cross-nvptx-gcc13-debugsource-13.2.1+git7813-150000.1.3.2 * gcc13-32bit-13.2.1+git7813-150000.1.3.3 * cross-nvptx-gcc13-debuginfo-13.2.1+git7813-150000.1.3.2 * gcc13-fortran-32bit-13.2.1+git7813-150000.1.3.3 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * cpp13-13.2.1+git7813-150000.1.3.3 * gcc13-debugsource-13.2.1+git7813-150000.1.3.3 * gcc13-fortran-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-locale-13.2.1+git7813-150000.1.3.3 * gcc13-13.2.1+git7813-150000.1.3.3 * gcc13-c++-13.2.1+git7813-150000.1.3.3 * gcc13-c++-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-PIE-13.2.1+git7813-150000.1.3.3 * gcc13-fortran-13.2.1+git7813-150000.1.3.3 * libstdc++6-devel-gcc13-13.2.1+git7813-150000.1.3.3 * cpp13-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-debuginfo-13.2.1+git7813-150000.1.3.3 * Development Tools Module 15-SP5 (noarch) * gcc13-info-13.2.1+git7813-150000.1.3.3 * Development Tools Module 15-SP5 (x86_64) * cross-nvptx-newlib13-devel-13.2.1+git7813-150000.1.3.2 * cross-nvptx-gcc13-13.2.1+git7813-150000.1.3.2 * gcc13-c++-32bit-13.2.1+git7813-150000.1.3.3 * libstdc++6-devel-gcc13-32bit-13.2.1+git7813-150000.1.3.3 * cross-nvptx-gcc13-debugsource-13.2.1+git7813-150000.1.3.2 * gcc13-32bit-13.2.1+git7813-150000.1.3.3 * cross-nvptx-gcc13-debuginfo-13.2.1+git7813-150000.1.3.2 * gcc13-fortran-32bit-13.2.1+git7813-150000.1.3.3 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * libgo22-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-debugsource-13.2.1+git7813-150000.1.3.3 * gcc13-ada-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-go-13.2.1+git7813-150000.1.3.3 * gcc13-obj-c++-13.2.1+git7813-150000.1.3.3 * gcc13-m2-13.2.1+git7813-150000.1.3.3 * libada13-13.2.1+git7813-150000.1.3.3 * gcc13-debuginfo-13.2.1+git7813-150000.1.3.3 * libm2cor18-debuginfo-13.2.1+git7813-150000.1.3.3 * libm2pim18-13.2.1+git7813-150000.1.3.3 * libm2cor18-13.2.1+git7813-150000.1.3.3 * libgo22-13.2.1+git7813-150000.1.3.3 * gcc13-objc-13.2.1+git7813-150000.1.3.3 * gcc13-ada-13.2.1+git7813-150000.1.3.3 * libm2log18-debuginfo-13.2.1+git7813-150000.1.3.3 * libm2iso18-13.2.1+git7813-150000.1.3.3 * gcc13-m2-debuginfo-13.2.1+git7813-150000.1.3.3 * libm2min18-debuginfo-13.2.1+git7813-150000.1.3.3 * libm2log18-13.2.1+git7813-150000.1.3.3 * gcc13-go-debuginfo-13.2.1+git7813-150000.1.3.3 * libm2min18-13.2.1+git7813-150000.1.3.3 * gcc13-objc-debuginfo-13.2.1+git7813-150000.1.3.3 * libm2iso18-debuginfo-13.2.1+git7813-150000.1.3.3 * libm2pim18-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-obj-c++-debuginfo-13.2.1+git7813-150000.1.3.3 * libada13-debuginfo-13.2.1+git7813-150000.1.3.3 * SUSE Package Hub 15 15-SP4 (aarch64 s390x x86_64) * libgphobos4-13.2.1+git7813-150000.1.3.3 * gcc13-d-debuginfo-13.2.1+git7813-150000.1.3.3 * libgdruntime4-13.2.1+git7813-150000.1.3.3 * gcc13-d-13.2.1+git7813-150000.1.3.3 * libgdruntime4-debuginfo-13.2.1+git7813-150000.1.3.3 * libgphobos4-debuginfo-13.2.1+git7813-150000.1.3.3 * SUSE Package Hub 15 15-SP4 (x86_64) * libgo22-32bit-13.2.1+git7813-150000.1.3.3 * libm2pim18-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libgphobos4-32bit-13.2.1+git7813-150000.1.3.3 * libm2cor18-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libm2log18-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-d-32bit-13.2.1+git7813-150000.1.3.3 * gcc13-go-32bit-13.2.1+git7813-150000.1.3.3 * gcc13-objc-32bit-13.2.1+git7813-150000.1.3.3 * gcc13-m2-32bit-13.2.1+git7813-150000.1.3.3 * libgdruntime4-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libm2iso18-32bit-13.2.1+git7813-150000.1.3.3 * libgdruntime4-32bit-13.2.1+git7813-150000.1.3.3 * libm2iso18-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libada13-32bit-13.2.1+git7813-150000.1.3.3 * gcc13-ada-32bit-13.2.1+git7813-150000.1.3.3 * libada13-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libm2min18-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-obj-c++-32bit-13.2.1+git7813-150000.1.3.3 * libm2cor18-32bit-13.2.1+git7813-150000.1.3.3 * libm2min18-32bit-13.2.1+git7813-150000.1.3.3 * libgphobos4-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libgo22-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libm2pim18-32bit-13.2.1+git7813-150000.1.3.3 * libm2log18-32bit-13.2.1+git7813-150000.1.3.3 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * libgo22-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-debugsource-13.2.1+git7813-150000.1.3.3 * gcc13-ada-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-go-13.2.1+git7813-150000.1.3.3 * gcc13-obj-c++-13.2.1+git7813-150000.1.3.3 * gcc13-m2-13.2.1+git7813-150000.1.3.3 * libada13-13.2.1+git7813-150000.1.3.3 * gcc13-debuginfo-13.2.1+git7813-150000.1.3.3 * libm2cor18-debuginfo-13.2.1+git7813-150000.1.3.3 * libm2pim18-13.2.1+git7813-150000.1.3.3 * libm2cor18-13.2.1+git7813-150000.1.3.3 * libgo22-13.2.1+git7813-150000.1.3.3 * gcc13-objc-13.2.1+git7813-150000.1.3.3 * gcc13-ada-13.2.1+git7813-150000.1.3.3 * libm2log18-debuginfo-13.2.1+git7813-150000.1.3.3 * libm2iso18-13.2.1+git7813-150000.1.3.3 * gcc13-m2-debuginfo-13.2.1+git7813-150000.1.3.3 * libm2min18-debuginfo-13.2.1+git7813-150000.1.3.3 * libm2log18-13.2.1+git7813-150000.1.3.3 * gcc13-go-debuginfo-13.2.1+git7813-150000.1.3.3 * libm2min18-13.2.1+git7813-150000.1.3.3 * gcc13-objc-debuginfo-13.2.1+git7813-150000.1.3.3 * libm2iso18-debuginfo-13.2.1+git7813-150000.1.3.3 * libm2pim18-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-obj-c++-debuginfo-13.2.1+git7813-150000.1.3.3 * libada13-debuginfo-13.2.1+git7813-150000.1.3.3 * SUSE Package Hub 15 15-SP5 (aarch64 s390x x86_64) * libgphobos4-13.2.1+git7813-150000.1.3.3 * gcc13-d-debuginfo-13.2.1+git7813-150000.1.3.3 * libgdruntime4-13.2.1+git7813-150000.1.3.3 * gcc13-d-13.2.1+git7813-150000.1.3.3 * libgdruntime4-debuginfo-13.2.1+git7813-150000.1.3.3 * libgphobos4-debuginfo-13.2.1+git7813-150000.1.3.3 * SUSE Package Hub 15 15-SP5 (x86_64) * libgo22-32bit-13.2.1+git7813-150000.1.3.3 * libm2pim18-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libgphobos4-32bit-13.2.1+git7813-150000.1.3.3 * libm2cor18-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libm2log18-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-d-32bit-13.2.1+git7813-150000.1.3.3 * gcc13-go-32bit-13.2.1+git7813-150000.1.3.3 * gcc13-objc-32bit-13.2.1+git7813-150000.1.3.3 * gcc13-m2-32bit-13.2.1+git7813-150000.1.3.3 * libgdruntime4-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libm2iso18-32bit-13.2.1+git7813-150000.1.3.3 * libgdruntime4-32bit-13.2.1+git7813-150000.1.3.3 * libm2iso18-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libada13-32bit-13.2.1+git7813-150000.1.3.3 * gcc13-ada-32bit-13.2.1+git7813-150000.1.3.3 * libada13-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libm2min18-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * gcc13-obj-c++-32bit-13.2.1+git7813-150000.1.3.3 * libm2cor18-32bit-13.2.1+git7813-150000.1.3.3 * libm2min18-32bit-13.2.1+git7813-150000.1.3.3 * libgphobos4-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libgo22-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libm2pim18-32bit-13.2.1+git7813-150000.1.3.3 * libm2log18-32bit-13.2.1+git7813-150000.1.3.3 * SUSE Manager Proxy 4.2 (x86_64) * libstdc++6-debuginfo-13.2.1+git7813-150000.1.3.3 * libgomp1-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libasan8-32bit-13.2.1+git7813-150000.1.3.3 * libobjc4-debuginfo-13.2.1+git7813-150000.1.3.3 * libstdc++6-pp-13.2.1+git7813-150000.1.3.3 * libitm1-32bit-13.2.1+git7813-150000.1.3.3 * libubsan1-13.2.1+git7813-150000.1.3.3 * libasan8-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libgcc_s1-32bit-13.2.1+git7813-150000.1.3.3 * libhwasan0-13.2.1+git7813-150000.1.3.3 * libobjc4-32bit-13.2.1+git7813-150000.1.3.3 * libatomic1-13.2.1+git7813-150000.1.3.3 * libobjc4-13.2.1+git7813-150000.1.3.3 * libquadmath0-debuginfo-13.2.1+git7813-150000.1.3.3 * libtsan2-debuginfo-13.2.1+git7813-150000.1.3.3 * libubsan1-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libatomic1-32bit-13.2.1+git7813-150000.1.3.3 * libstdc++6-32bit-13.2.1+git7813-150000.1.3.3 * libgomp1-13.2.1+git7813-150000.1.3.3 * libstdc++6-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libatomic1-debuginfo-13.2.1+git7813-150000.1.3.3 * libgomp1-debuginfo-13.2.1+git7813-150000.1.3.3 * libgfortran5-13.2.1+git7813-150000.1.3.3 * libobjc4-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libubsan1-32bit-13.2.1+git7813-150000.1.3.3 * libitm1-debuginfo-13.2.1+git7813-150000.1.3.3 * libitm1-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libstdc++6-locale-13.2.1+git7813-150000.1.3.3 * libstdc++6-pp-32bit-13.2.1+git7813-150000.1.3.3 * liblsan0-debuginfo-13.2.1+git7813-150000.1.3.3 * libubsan1-debuginfo-13.2.1+git7813-150000.1.3.3 * libgfortran5-32bit-13.2.1+git7813-150000.1.3.3 * libquadmath0-32bit-13.2.1+git7813-150000.1.3.3 * liblsan0-13.2.1+git7813-150000.1.3.3 * libgomp1-32bit-13.2.1+git7813-150000.1.3.3 * libasan8-13.2.1+git7813-150000.1.3.3 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libgfortran5-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libhwasan0-debuginfo-13.2.1+git7813-150000.1.3.3 * libstdc++6-13.2.1+git7813-150000.1.3.3 * libasan8-debuginfo-13.2.1+git7813-150000.1.3.3 * libquadmath0-13.2.1+git7813-150000.1.3.3 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.3.3 * libgcc_s1-13.2.1+git7813-150000.1.3.3 * libitm1-13.2.1+git7813-150000.1.3.3 * libatomic1-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libquadmath0-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libgfortran5-debuginfo-13.2.1+git7813-150000.1.3.3 * libtsan2-13.2.1+git7813-150000.1.3.3 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libstdc++6-debuginfo-13.2.1+git7813-150000.1.3.3 * libgomp1-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libasan8-32bit-13.2.1+git7813-150000.1.3.3 * libobjc4-debuginfo-13.2.1+git7813-150000.1.3.3 * libstdc++6-pp-13.2.1+git7813-150000.1.3.3 * libitm1-32bit-13.2.1+git7813-150000.1.3.3 * libubsan1-13.2.1+git7813-150000.1.3.3 * libasan8-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libgcc_s1-32bit-13.2.1+git7813-150000.1.3.3 * libhwasan0-13.2.1+git7813-150000.1.3.3 * libobjc4-32bit-13.2.1+git7813-150000.1.3.3 * libatomic1-13.2.1+git7813-150000.1.3.3 * libobjc4-13.2.1+git7813-150000.1.3.3 * libquadmath0-debuginfo-13.2.1+git7813-150000.1.3.3 * libtsan2-debuginfo-13.2.1+git7813-150000.1.3.3 * libubsan1-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libatomic1-32bit-13.2.1+git7813-150000.1.3.3 * libstdc++6-32bit-13.2.1+git7813-150000.1.3.3 * libgomp1-13.2.1+git7813-150000.1.3.3 * libstdc++6-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libatomic1-debuginfo-13.2.1+git7813-150000.1.3.3 * libgomp1-debuginfo-13.2.1+git7813-150000.1.3.3 * libgfortran5-13.2.1+git7813-150000.1.3.3 * libobjc4-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libubsan1-32bit-13.2.1+git7813-150000.1.3.3 * libitm1-debuginfo-13.2.1+git7813-150000.1.3.3 * libitm1-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libstdc++6-locale-13.2.1+git7813-150000.1.3.3 * libstdc++6-pp-32bit-13.2.1+git7813-150000.1.3.3 * liblsan0-debuginfo-13.2.1+git7813-150000.1.3.3 * libubsan1-debuginfo-13.2.1+git7813-150000.1.3.3 * libgfortran5-32bit-13.2.1+git7813-150000.1.3.3 * libquadmath0-32bit-13.2.1+git7813-150000.1.3.3 * liblsan0-13.2.1+git7813-150000.1.3.3 * libgomp1-32bit-13.2.1+git7813-150000.1.3.3 * libasan8-13.2.1+git7813-150000.1.3.3 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libgfortran5-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libhwasan0-debuginfo-13.2.1+git7813-150000.1.3.3 * libstdc++6-13.2.1+git7813-150000.1.3.3 * libasan8-debuginfo-13.2.1+git7813-150000.1.3.3 * libquadmath0-13.2.1+git7813-150000.1.3.3 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.3.3 * libgcc_s1-13.2.1+git7813-150000.1.3.3 * libitm1-13.2.1+git7813-150000.1.3.3 * libatomic1-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libquadmath0-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libgfortran5-debuginfo-13.2.1+git7813-150000.1.3.3 * libtsan2-13.2.1+git7813-150000.1.3.3 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libstdc++6-debuginfo-13.2.1+git7813-150000.1.3.3 * libobjc4-debuginfo-13.2.1+git7813-150000.1.3.3 * libstdc++6-pp-13.2.1+git7813-150000.1.3.3 * libubsan1-13.2.1+git7813-150000.1.3.3 * libatomic1-13.2.1+git7813-150000.1.3.3 * libobjc4-13.2.1+git7813-150000.1.3.3 * libtsan2-debuginfo-13.2.1+git7813-150000.1.3.3 * libgomp1-13.2.1+git7813-150000.1.3.3 * libatomic1-debuginfo-13.2.1+git7813-150000.1.3.3 * libgomp1-debuginfo-13.2.1+git7813-150000.1.3.3 * libgfortran5-13.2.1+git7813-150000.1.3.3 * libitm1-debuginfo-13.2.1+git7813-150000.1.3.3 * libstdc++6-locale-13.2.1+git7813-150000.1.3.3 * liblsan0-debuginfo-13.2.1+git7813-150000.1.3.3 * libubsan1-debuginfo-13.2.1+git7813-150000.1.3.3 * liblsan0-13.2.1+git7813-150000.1.3.3 * libasan8-13.2.1+git7813-150000.1.3.3 * libstdc++6-13.2.1+git7813-150000.1.3.3 * libasan8-debuginfo-13.2.1+git7813-150000.1.3.3 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.3.3 * libgcc_s1-13.2.1+git7813-150000.1.3.3 * libitm1-13.2.1+git7813-150000.1.3.3 * libgfortran5-debuginfo-13.2.1+git7813-150000.1.3.3 * libtsan2-13.2.1+git7813-150000.1.3.3 * SUSE Manager Server 4.2 (ppc64le x86_64) * libquadmath0-debuginfo-13.2.1+git7813-150000.1.3.3 * libquadmath0-13.2.1+git7813-150000.1.3.3 * SUSE Manager Server 4.2 (x86_64) * libgomp1-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libasan8-32bit-13.2.1+git7813-150000.1.3.3 * libitm1-32bit-13.2.1+git7813-150000.1.3.3 * libasan8-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libgcc_s1-32bit-13.2.1+git7813-150000.1.3.3 * libhwasan0-13.2.1+git7813-150000.1.3.3 * libobjc4-32bit-13.2.1+git7813-150000.1.3.3 * libubsan1-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libatomic1-32bit-13.2.1+git7813-150000.1.3.3 * libstdc++6-32bit-13.2.1+git7813-150000.1.3.3 * libstdc++6-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libobjc4-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libubsan1-32bit-13.2.1+git7813-150000.1.3.3 * libstdc++6-pp-32bit-13.2.1+git7813-150000.1.3.3 * libgfortran5-32bit-13.2.1+git7813-150000.1.3.3 * libquadmath0-32bit-13.2.1+git7813-150000.1.3.3 * libgomp1-32bit-13.2.1+git7813-150000.1.3.3 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libgfortran5-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libhwasan0-debuginfo-13.2.1+git7813-150000.1.3.3 * libquadmath0-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libatomic1-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * libitm1-32bit-debuginfo-13.2.1+git7813-150000.1.3.3 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libstdc++6-13.2.1+git7813-150000.1.3.3 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.3.3 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.3.3 * libgcc_s1-13.2.1+git7813-150000.1.3.3 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libstdc++6-13.2.1+git7813-150000.1.3.3 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.3.3 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.3.3 * libgcc_s1-13.2.1+git7813-150000.1.3.3 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libstdc++6-13.2.1+git7813-150000.1.3.3 * libgcc_s1-debuginfo-13.2.1+git7813-150000.1.3.3 * libstdc++6-debuginfo-13.2.1+git7813-150000.1.3.3 * libgcc_s1-13.2.1+git7813-150000.1.3.3 ## References: * https://www.suse.com/security/cve/CVE-2023-4039.html * https://bugzilla.suse.com/show_bug.cgi?id=1206480 * https://bugzilla.suse.com/show_bug.cgi?id=1206684 * https://bugzilla.suse.com/show_bug.cgi?id=1210557 * https://bugzilla.suse.com/show_bug.cgi?id=1211427 * https://bugzilla.suse.com/show_bug.cgi?id=1212101 * https://bugzilla.suse.com/show_bug.cgi?id=1213915 * https://bugzilla.suse.com/show_bug.cgi?id=1214052 * https://bugzilla.suse.com/show_bug.cgi?id=1214460 * https://jira.suse.com/browse/PED-153 * https://jira.suse.com/browse/PED-2005 * https://jira.suse.com/browse/PED-252 * https://jira.suse.com/browse/PED-253 * https://jira.suse.com/browse/PED-6584 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 23 16:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Oct 2023 16:30:08 -0000 Subject: SUSE-SU-2023:4161-1: moderate: Security update for fwupdate Message-ID: <169807860833.18156.13011786844165300764@smelt2.prg2.suse.org> # Security update for fwupdate Announcement ID: SUSE-SU-2023:4161-1 Rating: moderate References: * bsc#1209188 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one security fix can now be installed. ## Description: This update of fwupdate fixes the following issues: * rebuild the package with the new secure boot key (bsc#1209188). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4161=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4161=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4161=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * fwupdate-0.5-10.14.5 * fwupdate-debugsource-0.5-10.14.5 * fwupdate-efi-0.5-10.14.5 * libfwup0-0.5-10.14.5 * fwupdate-debuginfo-0.5-10.14.5 * libfwup0-debuginfo-0.5-10.14.5 * fwupdate-efi-debuginfo-0.5-10.14.5 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * fwupdate-0.5-10.14.5 * fwupdate-debugsource-0.5-10.14.5 * fwupdate-efi-0.5-10.14.5 * libfwup0-0.5-10.14.5 * fwupdate-debuginfo-0.5-10.14.5 * libfwup0-debuginfo-0.5-10.14.5 * fwupdate-efi-debuginfo-0.5-10.14.5 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * fwupdate-0.5-10.14.5 * fwupdate-debugsource-0.5-10.14.5 * fwupdate-efi-0.5-10.14.5 * libfwup0-0.5-10.14.5 * fwupdate-debuginfo-0.5-10.14.5 * libfwup0-debuginfo-0.5-10.14.5 * fwupdate-efi-debuginfo-0.5-10.14.5 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209188 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 23 20:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Oct 2023 20:30:08 -0000 Subject: SUSE-SU-2023:3563-2: moderate: Security update for icu73_2 Message-ID: <169809300891.29405.11661964971612947324@smelt2.prg2.suse.org> # Security update for icu73_2 Announcement ID: SUSE-SU-2023:3563-2 Rating: moderate References: * bsc#1030253 * bsc#1095425 * bsc#1103893 * bsc#1112183 * bsc#1146907 * bsc#1158955 * bsc#1159131 * bsc#1161007 * bsc#1162882 * bsc#1166844 * bsc#1167603 * bsc#1182252 * bsc#1182645 * bsc#1192935 * bsc#1193951 * bsc#354372 * bsc#437293 * bsc#824262 * jsc#PED-4917 * jsc#SLE-11118 Cross-References: * CVE-2020-10531 * CVE-2020-21913 CVSS scores: * CVE-2020-10531 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2020-10531 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2020-21913 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2020-21913 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves two vulnerabilities, contains two features and has 16 security fixes can now be installed. ## Description: This update for icu73_2 fixes the following issues: * Update to release 73.2 * CLDR extends the support for ?short? Chinese sort orders to cover some additional, required characters for Level 2. This is carried over into ICU collation. * ICU has a modified character conversion table, mapping some GB18030 characters to Unicode characters that were encoded after GB18030-2005. * fixes builds where UCHAR_TYPE is re-defined such as libqt5-qtwebengine * Update to release 73.1 * Improved Japanese and Korean short-text line breaking * Reduction of C++ memory use in date formatting * Update to release 72.1 * Support for Unicode 15, including new characters, scripts, emoji, and corresponding API constants. * Support for CLDR 42 locale data with various additions and corrections. * Shift to tzdb 2022e. Pre-1970 data for a number of timezones has been removed. * bump library packagename to libicu71 to match the version. * update to 71.1: * updates to CLDR 41 locale data with various additions and corrections. * phrase-based line breaking for Japanese. Existing line breaking methods follow standards and conventions for body text but do not work well for short Japanese text, such as in titles and headings. This new feature is optimized for these use cases. * support for Hindi written in Latin letters (hi_Latn). The CLDR data for this increasingly popular locale has been significantly revised and expanded. Note that based on user expectations, hi_Latn incorporates a large amount of English, and can also be referred to as ?Hinglish?. * time zone data updated to version 2022a. Note that pre-1970 data for a number of time zones has been removed, as has been the case in the upstream tzdata release since 2021b. * ICU-21793 Fix ucptrietest golden diff [bsc#1192935] * Update to release 70.1: * Unicode 14 (new characters, scripts, emoji, and API constants) * CLDR 40 (many additions and corrections) * Fixes for measurement unit formatting * Can now be built with up to C++20 compilers * ICU-21613 Fix undefined behaviour in ComplexUnitsConverter::applyRounder * Update to release 69.1 * CLDR 39 * For Norwegian, "no" is back to being the canonical code, with "nb" treated as equivalent. This aligns handling of Norwegian with other macro language codes. * Binary prefixes in measurement units (KiB, MiB, etc.) * Time zone offsets from local time: New APIs BasicTimeZone::getOffsetFromLocal() (C++) and ucal_getTimeZoneOffsetFromLocal() * Backport ICU-21366 (bsc#1182645) * Update to release 68.2 * Fix memory problem in FormattedStringBuilder * Fix assertion when setKeywordValue w/ long value. * Fix UBSan breakage on 8bit of rbbi * fix int32_t overflow in listFormat * Fix memory handling in MemoryPool::operator=() * Fix memory leak in AliasReplacer * Add back icu.keyring, see https://unicode-org.atlassian.net/browse/ICU-21361 * Update to release 68.1 * CLDR 38 * Measurement unit preferences * PluralRules selection for ranges of numbers * Locale ID canonicalization now conforms to the CLDR spec including edge cases * DateIntervalFormat supports output options such as capitalization * Measurement units are normalized in skeleton string output * Time zone data (tzdata) version 2020d * Add the provides for libicu to Make .Net core can install successfully. (bsc#1167603, bsc#1161007) * Update to version 67.1 * Unicode 13 (ICU-20893, same as in ICU 66) * Total of 5930 new characters * 4 new scripts * 55 new emoji characters, plus additional new sequences * New CJK extension, first characters in plane 3: U+30000..U+3134A * CLDR 37 * New language at Modern coverage: Nigerian Pidgin * New languages at Basic coverage: Fulah (Adlam), Maithili, Manipuri, Santali, Sindhi (Devanagari), Sundanese * Region containment: EU no longer includes GB * Unicode 13 root collation data and Chinese data for collation and transliteration * DateTimePatternGenerator now obeys the "hc" preference in the locale identifier (ICU-20442) * Various other improvements for ECMA-402 conformance * Number skeletons have a new "concise" form that can be used in MessageFormat strings (ICU-20418) * Currency formatting options for formal and other currency display name variants (ICU-20854) * ListFormatter: new public API to select the style & type (ICU-12863) * ListFormatter now selects the proper ?and?/?or? form for Spanish & Hebrew (ICU-21016) * Locale ID canonicalization upgraded to implement the complete CLDR spec (ICU-20834, ICU-20272) * LocaleMatcher: New option to ignore one-way matches (ICU-20936), and other tweaks to the code (ICU-20916, ICU-20917) and data (from CLDR) * acceptLanguage() reimplemented via LocaleMatcher (ICU-20700) * Data build tool: tzdbNames.res moved from the "zone_tree" category to the "zone_supplemental" category (ICU-21073) * Fixed uses of u8"literals" broken by the C++20 introduction of the incompatible char8_t type (ICU-20972), * and added a few API overloads to reduce the need for reinterpret_cast (ICU-20984). * Support for manipulating CLDR 37 unit identifiers in MeasureUnit. * Fix potential integer overflow in UnicodeString:doAppend (bsc#1166844, CVE-2020-10531). * Update to version 66.1 * Unicode 13 support * Fix uses of u8"literals" broken by C++20 introduction of incompatible char8_t type. (ICU-20972) * use LocalMemory for cmd to prevent use after free (bsc#1193951 CVE-2020-21913). * Remove /usr/lib(64)/icu/current [bsc#1158955]. * Update to release 65.1 (jsc#SLE-11118). * Updated to CLDR 36 locale data with many additions and corrections, and some new measurement units. * The Java LocaleMatcher API is improved, and ported to C++. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3563=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3563=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3563=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3563=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3563=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3563=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3563=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3563=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3563=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3563=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3563=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-3563=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libicu73_2-doc-73.2-150000.1.3.1 * icu73_2-debugsource-73.2-150000.1.3.1 * libicu73_2-devel-73.2-150000.1.3.1 * libicu73_2-debuginfo-73.2-150000.1.3.1 * libicu73_2-73.2-150000.1.3.1 * icu73_2-debuginfo-73.2-150000.1.3.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * libicu73_2-ledata-73.2-150000.1.3.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libicu73_2-doc-73.2-150000.1.3.1 * icu73_2-debugsource-73.2-150000.1.3.1 * libicu73_2-devel-73.2-150000.1.3.1 * libicu73_2-debuginfo-73.2-150000.1.3.1 * libicu73_2-73.2-150000.1.3.1 * icu73_2-debuginfo-73.2-150000.1.3.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * libicu73_2-ledata-73.2-150000.1.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libicu73_2-doc-73.2-150000.1.3.1 * icu73_2-debugsource-73.2-150000.1.3.1 * libicu73_2-devel-73.2-150000.1.3.1 * libicu73_2-debuginfo-73.2-150000.1.3.1 * libicu73_2-73.2-150000.1.3.1 * icu73_2-debuginfo-73.2-150000.1.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * libicu73_2-ledata-73.2-150000.1.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libicu73_2-doc-73.2-150000.1.3.1 * icu73_2-debugsource-73.2-150000.1.3.1 * libicu73_2-devel-73.2-150000.1.3.1 * libicu73_2-debuginfo-73.2-150000.1.3.1 * libicu73_2-73.2-150000.1.3.1 * icu73_2-debuginfo-73.2-150000.1.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * libicu73_2-ledata-73.2-150000.1.3.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libicu73_2-doc-73.2-150000.1.3.1 * icu73_2-debugsource-73.2-150000.1.3.1 * libicu73_2-devel-73.2-150000.1.3.1 * libicu73_2-debuginfo-73.2-150000.1.3.1 * libicu73_2-73.2-150000.1.3.1 * icu73_2-debuginfo-73.2-150000.1.3.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * libicu73_2-bedata-73.2-150000.1.3.1 * libicu73_2-ledata-73.2-150000.1.3.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libicu73_2-doc-73.2-150000.1.3.1 * icu73_2-debugsource-73.2-150000.1.3.1 * libicu73_2-devel-73.2-150000.1.3.1 * libicu73_2-debuginfo-73.2-150000.1.3.1 * libicu73_2-73.2-150000.1.3.1 * icu73_2-debuginfo-73.2-150000.1.3.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * libicu73_2-bedata-73.2-150000.1.3.1 * libicu73_2-ledata-73.2-150000.1.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libicu73_2-doc-73.2-150000.1.3.1 * icu73_2-debugsource-73.2-150000.1.3.1 * libicu73_2-devel-73.2-150000.1.3.1 * libicu73_2-debuginfo-73.2-150000.1.3.1 * libicu73_2-73.2-150000.1.3.1 * icu73_2-debuginfo-73.2-150000.1.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * libicu73_2-bedata-73.2-150000.1.3.1 * libicu73_2-ledata-73.2-150000.1.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libicu73_2-doc-73.2-150000.1.3.1 * icu73_2-debugsource-73.2-150000.1.3.1 * libicu73_2-devel-73.2-150000.1.3.1 * libicu73_2-debuginfo-73.2-150000.1.3.1 * libicu73_2-73.2-150000.1.3.1 * icu73_2-debuginfo-73.2-150000.1.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * libicu73_2-ledata-73.2-150000.1.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libicu73_2-doc-73.2-150000.1.3.1 * icu73_2-debugsource-73.2-150000.1.3.1 * libicu73_2-devel-73.2-150000.1.3.1 * libicu73_2-debuginfo-73.2-150000.1.3.1 * libicu73_2-73.2-150000.1.3.1 * icu73_2-debuginfo-73.2-150000.1.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * libicu73_2-ledata-73.2-150000.1.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libicu73_2-doc-73.2-150000.1.3.1 * icu73_2-debugsource-73.2-150000.1.3.1 * libicu73_2-devel-73.2-150000.1.3.1 * libicu73_2-debuginfo-73.2-150000.1.3.1 * libicu73_2-73.2-150000.1.3.1 * icu73_2-debuginfo-73.2-150000.1.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * libicu73_2-ledata-73.2-150000.1.3.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libicu73_2-doc-73.2-150000.1.3.1 * icu73_2-debugsource-73.2-150000.1.3.1 * libicu73_2-devel-73.2-150000.1.3.1 * libicu73_2-debuginfo-73.2-150000.1.3.1 * libicu73_2-73.2-150000.1.3.1 * icu73_2-debuginfo-73.2-150000.1.3.1 * SUSE Enterprise Storage 7.1 (noarch) * libicu73_2-ledata-73.2-150000.1.3.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * libicu73_2-doc-73.2-150000.1.3.1 * icu73_2-debugsource-73.2-150000.1.3.1 * libicu73_2-devel-73.2-150000.1.3.1 * libicu73_2-debuginfo-73.2-150000.1.3.1 * libicu73_2-73.2-150000.1.3.1 * icu73_2-debuginfo-73.2-150000.1.3.1 * SUSE Enterprise Storage 7 (noarch) * libicu73_2-ledata-73.2-150000.1.3.1 * SUSE CaaS Platform 4.0 (x86_64) * libicu73_2-doc-73.2-150000.1.3.1 * icu73_2-debugsource-73.2-150000.1.3.1 * libicu73_2-devel-73.2-150000.1.3.1 * libicu73_2-debuginfo-73.2-150000.1.3.1 * libicu73_2-73.2-150000.1.3.1 * icu73_2-debuginfo-73.2-150000.1.3.1 * SUSE CaaS Platform 4.0 (noarch) * libicu73_2-ledata-73.2-150000.1.3.1 ## References: * https://www.suse.com/security/cve/CVE-2020-10531.html * https://www.suse.com/security/cve/CVE-2020-21913.html * https://bugzilla.suse.com/show_bug.cgi?id=1030253 * https://bugzilla.suse.com/show_bug.cgi?id=1095425 * https://bugzilla.suse.com/show_bug.cgi?id=1103893 * https://bugzilla.suse.com/show_bug.cgi?id=1112183 * https://bugzilla.suse.com/show_bug.cgi?id=1146907 * https://bugzilla.suse.com/show_bug.cgi?id=1158955 * https://bugzilla.suse.com/show_bug.cgi?id=1159131 * https://bugzilla.suse.com/show_bug.cgi?id=1161007 * https://bugzilla.suse.com/show_bug.cgi?id=1162882 * https://bugzilla.suse.com/show_bug.cgi?id=1166844 * https://bugzilla.suse.com/show_bug.cgi?id=1167603 * https://bugzilla.suse.com/show_bug.cgi?id=1182252 * https://bugzilla.suse.com/show_bug.cgi?id=1182645 * https://bugzilla.suse.com/show_bug.cgi?id=1192935 * https://bugzilla.suse.com/show_bug.cgi?id=1193951 * https://bugzilla.suse.com/show_bug.cgi?id=354372 * https://bugzilla.suse.com/show_bug.cgi?id=437293 * https://bugzilla.suse.com/show_bug.cgi?id=824262 * https://jira.suse.com/browse/PED-4917 * https://jira.suse.com/browse/SLE-11118 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 24 07:03:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Oct 2023 09:03:14 +0200 (CEST) Subject: SUSE-CU-2023:3531-1: Security update of bci/bci-busybox Message-ID: <20231024070314.6E666F417@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3531-1 Container Tags : bci/bci-busybox:15.4 , bci/bci-busybox:15.4.20.2 Container Release : 20.2 Severity : important Type : security References : 1215286 1215891 CVE-2023-4813 ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) The following package changes have been done: - glibc-2.31-150300.63.1 updated From sle-updates at lists.suse.com Tue Oct 24 07:03:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Oct 2023 09:03:18 +0200 (CEST) Subject: SUSE-CU-2023:3532-1: Security update of bci/bci-busybox Message-ID: <20231024070318.CA1EDF417@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3532-1 Container Tags : bci/bci-busybox:15.5 , bci/bci-busybox:15.5.12.2 , bci/bci-busybox:latest Container Release : 12.2 Severity : important Type : security References : 1215286 1215891 CVE-2023-4813 ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) The following package changes have been done: - glibc-2.31-150300.63.1 updated From sle-updates at lists.suse.com Tue Oct 24 07:03:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Oct 2023 09:03:30 +0200 (CEST) Subject: SUSE-CU-2023:3533-1: Security update of bci/dotnet-sdk Message-ID: <20231024070330.AE09EF417@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3533-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-15.8 , bci/dotnet-sdk:6.0.23 , bci/dotnet-sdk:6.0.23-15.8 Container Release : 15.8 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 CVE-2023-4039 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - container:sles15-image-15.0.0-36.5.48 updated From sle-updates at lists.suse.com Tue Oct 24 07:03:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Oct 2023 09:03:43 +0200 (CEST) Subject: SUSE-CU-2023:3534-1: Security update of bci/dotnet-sdk Message-ID: <20231024070343.87843F417@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3534-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-17.8 , bci/dotnet-sdk:7.0.12 , bci/dotnet-sdk:7.0.12-17.8 , bci/dotnet-sdk:latest Container Release : 17.8 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 CVE-2023-4039 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - container:sles15-image-15.0.0-36.5.48 updated From sle-updates at lists.suse.com Tue Oct 24 11:22:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Oct 2023 13:22:45 +0200 (CEST) Subject: SUSE-CU-2023:3536-1: Security update of bci/dotnet-aspnet Message-ID: <20231024112245.864F7F417@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3536-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-16.8 , bci/dotnet-aspnet:7.0.12 , bci/dotnet-aspnet:7.0.12-16.8 , bci/dotnet-aspnet:latest Container Release : 16.8 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 CVE-2023-4039 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - container:sles15-image-15.0.0-36.5.48 updated From sle-updates at lists.suse.com Tue Oct 24 11:23:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Oct 2023 13:23:01 +0200 (CEST) Subject: SUSE-CU-2023:3537-1: Security update of bci/dotnet-runtime Message-ID: <20231024112301.412BEF417@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3537-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-17.8 , bci/dotnet-runtime:7.0.12 , bci/dotnet-runtime:7.0.12-17.8 , bci/dotnet-runtime:latest Container Release : 17.8 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 CVE-2023-4039 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - container:sles15-image-15.0.0-36.5.48 updated From sle-updates at lists.suse.com Tue Oct 24 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Oct 2023 12:30:02 -0000 Subject: SUSE-SU-2023:4166-1: important: Security update for the Linux Kernel RT (Live Patch 5 for SLE 15 SP4) Message-ID: <169815060284.13749.4777439698598122082@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 5 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:4166-1 Rating: important References: * bsc#1212934 * bsc#1214812 * bsc#1215118 * bsc#1215440 Cross-References: * CVE-2023-3390 * CVE-2023-4004 * CVE-2023-4147 * CVE-2023-4623 CVSS scores: * CVE-2023-3390 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3390 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4004 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4147 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4147 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_15_18 fixes several issues. The following security issues were fixed: * CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1215118). * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215440). * CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1214812). * CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212934). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4171=1 SUSE-SLE- Module-Live-Patching-15-SP4-2023-4172=1 SUSE-SLE-Module-Live- Patching-15-SP4-2023-4173=1 SUSE-SLE-Module-Live-Patching-15-SP4-2023-4169=1 SUSE-SLE-Module-Live-Patching-15-SP4-2023-4170=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4166=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4166=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * kernel-livepatch-5_14_21-150400_15_40-rt-debuginfo-4-150400.2.1 * kernel-livepatch-5_14_21-150400_15_23-rt-debuginfo-7-150400.2.1 * kernel-livepatch-SLE15-SP4-RT_Update_6-debugsource-7-150400.2.1 * kernel-livepatch-5_14_21-150400_15_18-rt-8-150400.2.1 * kernel-livepatch-SLE15-SP4-RT_Update_5-debugsource-8-150400.2.1 * kernel-livepatch-5_14_21-150400_15_40-rt-4-150400.2.1 * kernel-livepatch-5_14_21-150400_15_23-rt-7-150400.2.1 * kernel-livepatch-SLE15-SP4-RT_Update_9-debugsource-4-150400.2.1 * kernel-livepatch-SLE15-SP4-RT_Update_8-debugsource-4-150400.2.1 * kernel-livepatch-5_14_21-150400_15_28-rt-7-150400.2.1 * kernel-livepatch-5_14_21-150400_15_37-rt-debuginfo-4-150400.2.1 * kernel-livepatch-5_14_21-150400_15_18-rt-debuginfo-8-150400.2.1 * kernel-livepatch-SLE15-SP4-RT_Update_7-debugsource-7-150400.2.1 * kernel-livepatch-5_14_21-150400_15_37-rt-4-150400.2.1 * openSUSE Leap 15.5 (x86_64) * kernel-livepatch-5_14_21-150500_11-rt-5-150500.12.2 * kernel-livepatch-5_14_21-150500_11-rt-debuginfo-5-150500.12.2 * kernel-livepatch-SLE15-SP5-RT_Update_0-debugsource-5-150500.12.2 * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-5_14_21-150500_11-rt-5-150500.12.2 * kernel-livepatch-5_14_21-150500_11-rt-debuginfo-5-150500.12.2 * kernel-livepatch-SLE15-SP5-RT_Update_0-debugsource-5-150500.12.2 ## References: * https://www.suse.com/security/cve/CVE-2023-3390.html * https://www.suse.com/security/cve/CVE-2023-4004.html * https://www.suse.com/security/cve/CVE-2023-4147.html * https://www.suse.com/security/cve/CVE-2023-4623.html * https://bugzilla.suse.com/show_bug.cgi?id=1212934 * https://bugzilla.suse.com/show_bug.cgi?id=1214812 * https://bugzilla.suse.com/show_bug.cgi?id=1215118 * https://bugzilla.suse.com/show_bug.cgi?id=1215440 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 24 12:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Oct 2023 12:30:06 -0000 Subject: SUSE-SU-2023:4165-1: important: Security update for the Linux Kernel RT (Live Patch 11 for SLE 15 SP4) Message-ID: <169815060640.13749.15362636418749360075@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 11 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:4165-1 Rating: important References: * bsc#1215118 * bsc#1215440 Cross-References: * CVE-2023-4147 * CVE-2023-4623 CVSS scores: * CVE-2023-4147 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4147 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_15_46 fixes several issues. The following security issues were fixed: * CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1215118). * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215440). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4165=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4165=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4168=1 ## Package List: * openSUSE Leap 15.5 (x86_64) * kernel-livepatch-5_14_21-150500_13_11-rt-3-150500.2.1 * kernel-livepatch-5_14_21-150500_13_11-rt-debuginfo-3-150500.2.1 * kernel-livepatch-SLE15-SP5-RT_Update_3-debugsource-3-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-5_14_21-150500_13_11-rt-3-150500.2.1 * kernel-livepatch-5_14_21-150500_13_11-rt-debuginfo-3-150500.2.1 * kernel-livepatch-SLE15-SP5-RT_Update_3-debugsource-3-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * kernel-livepatch-5_14_21-150400_15_46-rt-3-150400.2.1 * kernel-livepatch-SLE15-SP4-RT_Update_11-debugsource-3-150400.2.1 * kernel-livepatch-5_14_21-150400_15_46-rt-debuginfo-3-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4147.html * https://www.suse.com/security/cve/CVE-2023-4623.html * https://bugzilla.suse.com/show_bug.cgi?id=1215118 * https://bugzilla.suse.com/show_bug.cgi?id=1215440 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 24 12:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Oct 2023 12:30:08 -0000 Subject: SUSE-SU-2023:4164-1: important: Security update for the Linux Kernel RT (Live Patch 13 for SLE 15 SP4) Message-ID: <169815060866.13749.13475937501260057855@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 13 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:4164-1 Rating: important References: * bsc#1215440 Cross-References: * CVE-2023-4623 CVSS scores: * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_15_53 fixes one issue. The following security issue was fixed: * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215440). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4167=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4164=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4164=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * kernel-livepatch-5_14_21-150400_15_53-rt-debuginfo-2-150400.2.1 * kernel-livepatch-SLE15-SP4-RT_Update_13-debugsource-2-150400.2.1 * kernel-livepatch-5_14_21-150400_15_53-rt-2-150400.2.1 * openSUSE Leap 15.5 (x86_64) * kernel-livepatch-SLE15-SP5-RT_Update_5-debugsource-2-150500.2.1 * kernel-livepatch-5_14_21-150500_13_18-rt-2-150500.2.1 * kernel-livepatch-5_14_21-150500_13_18-rt-debuginfo-2-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-SLE15-SP5-RT_Update_5-debugsource-2-150500.2.1 * kernel-livepatch-5_14_21-150500_13_18-rt-2-150500.2.1 * kernel-livepatch-5_14_21-150500_13_18-rt-debuginfo-2-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4623.html * https://bugzilla.suse.com/show_bug.cgi?id=1215440 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 24 12:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Oct 2023 12:30:11 -0000 Subject: SUSE-SU-2023:4174-1: important: Security update for xen Message-ID: <169815061123.13749.18001656018472065230@smelt2.prg2.suse.org> # Security update for xen Announcement ID: SUSE-SU-2023:4174-1 Rating: important References: * bsc#1215744 * bsc#1215746 * bsc#1215747 * bsc#1215748 Cross-References: * CVE-2023-34323 * CVE-2023-34325 * CVE-2023-34326 * CVE-2023-34327 * CVE-2023-34328 CVSS scores: * CVE-2023-34323 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34325 ( SUSE ): 5.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2023-34326 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-34327 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34328 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves five vulnerabilities can now be installed. ## Description: This update for xen fixes the following issues: * CVE-2023-34323: Fixed a potential crash in C Xenstored due to an incorrect assertion (XSA-440) (bsc#1215744). * CVE-2023-34326: Fixed a missing IOMMU TLB flush on x86 AMD systems with IOMMU hardware and PCI passthrough enabled (XSA-442) (bsc#1215746). * CVE-2023-34325: Fixed multiple parsing issues in libfsimage (XSA-443) (bsc#1215747). * CVE-2023-34327, CVE-2023-34328: Fixed multiple issues with AMD x86 debugging functionality for guests (XSA-444) (bsc#1215748). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4174=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4174=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4174=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4174=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4174=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4174=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4174=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4174=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4174=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4174=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4174=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4174=1 ## Package List: * openSUSE Leap 15.3 (aarch64 x86_64 i586) * xen-tools-domU-debuginfo-4.14.6_06-150300.3.57.1 * xen-libs-debuginfo-4.14.6_06-150300.3.57.1 * xen-tools-domU-4.14.6_06-150300.3.57.1 * xen-libs-4.14.6_06-150300.3.57.1 * xen-debugsource-4.14.6_06-150300.3.57.1 * xen-devel-4.14.6_06-150300.3.57.1 * openSUSE Leap 15.3 (x86_64) * xen-libs-32bit-debuginfo-4.14.6_06-150300.3.57.1 * xen-libs-32bit-4.14.6_06-150300.3.57.1 * openSUSE Leap 15.3 (aarch64 x86_64) * xen-4.14.6_06-150300.3.57.1 * xen-tools-debuginfo-4.14.6_06-150300.3.57.1 * xen-doc-html-4.14.6_06-150300.3.57.1 * xen-tools-4.14.6_06-150300.3.57.1 * openSUSE Leap 15.3 (noarch) * xen-tools-xendomains-wait-disk-4.14.6_06-150300.3.57.1 * openSUSE Leap 15.3 (aarch64_ilp32) * xen-libs-64bit-4.14.6_06-150300.3.57.1 * xen-libs-64bit-debuginfo-4.14.6_06-150300.3.57.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * xen-tools-domU-debuginfo-4.14.6_06-150300.3.57.1 * xen-tools-debuginfo-4.14.6_06-150300.3.57.1 * xen-libs-debuginfo-4.14.6_06-150300.3.57.1 * xen-tools-domU-4.14.6_06-150300.3.57.1 * xen-tools-4.14.6_06-150300.3.57.1 * xen-libs-4.14.6_06-150300.3.57.1 * xen-debugsource-4.14.6_06-150300.3.57.1 * xen-devel-4.14.6_06-150300.3.57.1 * xen-4.14.6_06-150300.3.57.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * xen-tools-xendomains-wait-disk-4.14.6_06-150300.3.57.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * xen-tools-domU-debuginfo-4.14.6_06-150300.3.57.1 * xen-tools-debuginfo-4.14.6_06-150300.3.57.1 * xen-libs-debuginfo-4.14.6_06-150300.3.57.1 * xen-tools-domU-4.14.6_06-150300.3.57.1 * xen-tools-4.14.6_06-150300.3.57.1 * xen-libs-4.14.6_06-150300.3.57.1 * xen-debugsource-4.14.6_06-150300.3.57.1 * xen-devel-4.14.6_06-150300.3.57.1 * xen-4.14.6_06-150300.3.57.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * xen-tools-xendomains-wait-disk-4.14.6_06-150300.3.57.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * xen-tools-domU-debuginfo-4.14.6_06-150300.3.57.1 * xen-tools-debuginfo-4.14.6_06-150300.3.57.1 * xen-libs-debuginfo-4.14.6_06-150300.3.57.1 * xen-tools-domU-4.14.6_06-150300.3.57.1 * xen-tools-4.14.6_06-150300.3.57.1 * xen-libs-4.14.6_06-150300.3.57.1 * xen-debugsource-4.14.6_06-150300.3.57.1 * xen-devel-4.14.6_06-150300.3.57.1 * xen-4.14.6_06-150300.3.57.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * xen-tools-xendomains-wait-disk-4.14.6_06-150300.3.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * xen-tools-domU-debuginfo-4.14.6_06-150300.3.57.1 * xen-tools-debuginfo-4.14.6_06-150300.3.57.1 * xen-libs-debuginfo-4.14.6_06-150300.3.57.1 * xen-tools-domU-4.14.6_06-150300.3.57.1 * xen-tools-4.14.6_06-150300.3.57.1 * xen-libs-4.14.6_06-150300.3.57.1 * xen-debugsource-4.14.6_06-150300.3.57.1 * xen-devel-4.14.6_06-150300.3.57.1 * xen-4.14.6_06-150300.3.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * xen-tools-xendomains-wait-disk-4.14.6_06-150300.3.57.1 * SUSE Manager Proxy 4.2 (x86_64) * xen-tools-domU-debuginfo-4.14.6_06-150300.3.57.1 * xen-tools-debuginfo-4.14.6_06-150300.3.57.1 * xen-libs-debuginfo-4.14.6_06-150300.3.57.1 * xen-tools-domU-4.14.6_06-150300.3.57.1 * xen-tools-4.14.6_06-150300.3.57.1 * xen-libs-4.14.6_06-150300.3.57.1 * xen-debugsource-4.14.6_06-150300.3.57.1 * xen-devel-4.14.6_06-150300.3.57.1 * xen-4.14.6_06-150300.3.57.1 * SUSE Manager Proxy 4.2 (noarch) * xen-tools-xendomains-wait-disk-4.14.6_06-150300.3.57.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * xen-tools-domU-debuginfo-4.14.6_06-150300.3.57.1 * xen-tools-debuginfo-4.14.6_06-150300.3.57.1 * xen-libs-debuginfo-4.14.6_06-150300.3.57.1 * xen-tools-domU-4.14.6_06-150300.3.57.1 * xen-tools-4.14.6_06-150300.3.57.1 * xen-libs-4.14.6_06-150300.3.57.1 * xen-debugsource-4.14.6_06-150300.3.57.1 * xen-devel-4.14.6_06-150300.3.57.1 * xen-4.14.6_06-150300.3.57.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * xen-tools-xendomains-wait-disk-4.14.6_06-150300.3.57.1 * SUSE Manager Server 4.2 (x86_64) * xen-tools-domU-debuginfo-4.14.6_06-150300.3.57.1 * xen-tools-debuginfo-4.14.6_06-150300.3.57.1 * xen-libs-debuginfo-4.14.6_06-150300.3.57.1 * xen-tools-domU-4.14.6_06-150300.3.57.1 * xen-tools-4.14.6_06-150300.3.57.1 * xen-libs-4.14.6_06-150300.3.57.1 * xen-debugsource-4.14.6_06-150300.3.57.1 * xen-devel-4.14.6_06-150300.3.57.1 * xen-4.14.6_06-150300.3.57.1 * SUSE Manager Server 4.2 (noarch) * xen-tools-xendomains-wait-disk-4.14.6_06-150300.3.57.1 * SUSE Enterprise Storage 7.1 (x86_64) * xen-tools-domU-debuginfo-4.14.6_06-150300.3.57.1 * xen-tools-debuginfo-4.14.6_06-150300.3.57.1 * xen-libs-debuginfo-4.14.6_06-150300.3.57.1 * xen-tools-domU-4.14.6_06-150300.3.57.1 * xen-tools-4.14.6_06-150300.3.57.1 * xen-libs-4.14.6_06-150300.3.57.1 * xen-debugsource-4.14.6_06-150300.3.57.1 * xen-devel-4.14.6_06-150300.3.57.1 * xen-4.14.6_06-150300.3.57.1 * SUSE Enterprise Storage 7.1 (noarch) * xen-tools-xendomains-wait-disk-4.14.6_06-150300.3.57.1 * SUSE Linux Enterprise Micro 5.1 (x86_64) * xen-libs-debuginfo-4.14.6_06-150300.3.57.1 * xen-libs-4.14.6_06-150300.3.57.1 * xen-debugsource-4.14.6_06-150300.3.57.1 * SUSE Linux Enterprise Micro 5.2 (x86_64) * xen-libs-debuginfo-4.14.6_06-150300.3.57.1 * xen-libs-4.14.6_06-150300.3.57.1 * xen-debugsource-4.14.6_06-150300.3.57.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * xen-libs-debuginfo-4.14.6_06-150300.3.57.1 * xen-libs-4.14.6_06-150300.3.57.1 * xen-debugsource-4.14.6_06-150300.3.57.1 ## References: * https://www.suse.com/security/cve/CVE-2023-34323.html * https://www.suse.com/security/cve/CVE-2023-34325.html * https://www.suse.com/security/cve/CVE-2023-34326.html * https://www.suse.com/security/cve/CVE-2023-34327.html * https://www.suse.com/security/cve/CVE-2023-34328.html * https://bugzilla.suse.com/show_bug.cgi?id=1215744 * https://bugzilla.suse.com/show_bug.cgi?id=1215746 * https://bugzilla.suse.com/show_bug.cgi?id=1215747 * https://bugzilla.suse.com/show_bug.cgi?id=1215748 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 24 12:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Oct 2023 12:30:14 -0000 Subject: SUSE-SU-2023:4163-1: important: Security update for netty, netty-tcnative Message-ID: <169815061445.13749.3589405329884056141@smelt2.prg2.suse.org> # Security update for netty, netty-tcnative Announcement ID: SUSE-SU-2023:4163-1 Rating: important References: * bsc#1216169 Cross-References: * CVE-2023-44487 CVSS scores: * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for netty, netty-tcnative fixes the following issues: * Updated netty to version 4.1.100: * CVE-2023-44487: Fixed a potential denial of service scenario via RST frame floods (bsc#1216169). * Updated netty-tcnative to version 2.0.62 Final. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4163=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4163=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4163=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4163=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4163=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4163=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4163=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4163=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4163=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4163=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4163=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4163=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4163=1 ## Package List: * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.62-150200.3.16.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.62-150200.3.16.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * netty-4.1.100-150200.4.20.1 * SUSE Package Hub 15 15-SP5 (noarch) * netty-javadoc-4.1.100-150200.4.20.1 * netty-poms-4.1.100-150200.4.20.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * netty-tcnative-2.0.62-150200.3.16.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * netty-tcnative-2.0.62-150200.3.16.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * netty-tcnative-2.0.62-150200.3.16.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.62-150200.3.16.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.62-150200.3.16.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * netty-tcnative-2.0.62-150200.3.16.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * netty-tcnative-2.0.62-150200.3.16.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * netty-tcnative-2.0.62-150200.3.16.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.62-150200.3.16.1 * netty-4.1.100-150200.4.20.1 * openSUSE Leap 15.4 (noarch) * netty-javadoc-4.1.100-150200.4.20.1 * netty-tcnative-javadoc-2.0.62-150200.3.16.1 * netty-poms-4.1.100-150200.4.20.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.62-150200.3.16.1 * netty-4.1.100-150200.4.20.1 * openSUSE Leap 15.5 (noarch) * netty-javadoc-4.1.100-150200.4.20.1 * netty-tcnative-javadoc-2.0.62-150200.3.16.1 * netty-poms-4.1.100-150200.4.20.1 ## References: * https://www.suse.com/security/cve/CVE-2023-44487.html * https://bugzilla.suse.com/show_bug.cgi?id=1216169 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 24 13:16:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Oct 2023 15:16:55 +0200 (CEST) Subject: SUSE-CU-2023:3538-1: Security update of bci/dotnet-aspnet Message-ID: <20231024131655.9D3D3F417@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3538-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-16.8 , bci/dotnet-aspnet:6.0.23 , bci/dotnet-aspnet:6.0.23-16.8 Container Release : 16.8 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 CVE-2023-4039 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - container:sles15-image-15.0.0-36.5.48 updated From sle-updates at lists.suse.com Tue Oct 24 13:17:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Oct 2023 15:17:10 +0200 (CEST) Subject: SUSE-CU-2023:3539-1: Security update of bci/dotnet-runtime Message-ID: <20231024131710.34926F417@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3539-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-15.8 , bci/dotnet-runtime:6.0.23 , bci/dotnet-runtime:6.0.23-15.8 Container Release : 15.8 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 CVE-2023-4039 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - container:sles15-image-15.0.0-36.5.48 updated From sle-updates at lists.suse.com Tue Oct 24 16:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Oct 2023 16:30:04 -0000 Subject: SUSE-SU-2023:4175-1: important: Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP5) Message-ID: <169816500407.29027.13978824912476777303@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP5) Announcement ID: SUSE-SU-2023:4175-1 Rating: important References: * bsc#1212934 * bsc#1214812 * bsc#1215118 * bsc#1215440 Cross-References: * CVE-2023-3390 * CVE-2023-4004 * CVE-2023-4147 * CVE-2023-4623 CVSS scores: * CVE-2023-3390 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3390 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4004 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4147 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4147 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_13_5 fixes several issues. The following security issues were fixed: * CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1215118). * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215440). * CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1214812). * CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212934). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4175=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4175=1 ## Package List: * openSUSE Leap 15.5 (x86_64) * kernel-livepatch-5_14_21-150500_13_5-rt-4-150500.2.1 * kernel-livepatch-SLE15-SP5-RT_Update_1-debugsource-4-150500.2.1 * kernel-livepatch-5_14_21-150500_13_5-rt-debuginfo-4-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-5_14_21-150500_13_5-rt-4-150500.2.1 * kernel-livepatch-SLE15-SP5-RT_Update_1-debugsource-4-150500.2.1 * kernel-livepatch-5_14_21-150500_13_5-rt-debuginfo-4-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3390.html * https://www.suse.com/security/cve/CVE-2023-4004.html * https://www.suse.com/security/cve/CVE-2023-4147.html * https://www.suse.com/security/cve/CVE-2023-4623.html * https://bugzilla.suse.com/show_bug.cgi?id=1212934 * https://bugzilla.suse.com/show_bug.cgi?id=1214812 * https://bugzilla.suse.com/show_bug.cgi?id=1215118 * https://bugzilla.suse.com/show_bug.cgi?id=1215440 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 24 16:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Oct 2023 16:30:07 -0000 Subject: SUSE-RU-2023:4188-1: important: Recommended update for csp-billing-adapter-amazon suma-amazon-adapter-config-ltd Message-ID: <169816500752.29027.8877838997921648498@smelt2.prg2.suse.org> # Recommended update for csp-billing-adapter-amazon suma-amazon-adapter-config- ltd Announcement ID: SUSE-RU-2023:4188-1 Rating: important References: * jsc#PED-6427 * jsc#PED-6428 Affected Products: * openSUSE Leap 15.4 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains two features can now be installed. ## Description: This update for csp-billing-adapter-amazon and suma-amazon-adapter-config-ltd fixes the following issues: csp-billing-adapter-amazon was updated to version 0.5.1: * Fix typo in metadata url which made querying the metadata server fail * Add get version hook implementation * Add IPv6 support and IMDSv2 suma-amazon-adapter-config-ltd was updated to version 20231003: * Include updated product code for new EU based SUMA PAYG listing ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-4188=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-4188=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4188=1 ## Package List: * Public Cloud Module 15-SP4 (noarch) * python3-csp-billing-adapter-amazon-0.5.1-150400.9.6.1 * suma-amazon-adapter-config-ltd-20231003-150400.9.6.2 * Public Cloud Module 15-SP5 (noarch) * python3-csp-billing-adapter-amazon-0.5.1-150400.9.6.1 * suma-amazon-adapter-config-ltd-20231003-150400.9.6.2 * openSUSE Leap 15.4 (noarch) * python3-csp-billing-adapter-amazon-0.5.1-150400.9.6.1 * suma-amazon-adapter-config-ltd-20231003-150400.9.6.2 ## References: * https://jira.suse.com/browse/PED-6427 * https://jira.suse.com/browse/PED-6428 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 24 16:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Oct 2023 16:30:09 -0000 Subject: SUSE-SU-2023:4187-1: moderate: Security update for poppler Message-ID: <169816500965.29027.9100370913727806176@smelt2.prg2.suse.org> # Security update for poppler Announcement ID: SUSE-SU-2023:4187-1 Rating: moderate References: * bsc#1112424 * bsc#1112428 * bsc#1140745 * bsc#1214256 Cross-References: * CVE-2018-18454 * CVE-2018-18456 * CVE-2019-13287 * CVE-2020-36023 CVSS scores: * CVE-2018-18454 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-18454 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2018-18456 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-18456 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2019-13287 ( SUSE ): 3.9 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L * CVE-2019-13287 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2020-36023 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2020-36023 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 An update that solves four vulnerabilities can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2019-13287: Fixed an out-of-bounds read vulnerability in the function SplashXPath:strokeAdjust. (bsc#1140745) * CVE-2018-18456: Fixed a stack-based buffer over-read via a crafted pdf file. (bsc#1112428) * CVE-2018-18454: Fixed heap-based buffer over-read) via a crafted pdf file. (bsc#1112424) * CVE-2020-36023: Fixed a stack bugger overflow in FoFiType1C:cvtGlyph. (bsc#1214256) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4187=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libpoppler73-0.62.0-150000.4.28.2 * libpoppler73-debuginfo-0.62.0-150000.4.28.2 * openSUSE Leap 15.4 (x86_64) * libpoppler73-32bit-0.62.0-150000.4.28.2 * libpoppler73-32bit-debuginfo-0.62.0-150000.4.28.2 ## References: * https://www.suse.com/security/cve/CVE-2018-18454.html * https://www.suse.com/security/cve/CVE-2018-18456.html * https://www.suse.com/security/cve/CVE-2019-13287.html * https://www.suse.com/security/cve/CVE-2020-36023.html * https://bugzilla.suse.com/show_bug.cgi?id=1112424 * https://bugzilla.suse.com/show_bug.cgi?id=1112428 * https://bugzilla.suse.com/show_bug.cgi?id=1140745 * https://bugzilla.suse.com/show_bug.cgi?id=1214256 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 24 16:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Oct 2023 16:30:14 -0000 Subject: SUSE-SU-2023:4185-1: important: Security update for xen Message-ID: <169816501421.29027.5696380880181902201@smelt2.prg2.suse.org> # Security update for xen Announcement ID: SUSE-SU-2023:4185-1 Rating: important References: * bsc#1215744 * bsc#1215746 * bsc#1215747 * bsc#1215748 Cross-References: * CVE-2023-34323 * CVE-2023-34325 * CVE-2023-34326 * CVE-2023-34327 * CVE-2023-34328 CVSS scores: * CVE-2023-34323 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34325 ( SUSE ): 5.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2023-34326 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-34327 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34328 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for xen fixes the following issues: * CVE-2023-34323: Fixed a potential crash in C Xenstored due to an incorrect assertion (XSA-440) (bsc#1215744). * CVE-2023-34326: Fixed a missing IOMMU TLB flush on x86 AMD systems with IOMMU hardware and PCI passthrough enabled (XSA-442) (bsc#1215746). * CVE-2023-34325: Fixed multiple parsing issues in libfsimage (XSA-443) (bsc#1215747). * CVE-2023-34327, CVE-2023-34328: Fixed multiple issues with AMD x86 debugging functionality for guests (XSA-444) (bsc#1215748). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4185=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4185=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4185=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4185=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 x86_64) * xen-devel-4.12.4_40-3.97.1 * xen-debugsource-4.12.4_40-3.97.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * xen-libs-debuginfo-4.12.4_40-3.97.1 * xen-libs-4.12.4_40-3.97.1 * xen-4.12.4_40-3.97.1 * xen-tools-domU-debuginfo-4.12.4_40-3.97.1 * xen-tools-debuginfo-4.12.4_40-3.97.1 * xen-libs-32bit-4.12.4_40-3.97.1 * xen-debugsource-4.12.4_40-3.97.1 * xen-libs-debuginfo-32bit-4.12.4_40-3.97.1 * xen-doc-html-4.12.4_40-3.97.1 * xen-tools-4.12.4_40-3.97.1 * xen-tools-domU-4.12.4_40-3.97.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * xen-libs-debuginfo-4.12.4_40-3.97.1 * xen-libs-4.12.4_40-3.97.1 * xen-4.12.4_40-3.97.1 * xen-tools-domU-debuginfo-4.12.4_40-3.97.1 * xen-tools-debuginfo-4.12.4_40-3.97.1 * xen-libs-32bit-4.12.4_40-3.97.1 * xen-debugsource-4.12.4_40-3.97.1 * xen-libs-debuginfo-32bit-4.12.4_40-3.97.1 * xen-doc-html-4.12.4_40-3.97.1 * xen-tools-4.12.4_40-3.97.1 * xen-tools-domU-4.12.4_40-3.97.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * xen-libs-debuginfo-4.12.4_40-3.97.1 * xen-libs-4.12.4_40-3.97.1 * xen-4.12.4_40-3.97.1 * xen-tools-domU-debuginfo-4.12.4_40-3.97.1 * xen-tools-debuginfo-4.12.4_40-3.97.1 * xen-libs-32bit-4.12.4_40-3.97.1 * xen-debugsource-4.12.4_40-3.97.1 * xen-libs-debuginfo-32bit-4.12.4_40-3.97.1 * xen-doc-html-4.12.4_40-3.97.1 * xen-tools-4.12.4_40-3.97.1 * xen-tools-domU-4.12.4_40-3.97.1 ## References: * https://www.suse.com/security/cve/CVE-2023-34323.html * https://www.suse.com/security/cve/CVE-2023-34325.html * https://www.suse.com/security/cve/CVE-2023-34326.html * https://www.suse.com/security/cve/CVE-2023-34327.html * https://www.suse.com/security/cve/CVE-2023-34328.html * https://bugzilla.suse.com/show_bug.cgi?id=1215744 * https://bugzilla.suse.com/show_bug.cgi?id=1215746 * https://bugzilla.suse.com/show_bug.cgi?id=1215747 * https://bugzilla.suse.com/show_bug.cgi?id=1215748 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 24 16:30:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Oct 2023 16:30:17 -0000 Subject: SUSE-SU-2023:4184-1: important: Security update for xen Message-ID: <169816501748.29027.1540516197171021629@smelt2.prg2.suse.org> # Security update for xen Announcement ID: SUSE-SU-2023:4184-1 Rating: important References: * bsc#1215744 * bsc#1215746 * bsc#1215747 * bsc#1215748 Cross-References: * CVE-2023-34323 * CVE-2023-34325 * CVE-2023-34326 * CVE-2023-34327 * CVE-2023-34328 CVSS scores: * CVE-2023-34323 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34325 ( SUSE ): 5.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2023-34326 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-34327 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34328 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves five vulnerabilities can now be installed. ## Description: This update for xen fixes the following issues: * CVE-2023-34323: Fixed a potential crash in C Xenstored due to an incorrect assertion (XSA-440) (bsc#1215744). * CVE-2023-34326: Fixed a missing IOMMU TLB flush on x86 AMD systems with IOMMU hardware and PCI passthrough enabled (XSA-442) (bsc#1215746). * CVE-2023-34325: Fixed multiple parsing issues in libfsimage (XSA-443) (bsc#1215747). * CVE-2023-34327, CVE-2023-34328: Fixed multiple issues with AMD x86 debugging functionality for guests (XSA-444) (bsc#1215748). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4184=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4184=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4184=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * xen-tools-domU-debuginfo-4.12.4_40-150100.3.95.1 * xen-tools-debuginfo-4.12.4_40-150100.3.95.1 * xen-debugsource-4.12.4_40-150100.3.95.1 * xen-devel-4.12.4_40-150100.3.95.1 * xen-4.12.4_40-150100.3.95.1 * xen-tools-domU-4.12.4_40-150100.3.95.1 * xen-libs-debuginfo-4.12.4_40-150100.3.95.1 * xen-tools-4.12.4_40-150100.3.95.1 * xen-libs-4.12.4_40-150100.3.95.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * xen-tools-domU-debuginfo-4.12.4_40-150100.3.95.1 * xen-tools-debuginfo-4.12.4_40-150100.3.95.1 * xen-debugsource-4.12.4_40-150100.3.95.1 * xen-devel-4.12.4_40-150100.3.95.1 * xen-4.12.4_40-150100.3.95.1 * xen-tools-domU-4.12.4_40-150100.3.95.1 * xen-libs-debuginfo-4.12.4_40-150100.3.95.1 * xen-tools-4.12.4_40-150100.3.95.1 * xen-libs-4.12.4_40-150100.3.95.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * xen-tools-domU-debuginfo-4.12.4_40-150100.3.95.1 * xen-tools-debuginfo-4.12.4_40-150100.3.95.1 * xen-debugsource-4.12.4_40-150100.3.95.1 * xen-devel-4.12.4_40-150100.3.95.1 * xen-4.12.4_40-150100.3.95.1 * xen-tools-domU-4.12.4_40-150100.3.95.1 * xen-libs-debuginfo-4.12.4_40-150100.3.95.1 * xen-tools-4.12.4_40-150100.3.95.1 * xen-libs-4.12.4_40-150100.3.95.1 * SUSE CaaS Platform 4.0 (x86_64) * xen-tools-domU-debuginfo-4.12.4_40-150100.3.95.1 * xen-tools-debuginfo-4.12.4_40-150100.3.95.1 * xen-debugsource-4.12.4_40-150100.3.95.1 * xen-devel-4.12.4_40-150100.3.95.1 * xen-4.12.4_40-150100.3.95.1 * xen-tools-domU-4.12.4_40-150100.3.95.1 * xen-libs-debuginfo-4.12.4_40-150100.3.95.1 * xen-tools-4.12.4_40-150100.3.95.1 * xen-libs-4.12.4_40-150100.3.95.1 ## References: * https://www.suse.com/security/cve/CVE-2023-34323.html * https://www.suse.com/security/cve/CVE-2023-34325.html * https://www.suse.com/security/cve/CVE-2023-34326.html * https://www.suse.com/security/cve/CVE-2023-34327.html * https://www.suse.com/security/cve/CVE-2023-34328.html * https://bugzilla.suse.com/show_bug.cgi?id=1215744 * https://bugzilla.suse.com/show_bug.cgi?id=1215746 * https://bugzilla.suse.com/show_bug.cgi?id=1215747 * https://bugzilla.suse.com/show_bug.cgi?id=1215748 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 24 16:30:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Oct 2023 16:30:20 -0000 Subject: SUSE-SU-2023:4183-1: important: Security update for xen Message-ID: <169816502051.29027.9035885706062440551@smelt2.prg2.suse.org> # Security update for xen Announcement ID: SUSE-SU-2023:4183-1 Rating: important References: * bsc#1215744 * bsc#1215746 * bsc#1215747 * bsc#1215748 Cross-References: * CVE-2023-34323 * CVE-2023-34325 * CVE-2023-34326 * CVE-2023-34327 * CVE-2023-34328 CVSS scores: * CVE-2023-34323 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34325 ( SUSE ): 5.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2023-34326 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-34327 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34328 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves five vulnerabilities can now be installed. ## Description: This update for xen fixes the following issues: * CVE-2023-34323: Fixed a potential crash in C Xenstored due to an incorrect assertion (XSA-440) (bsc#1215744). * CVE-2023-34326: Fixed a missing IOMMU TLB flush on x86 AMD systems with IOMMU hardware and PCI passthrough enabled (XSA-442) (bsc#1215746). * CVE-2023-34325: Fixed multiple parsing issues in libfsimage (XSA-443) (bsc#1215747). * CVE-2023-34327, CVE-2023-34328: Fixed multiple issues with AMD x86 debugging functionality for guests (XSA-444) (bsc#1215748). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4183=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4183=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4183=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * xen-4.13.5_06-150200.3.80.1 * xen-tools-debuginfo-4.13.5_06-150200.3.80.1 * xen-tools-domU-4.13.5_06-150200.3.80.1 * xen-tools-domU-debuginfo-4.13.5_06-150200.3.80.1 * xen-devel-4.13.5_06-150200.3.80.1 * xen-libs-4.13.5_06-150200.3.80.1 * xen-libs-debuginfo-4.13.5_06-150200.3.80.1 * xen-debugsource-4.13.5_06-150200.3.80.1 * xen-tools-4.13.5_06-150200.3.80.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * xen-tools-xendomains-wait-disk-4.13.5_06-150200.3.80.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * xen-4.13.5_06-150200.3.80.1 * xen-tools-debuginfo-4.13.5_06-150200.3.80.1 * xen-tools-domU-4.13.5_06-150200.3.80.1 * xen-tools-domU-debuginfo-4.13.5_06-150200.3.80.1 * xen-devel-4.13.5_06-150200.3.80.1 * xen-libs-4.13.5_06-150200.3.80.1 * xen-libs-debuginfo-4.13.5_06-150200.3.80.1 * xen-debugsource-4.13.5_06-150200.3.80.1 * xen-tools-4.13.5_06-150200.3.80.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * xen-tools-xendomains-wait-disk-4.13.5_06-150200.3.80.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * xen-4.13.5_06-150200.3.80.1 * xen-tools-debuginfo-4.13.5_06-150200.3.80.1 * xen-tools-domU-4.13.5_06-150200.3.80.1 * xen-tools-domU-debuginfo-4.13.5_06-150200.3.80.1 * xen-devel-4.13.5_06-150200.3.80.1 * xen-libs-4.13.5_06-150200.3.80.1 * xen-libs-debuginfo-4.13.5_06-150200.3.80.1 * xen-debugsource-4.13.5_06-150200.3.80.1 * xen-tools-4.13.5_06-150200.3.80.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * xen-tools-xendomains-wait-disk-4.13.5_06-150200.3.80.1 ## References: * https://www.suse.com/security/cve/CVE-2023-34323.html * https://www.suse.com/security/cve/CVE-2023-34325.html * https://www.suse.com/security/cve/CVE-2023-34326.html * https://www.suse.com/security/cve/CVE-2023-34327.html * https://www.suse.com/security/cve/CVE-2023-34328.html * https://bugzilla.suse.com/show_bug.cgi?id=1215744 * https://bugzilla.suse.com/show_bug.cgi?id=1215746 * https://bugzilla.suse.com/show_bug.cgi?id=1215747 * https://bugzilla.suse.com/show_bug.cgi?id=1215748 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 24 16:30:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Oct 2023 16:30:22 -0000 Subject: SUSE-RU-2023:4182-1: important: Recommended update for sssd Message-ID: <169816502294.29027.942181601313187146@smelt2.prg2.suse.org> # Recommended update for sssd Announcement ID: SUSE-RU-2023:4182-1 Rating: important References: * bsc#1214434 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that has one fix can now be installed. ## Description: This update for sssd fixes the following issues: * LDAP password policy: return failure if there are no grace logins left (bsc#1214434) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4182=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4182=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4182=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4182=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libipa_hbac-devel-1.16.1-7.55.1 * libsss_idmap-devel-1.16.1-7.55.1 * libsss_nss_idmap-devel-1.16.1-7.55.1 * sssd-debugsource-1.16.1-7.55.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * sssd-tools-debuginfo-1.16.1-7.55.1 * sssd-krb5-common-debuginfo-1.16.1-7.55.1 * libsss_idmap0-1.16.1-7.55.1 * sssd-ldap-debuginfo-1.16.1-7.55.1 * sssd-common-1.16.1-7.55.1 * libsss_nss_idmap0-debuginfo-1.16.1-7.55.1 * sssd-dbus-1.16.1-7.55.1 * libsss_idmap0-debuginfo-1.16.1-7.55.1 * sssd-proxy-debuginfo-1.16.1-7.55.1 * libipa_hbac0-debuginfo-1.16.1-7.55.1 * libsss_certmap0-1.16.1-7.55.1 * libipa_hbac0-1.16.1-7.55.1 * libsss_nss_idmap0-1.16.1-7.55.1 * libsss_simpleifp0-1.16.1-7.55.1 * sssd-krb5-common-1.16.1-7.55.1 * sssd-dbus-debuginfo-1.16.1-7.55.1 * sssd-krb5-debuginfo-1.16.1-7.55.1 * sssd-ipa-1.16.1-7.55.1 * libsss_simpleifp0-debuginfo-1.16.1-7.55.1 * sssd-ad-debuginfo-1.16.1-7.55.1 * sssd-ipa-debuginfo-1.16.1-7.55.1 * sssd-common-debuginfo-1.16.1-7.55.1 * sssd-1.16.1-7.55.1 * sssd-proxy-1.16.1-7.55.1 * sssd-ad-1.16.1-7.55.1 * python-sssd-config-1.16.1-7.55.1 * python-sssd-config-debuginfo-1.16.1-7.55.1 * libsss_certmap0-debuginfo-1.16.1-7.55.1 * sssd-krb5-1.16.1-7.55.1 * sssd-debugsource-1.16.1-7.55.1 * sssd-ldap-1.16.1-7.55.1 * sssd-tools-1.16.1-7.55.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64) * libsss_nss_idmap-devel-1.16.1-7.55.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * sssd-common-debuginfo-32bit-1.16.1-7.55.1 * sssd-common-32bit-1.16.1-7.55.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * sssd-tools-debuginfo-1.16.1-7.55.1 * sssd-krb5-common-debuginfo-1.16.1-7.55.1 * libsss_idmap0-1.16.1-7.55.1 * sssd-ldap-debuginfo-1.16.1-7.55.1 * sssd-common-1.16.1-7.55.1 * libsss_nss_idmap0-debuginfo-1.16.1-7.55.1 * sssd-dbus-1.16.1-7.55.1 * libsss_idmap0-debuginfo-1.16.1-7.55.1 * sssd-proxy-debuginfo-1.16.1-7.55.1 * libipa_hbac0-debuginfo-1.16.1-7.55.1 * libsss_certmap0-1.16.1-7.55.1 * libipa_hbac0-1.16.1-7.55.1 * libsss_nss_idmap0-1.16.1-7.55.1 * libsss_simpleifp0-1.16.1-7.55.1 * sssd-krb5-common-1.16.1-7.55.1 * sssd-dbus-debuginfo-1.16.1-7.55.1 * sssd-krb5-debuginfo-1.16.1-7.55.1 * sssd-ipa-1.16.1-7.55.1 * libsss_simpleifp0-debuginfo-1.16.1-7.55.1 * sssd-ad-debuginfo-1.16.1-7.55.1 * sssd-ipa-debuginfo-1.16.1-7.55.1 * sssd-common-debuginfo-1.16.1-7.55.1 * sssd-1.16.1-7.55.1 * sssd-proxy-1.16.1-7.55.1 * sssd-ad-1.16.1-7.55.1 * python-sssd-config-1.16.1-7.55.1 * python-sssd-config-debuginfo-1.16.1-7.55.1 * libsss_certmap0-debuginfo-1.16.1-7.55.1 * sssd-krb5-1.16.1-7.55.1 * sssd-debugsource-1.16.1-7.55.1 * sssd-ldap-1.16.1-7.55.1 * sssd-tools-1.16.1-7.55.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64) * libsss_nss_idmap-devel-1.16.1-7.55.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * sssd-common-debuginfo-32bit-1.16.1-7.55.1 * sssd-common-32bit-1.16.1-7.55.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * sssd-tools-debuginfo-1.16.1-7.55.1 * sssd-krb5-common-debuginfo-1.16.1-7.55.1 * libsss_idmap0-1.16.1-7.55.1 * sssd-ldap-debuginfo-1.16.1-7.55.1 * sssd-common-1.16.1-7.55.1 * libsss_nss_idmap0-debuginfo-1.16.1-7.55.1 * sssd-dbus-1.16.1-7.55.1 * libsss_idmap0-debuginfo-1.16.1-7.55.1 * sssd-proxy-debuginfo-1.16.1-7.55.1 * libipa_hbac0-debuginfo-1.16.1-7.55.1 * libsss_certmap0-1.16.1-7.55.1 * libipa_hbac0-1.16.1-7.55.1 * libsss_nss_idmap0-1.16.1-7.55.1 * libsss_simpleifp0-1.16.1-7.55.1 * sssd-krb5-common-1.16.1-7.55.1 * sssd-dbus-debuginfo-1.16.1-7.55.1 * sssd-krb5-debuginfo-1.16.1-7.55.1 * sssd-ipa-1.16.1-7.55.1 * libsss_simpleifp0-debuginfo-1.16.1-7.55.1 * sssd-ad-debuginfo-1.16.1-7.55.1 * sssd-ipa-debuginfo-1.16.1-7.55.1 * sssd-common-debuginfo-1.16.1-7.55.1 * sssd-1.16.1-7.55.1 * sssd-proxy-1.16.1-7.55.1 * sssd-ad-1.16.1-7.55.1 * python-sssd-config-1.16.1-7.55.1 * python-sssd-config-debuginfo-1.16.1-7.55.1 * libsss_certmap0-debuginfo-1.16.1-7.55.1 * sssd-krb5-1.16.1-7.55.1 * sssd-debugsource-1.16.1-7.55.1 * sssd-ldap-1.16.1-7.55.1 * sssd-tools-1.16.1-7.55.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * sssd-common-debuginfo-32bit-1.16.1-7.55.1 * sssd-common-32bit-1.16.1-7.55.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214434 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 24 16:30:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Oct 2023 16:30:25 -0000 Subject: SUSE-RU-2023:4181-1: important: Recommended update for sssd Message-ID: <169816502582.29027.3721165296108489476@smelt2.prg2.suse.org> # Recommended update for sssd Announcement ID: SUSE-RU-2023:4181-1 Rating: important References: * bsc#1214434 Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that has one fix can now be installed. ## Description: This update for sssd fixes the following issues: * LDAP password policy: return failure if there are no grace logins left (bsc#1214434) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4181=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4181=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4181=1 ## Package List: * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libsss_idmap0-1.16.1-150000.8.73.1 * sssd-debugsource-1.16.1-150000.8.73.1 * sssd-dbus-debuginfo-1.16.1-150000.8.73.1 * sssd-winbind-idmap-1.16.1-150000.8.73.1 * sssd-dbus-1.16.1-150000.8.73.1 * sssd-krb5-1.16.1-150000.8.73.1 * sssd-tools-1.16.1-150000.8.73.1 * sssd-proxy-1.16.1-150000.8.73.1 * libsss_nss_idmap0-1.16.1-150000.8.73.1 * libsss_simpleifp0-1.16.1-150000.8.73.1 * sssd-krb5-common-debuginfo-1.16.1-150000.8.73.1 * sssd-ipa-1.16.1-150000.8.73.1 * sssd-debuginfo-1.16.1-150000.8.73.1 * python3-sssd-config-1.16.1-150000.8.73.1 * libsss_nss_idmap-devel-1.16.1-150000.8.73.1 * sssd-tools-debuginfo-1.16.1-150000.8.73.1 * sssd-ad-debuginfo-1.16.1-150000.8.73.1 * sssd-ipa-debuginfo-1.16.1-150000.8.73.1 * sssd-ldap-1.16.1-150000.8.73.1 * libsss_certmap0-debuginfo-1.16.1-150000.8.73.1 * libsss_idmap-devel-1.16.1-150000.8.73.1 * libsss_certmap-devel-1.16.1-150000.8.73.1 * libipa_hbac0-1.16.1-150000.8.73.1 * sssd-ad-1.16.1-150000.8.73.1 * libsss_nss_idmap0-debuginfo-1.16.1-150000.8.73.1 * sssd-wbclient-debuginfo-1.16.1-150000.8.73.1 * sssd-proxy-debuginfo-1.16.1-150000.8.73.1 * sssd-1.16.1-150000.8.73.1 * sssd-wbclient-1.16.1-150000.8.73.1 * sssd-wbclient-devel-1.16.1-150000.8.73.1 * libsss_idmap0-debuginfo-1.16.1-150000.8.73.1 * libipa_hbac0-debuginfo-1.16.1-150000.8.73.1 * libsss_simpleifp0-debuginfo-1.16.1-150000.8.73.1 * libsss_simpleifp-devel-1.16.1-150000.8.73.1 * sssd-ldap-debuginfo-1.16.1-150000.8.73.1 * libsss_certmap0-1.16.1-150000.8.73.1 * sssd-krb5-debuginfo-1.16.1-150000.8.73.1 * sssd-winbind-idmap-debuginfo-1.16.1-150000.8.73.1 * sssd-krb5-common-1.16.1-150000.8.73.1 * libipa_hbac-devel-1.16.1-150000.8.73.1 * python3-sssd-config-debuginfo-1.16.1-150000.8.73.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * sssd-32bit-1.16.1-150000.8.73.1 * sssd-32bit-debuginfo-1.16.1-150000.8.73.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libsss_idmap0-1.16.1-150000.8.73.1 * sssd-debugsource-1.16.1-150000.8.73.1 * sssd-dbus-debuginfo-1.16.1-150000.8.73.1 * sssd-winbind-idmap-1.16.1-150000.8.73.1 * sssd-dbus-1.16.1-150000.8.73.1 * sssd-krb5-1.16.1-150000.8.73.1 * sssd-tools-1.16.1-150000.8.73.1 * sssd-proxy-1.16.1-150000.8.73.1 * libsss_nss_idmap0-1.16.1-150000.8.73.1 * libsss_simpleifp0-1.16.1-150000.8.73.1 * sssd-krb5-common-debuginfo-1.16.1-150000.8.73.1 * sssd-ipa-1.16.1-150000.8.73.1 * sssd-debuginfo-1.16.1-150000.8.73.1 * python3-sssd-config-1.16.1-150000.8.73.1 * libsss_nss_idmap-devel-1.16.1-150000.8.73.1 * sssd-tools-debuginfo-1.16.1-150000.8.73.1 * sssd-ad-debuginfo-1.16.1-150000.8.73.1 * sssd-ipa-debuginfo-1.16.1-150000.8.73.1 * sssd-ldap-1.16.1-150000.8.73.1 * libsss_certmap0-debuginfo-1.16.1-150000.8.73.1 * libsss_idmap-devel-1.16.1-150000.8.73.1 * libsss_certmap-devel-1.16.1-150000.8.73.1 * libipa_hbac0-1.16.1-150000.8.73.1 * sssd-ad-1.16.1-150000.8.73.1 * libsss_nss_idmap0-debuginfo-1.16.1-150000.8.73.1 * sssd-wbclient-debuginfo-1.16.1-150000.8.73.1 * sssd-proxy-debuginfo-1.16.1-150000.8.73.1 * sssd-1.16.1-150000.8.73.1 * sssd-wbclient-1.16.1-150000.8.73.1 * sssd-wbclient-devel-1.16.1-150000.8.73.1 * libsss_idmap0-debuginfo-1.16.1-150000.8.73.1 * libipa_hbac0-debuginfo-1.16.1-150000.8.73.1 * libsss_simpleifp0-debuginfo-1.16.1-150000.8.73.1 * libsss_simpleifp-devel-1.16.1-150000.8.73.1 * sssd-ldap-debuginfo-1.16.1-150000.8.73.1 * libsss_certmap0-1.16.1-150000.8.73.1 * sssd-krb5-debuginfo-1.16.1-150000.8.73.1 * sssd-winbind-idmap-debuginfo-1.16.1-150000.8.73.1 * sssd-krb5-common-1.16.1-150000.8.73.1 * libipa_hbac-devel-1.16.1-150000.8.73.1 * python3-sssd-config-debuginfo-1.16.1-150000.8.73.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * sssd-32bit-1.16.1-150000.8.73.1 * sssd-32bit-debuginfo-1.16.1-150000.8.73.1 * SUSE CaaS Platform 4.0 (x86_64) * libsss_idmap0-1.16.1-150000.8.73.1 * sssd-debugsource-1.16.1-150000.8.73.1 * sssd-dbus-debuginfo-1.16.1-150000.8.73.1 * sssd-winbind-idmap-1.16.1-150000.8.73.1 * sssd-dbus-1.16.1-150000.8.73.1 * sssd-32bit-1.16.1-150000.8.73.1 * sssd-32bit-debuginfo-1.16.1-150000.8.73.1 * sssd-krb5-1.16.1-150000.8.73.1 * sssd-tools-1.16.1-150000.8.73.1 * sssd-proxy-1.16.1-150000.8.73.1 * libsss_nss_idmap0-1.16.1-150000.8.73.1 * libsss_simpleifp0-1.16.1-150000.8.73.1 * sssd-krb5-common-debuginfo-1.16.1-150000.8.73.1 * sssd-ipa-1.16.1-150000.8.73.1 * sssd-debuginfo-1.16.1-150000.8.73.1 * python3-sssd-config-1.16.1-150000.8.73.1 * libsss_nss_idmap-devel-1.16.1-150000.8.73.1 * sssd-tools-debuginfo-1.16.1-150000.8.73.1 * sssd-ad-debuginfo-1.16.1-150000.8.73.1 * sssd-ipa-debuginfo-1.16.1-150000.8.73.1 * sssd-ldap-1.16.1-150000.8.73.1 * libsss_certmap0-debuginfo-1.16.1-150000.8.73.1 * libsss_idmap-devel-1.16.1-150000.8.73.1 * libsss_certmap-devel-1.16.1-150000.8.73.1 * libipa_hbac0-1.16.1-150000.8.73.1 * sssd-ad-1.16.1-150000.8.73.1 * libsss_nss_idmap0-debuginfo-1.16.1-150000.8.73.1 * sssd-wbclient-debuginfo-1.16.1-150000.8.73.1 * sssd-proxy-debuginfo-1.16.1-150000.8.73.1 * sssd-1.16.1-150000.8.73.1 * sssd-wbclient-1.16.1-150000.8.73.1 * sssd-wbclient-devel-1.16.1-150000.8.73.1 * libsss_idmap0-debuginfo-1.16.1-150000.8.73.1 * libipa_hbac0-debuginfo-1.16.1-150000.8.73.1 * libsss_simpleifp0-debuginfo-1.16.1-150000.8.73.1 * libsss_simpleifp-devel-1.16.1-150000.8.73.1 * sssd-ldap-debuginfo-1.16.1-150000.8.73.1 * libsss_certmap0-1.16.1-150000.8.73.1 * sssd-krb5-debuginfo-1.16.1-150000.8.73.1 * sssd-winbind-idmap-debuginfo-1.16.1-150000.8.73.1 * sssd-krb5-common-1.16.1-150000.8.73.1 * libipa_hbac-devel-1.16.1-150000.8.73.1 * python3-sssd-config-debuginfo-1.16.1-150000.8.73.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libsss_idmap0-1.16.1-150000.8.73.1 * sssd-debugsource-1.16.1-150000.8.73.1 * sssd-dbus-debuginfo-1.16.1-150000.8.73.1 * sssd-winbind-idmap-1.16.1-150000.8.73.1 * sssd-dbus-1.16.1-150000.8.73.1 * sssd-krb5-1.16.1-150000.8.73.1 * sssd-tools-1.16.1-150000.8.73.1 * sssd-proxy-1.16.1-150000.8.73.1 * libsss_nss_idmap0-1.16.1-150000.8.73.1 * libsss_simpleifp0-1.16.1-150000.8.73.1 * sssd-krb5-common-debuginfo-1.16.1-150000.8.73.1 * sssd-ipa-1.16.1-150000.8.73.1 * sssd-debuginfo-1.16.1-150000.8.73.1 * python3-sssd-config-1.16.1-150000.8.73.1 * libsss_nss_idmap-devel-1.16.1-150000.8.73.1 * sssd-tools-debuginfo-1.16.1-150000.8.73.1 * sssd-ad-debuginfo-1.16.1-150000.8.73.1 * sssd-ipa-debuginfo-1.16.1-150000.8.73.1 * sssd-ldap-1.16.1-150000.8.73.1 * libsss_certmap0-debuginfo-1.16.1-150000.8.73.1 * libsss_idmap-devel-1.16.1-150000.8.73.1 * libsss_certmap-devel-1.16.1-150000.8.73.1 * libipa_hbac0-1.16.1-150000.8.73.1 * sssd-ad-1.16.1-150000.8.73.1 * libsss_nss_idmap0-debuginfo-1.16.1-150000.8.73.1 * sssd-wbclient-debuginfo-1.16.1-150000.8.73.1 * sssd-proxy-debuginfo-1.16.1-150000.8.73.1 * sssd-1.16.1-150000.8.73.1 * sssd-wbclient-1.16.1-150000.8.73.1 * sssd-wbclient-devel-1.16.1-150000.8.73.1 * libsss_idmap0-debuginfo-1.16.1-150000.8.73.1 * libipa_hbac0-debuginfo-1.16.1-150000.8.73.1 * libsss_simpleifp0-debuginfo-1.16.1-150000.8.73.1 * libsss_simpleifp-devel-1.16.1-150000.8.73.1 * sssd-ldap-debuginfo-1.16.1-150000.8.73.1 * libsss_certmap0-1.16.1-150000.8.73.1 * sssd-krb5-debuginfo-1.16.1-150000.8.73.1 * sssd-winbind-idmap-debuginfo-1.16.1-150000.8.73.1 * sssd-krb5-common-1.16.1-150000.8.73.1 * libipa_hbac-devel-1.16.1-150000.8.73.1 * python3-sssd-config-debuginfo-1.16.1-150000.8.73.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * sssd-32bit-1.16.1-150000.8.73.1 * sssd-32bit-debuginfo-1.16.1-150000.8.73.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214434 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 24 16:30:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Oct 2023 16:30:27 -0000 Subject: SUSE-RU-2023:4180-1: important: Recommended update for sssd Message-ID: <169816502772.29027.14630297050566116978@smelt2.prg2.suse.org> # Recommended update for sssd Announcement ID: SUSE-RU-2023:4180-1 Rating: important References: * bsc#1214434 Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that has one fix can now be installed. ## Description: This update for sssd fixes the following issues: * LDAP password policy: return failure if there are no grace logins left (bsc#1214434) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4180=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4180=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4180=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libipa_hbac0-debuginfo-1.16.1-150200.17.29.1 * sssd-krb5-common-debuginfo-1.16.1-150200.17.29.1 * sssd-krb5-common-1.16.1-150200.17.29.1 * libipa_hbac-devel-1.16.1-150200.17.29.1 * python3-sssd-config-1.16.1-150200.17.29.1 * libsss_certmap0-debuginfo-1.16.1-150200.17.29.1 * sssd-dbus-1.16.1-150200.17.29.1 * sssd-winbind-idmap-1.16.1-150200.17.29.1 * libsss_idmap0-1.16.1-150200.17.29.1 * sssd-common-debuginfo-1.16.1-150200.17.29.1 * sssd-proxy-1.16.1-150200.17.29.1 * libsss_nss_idmap0-debuginfo-1.16.1-150200.17.29.1 * sssd-krb5-debuginfo-1.16.1-150200.17.29.1 * sssd-dbus-debuginfo-1.16.1-150200.17.29.1 * sssd-proxy-debuginfo-1.16.1-150200.17.29.1 * sssd-1.16.1-150200.17.29.1 * sssd-ldap-1.16.1-150200.17.29.1 * sssd-ad-debuginfo-1.16.1-150200.17.29.1 * libsss_idmap0-debuginfo-1.16.1-150200.17.29.1 * sssd-ipa-1.16.1-150200.17.29.1 * sssd-ad-1.16.1-150200.17.29.1 * libipa_hbac0-1.16.1-150200.17.29.1 * libsss_nss_idmap-devel-1.16.1-150200.17.29.1 * sssd-tools-debuginfo-1.16.1-150200.17.29.1 * libsss_certmap0-1.16.1-150200.17.29.1 * libsss_simpleifp0-1.16.1-150200.17.29.1 * sssd-winbind-idmap-debuginfo-1.16.1-150200.17.29.1 * libsss_certmap-devel-1.16.1-150200.17.29.1 * libsss_nss_idmap0-1.16.1-150200.17.29.1 * python3-sssd-config-debuginfo-1.16.1-150200.17.29.1 * sssd-ipa-debuginfo-1.16.1-150200.17.29.1 * libsss_simpleifp-devel-1.16.1-150200.17.29.1 * sssd-debugsource-1.16.1-150200.17.29.1 * sssd-ldap-debuginfo-1.16.1-150200.17.29.1 * sssd-tools-1.16.1-150200.17.29.1 * sssd-common-1.16.1-150200.17.29.1 * libsss_simpleifp0-debuginfo-1.16.1-150200.17.29.1 * libsss_idmap-devel-1.16.1-150200.17.29.1 * sssd-krb5-1.16.1-150200.17.29.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * sssd-common-32bit-1.16.1-150200.17.29.1 * sssd-common-32bit-debuginfo-1.16.1-150200.17.29.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libipa_hbac0-debuginfo-1.16.1-150200.17.29.1 * sssd-krb5-common-debuginfo-1.16.1-150200.17.29.1 * sssd-krb5-common-1.16.1-150200.17.29.1 * libipa_hbac-devel-1.16.1-150200.17.29.1 * python3-sssd-config-1.16.1-150200.17.29.1 * libsss_certmap0-debuginfo-1.16.1-150200.17.29.1 * sssd-dbus-1.16.1-150200.17.29.1 * sssd-winbind-idmap-1.16.1-150200.17.29.1 * libsss_idmap0-1.16.1-150200.17.29.1 * sssd-common-debuginfo-1.16.1-150200.17.29.1 * sssd-proxy-1.16.1-150200.17.29.1 * libsss_nss_idmap0-debuginfo-1.16.1-150200.17.29.1 * sssd-krb5-debuginfo-1.16.1-150200.17.29.1 * sssd-dbus-debuginfo-1.16.1-150200.17.29.1 * sssd-proxy-debuginfo-1.16.1-150200.17.29.1 * sssd-1.16.1-150200.17.29.1 * sssd-ldap-1.16.1-150200.17.29.1 * sssd-ad-debuginfo-1.16.1-150200.17.29.1 * libsss_idmap0-debuginfo-1.16.1-150200.17.29.1 * sssd-ipa-1.16.1-150200.17.29.1 * sssd-ad-1.16.1-150200.17.29.1 * libipa_hbac0-1.16.1-150200.17.29.1 * libsss_nss_idmap-devel-1.16.1-150200.17.29.1 * sssd-tools-debuginfo-1.16.1-150200.17.29.1 * libsss_certmap0-1.16.1-150200.17.29.1 * libsss_simpleifp0-1.16.1-150200.17.29.1 * sssd-winbind-idmap-debuginfo-1.16.1-150200.17.29.1 * libsss_certmap-devel-1.16.1-150200.17.29.1 * libsss_nss_idmap0-1.16.1-150200.17.29.1 * python3-sssd-config-debuginfo-1.16.1-150200.17.29.1 * sssd-ipa-debuginfo-1.16.1-150200.17.29.1 * libsss_simpleifp-devel-1.16.1-150200.17.29.1 * sssd-debugsource-1.16.1-150200.17.29.1 * sssd-ldap-debuginfo-1.16.1-150200.17.29.1 * sssd-tools-1.16.1-150200.17.29.1 * sssd-common-1.16.1-150200.17.29.1 * libsss_simpleifp0-debuginfo-1.16.1-150200.17.29.1 * libsss_idmap-devel-1.16.1-150200.17.29.1 * sssd-krb5-1.16.1-150200.17.29.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * sssd-common-32bit-1.16.1-150200.17.29.1 * sssd-common-32bit-debuginfo-1.16.1-150200.17.29.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libipa_hbac0-debuginfo-1.16.1-150200.17.29.1 * sssd-krb5-common-debuginfo-1.16.1-150200.17.29.1 * sssd-krb5-common-1.16.1-150200.17.29.1 * libipa_hbac-devel-1.16.1-150200.17.29.1 * python3-sssd-config-1.16.1-150200.17.29.1 * libsss_certmap0-debuginfo-1.16.1-150200.17.29.1 * sssd-dbus-1.16.1-150200.17.29.1 * sssd-winbind-idmap-1.16.1-150200.17.29.1 * libsss_idmap0-1.16.1-150200.17.29.1 * sssd-common-debuginfo-1.16.1-150200.17.29.1 * sssd-proxy-1.16.1-150200.17.29.1 * libsss_nss_idmap0-debuginfo-1.16.1-150200.17.29.1 * sssd-krb5-debuginfo-1.16.1-150200.17.29.1 * sssd-dbus-debuginfo-1.16.1-150200.17.29.1 * sssd-proxy-debuginfo-1.16.1-150200.17.29.1 * sssd-1.16.1-150200.17.29.1 * sssd-ldap-1.16.1-150200.17.29.1 * sssd-ad-debuginfo-1.16.1-150200.17.29.1 * libsss_idmap0-debuginfo-1.16.1-150200.17.29.1 * sssd-ipa-1.16.1-150200.17.29.1 * sssd-ad-1.16.1-150200.17.29.1 * libipa_hbac0-1.16.1-150200.17.29.1 * libsss_nss_idmap-devel-1.16.1-150200.17.29.1 * sssd-tools-debuginfo-1.16.1-150200.17.29.1 * libsss_certmap0-1.16.1-150200.17.29.1 * libsss_simpleifp0-1.16.1-150200.17.29.1 * sssd-winbind-idmap-debuginfo-1.16.1-150200.17.29.1 * libsss_certmap-devel-1.16.1-150200.17.29.1 * libsss_nss_idmap0-1.16.1-150200.17.29.1 * python3-sssd-config-debuginfo-1.16.1-150200.17.29.1 * sssd-ipa-debuginfo-1.16.1-150200.17.29.1 * libsss_simpleifp-devel-1.16.1-150200.17.29.1 * sssd-debugsource-1.16.1-150200.17.29.1 * sssd-ldap-debuginfo-1.16.1-150200.17.29.1 * sssd-tools-1.16.1-150200.17.29.1 * sssd-common-1.16.1-150200.17.29.1 * libsss_simpleifp0-debuginfo-1.16.1-150200.17.29.1 * libsss_idmap-devel-1.16.1-150200.17.29.1 * sssd-krb5-1.16.1-150200.17.29.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * sssd-common-32bit-1.16.1-150200.17.29.1 * sssd-common-32bit-debuginfo-1.16.1-150200.17.29.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214434 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 24 16:30:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Oct 2023 16:30:30 -0000 Subject: SUSE-RU-2023:4179-1: important: Recommended update for sssd Message-ID: <169816503074.29027.13764339432685208712@smelt2.prg2.suse.org> # Recommended update for sssd Announcement ID: SUSE-RU-2023:4179-1 Rating: important References: * bsc#1214434 Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that has one fix can now be installed. ## Description: This update for sssd fixes the following issues: * LDAP password policy: return failure if there are no grace logins left (bsc#1214434) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4179=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4179=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4179=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4179=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4179=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4179=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4179=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4179=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4179=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4179=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4179=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4179=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * libsss_nss_idmap-devel-1.16.1-150300.23.40.1 * libsss_idmap-devel-1.16.1-150300.23.40.1 * sssd-ipa-debuginfo-1.16.1-150300.23.40.1 * libsss_idmap0-debuginfo-1.16.1-150300.23.40.1 * sssd-common-debuginfo-1.16.1-150300.23.40.1 * libipa_hbac0-debuginfo-1.16.1-150300.23.40.1 * sssd-tools-debuginfo-1.16.1-150300.23.40.1 * sssd-krb5-debuginfo-1.16.1-150300.23.40.1 * sssd-proxy-1.16.1-150300.23.40.1 * sssd-dbus-debuginfo-1.16.1-150300.23.40.1 * sssd-ldap-debuginfo-1.16.1-150300.23.40.1 * sssd-debugsource-1.16.1-150300.23.40.1 * libsss_idmap0-1.16.1-150300.23.40.1 * sssd-wbclient-1.16.1-150300.23.40.1 * python3-sss-murmur-1.16.1-150300.23.40.1 * libnfsidmap-sss-debuginfo-1.16.1-150300.23.40.1 * libnfsidmap-sss-1.16.1-150300.23.40.1 * libsss_simpleifp0-1.16.1-150300.23.40.1 * libsss_certmap0-debuginfo-1.16.1-150300.23.40.1 * sssd-ldap-1.16.1-150300.23.40.1 * python3-sss_nss_idmap-debuginfo-1.16.1-150300.23.40.1 * libipa_hbac-devel-1.16.1-150300.23.40.1 * libipa_hbac0-1.16.1-150300.23.40.1 * sssd-ad-debuginfo-1.16.1-150300.23.40.1 * libsss_nss_idmap0-debuginfo-1.16.1-150300.23.40.1 * sssd-krb5-1.16.1-150300.23.40.1 * sssd-dbus-1.16.1-150300.23.40.1 * python3-sssd-config-debuginfo-1.16.1-150300.23.40.1 * sssd-ad-1.16.1-150300.23.40.1 * sssd-1.16.1-150300.23.40.1 * libsss_certmap0-1.16.1-150300.23.40.1 * sssd-tools-1.16.1-150300.23.40.1 * sssd-wbclient-debuginfo-1.16.1-150300.23.40.1 * sssd-ipa-1.16.1-150300.23.40.1 * python3-ipa_hbac-debuginfo-1.16.1-150300.23.40.1 * python3-ipa_hbac-1.16.1-150300.23.40.1 * python3-sssd-config-1.16.1-150300.23.40.1 * libsss_simpleifp0-debuginfo-1.16.1-150300.23.40.1 * libsss_nss_idmap0-1.16.1-150300.23.40.1 * sssd-proxy-debuginfo-1.16.1-150300.23.40.1 * sssd-common-1.16.1-150300.23.40.1 * sssd-wbclient-devel-1.16.1-150300.23.40.1 * sssd-krb5-common-debuginfo-1.16.1-150300.23.40.1 * python3-sss-murmur-debuginfo-1.16.1-150300.23.40.1 * libsss_certmap-devel-1.16.1-150300.23.40.1 * sssd-krb5-common-1.16.1-150300.23.40.1 * sssd-winbind-idmap-1.16.1-150300.23.40.1 * python3-sss_nss_idmap-1.16.1-150300.23.40.1 * libsss_simpleifp-devel-1.16.1-150300.23.40.1 * sssd-winbind-idmap-debuginfo-1.16.1-150300.23.40.1 * openSUSE Leap 15.3 (x86_64) * sssd-common-32bit-1.16.1-150300.23.40.1 * sssd-common-32bit-debuginfo-1.16.1-150300.23.40.1 * openSUSE Leap 15.3 (aarch64_ilp32) * sssd-common-64bit-debuginfo-1.16.1-150300.23.40.1 * sssd-common-64bit-1.16.1-150300.23.40.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libsss_nss_idmap-devel-1.16.1-150300.23.40.1 * libsss_idmap-devel-1.16.1-150300.23.40.1 * sssd-ipa-debuginfo-1.16.1-150300.23.40.1 * libsss_idmap0-debuginfo-1.16.1-150300.23.40.1 * sssd-common-debuginfo-1.16.1-150300.23.40.1 * libipa_hbac0-debuginfo-1.16.1-150300.23.40.1 * sssd-tools-debuginfo-1.16.1-150300.23.40.1 * sssd-krb5-debuginfo-1.16.1-150300.23.40.1 * sssd-proxy-1.16.1-150300.23.40.1 * sssd-dbus-debuginfo-1.16.1-150300.23.40.1 * sssd-ldap-debuginfo-1.16.1-150300.23.40.1 * sssd-debugsource-1.16.1-150300.23.40.1 * libsss_idmap0-1.16.1-150300.23.40.1 * libsss_simpleifp0-1.16.1-150300.23.40.1 * libsss_certmap0-debuginfo-1.16.1-150300.23.40.1 * sssd-ldap-1.16.1-150300.23.40.1 * libipa_hbac-devel-1.16.1-150300.23.40.1 * libipa_hbac0-1.16.1-150300.23.40.1 * sssd-ad-debuginfo-1.16.1-150300.23.40.1 * libsss_nss_idmap0-debuginfo-1.16.1-150300.23.40.1 * sssd-krb5-1.16.1-150300.23.40.1 * sssd-dbus-1.16.1-150300.23.40.1 * python3-sssd-config-debuginfo-1.16.1-150300.23.40.1 * sssd-ad-1.16.1-150300.23.40.1 * sssd-1.16.1-150300.23.40.1 * libsss_certmap0-1.16.1-150300.23.40.1 * sssd-tools-1.16.1-150300.23.40.1 * sssd-ipa-1.16.1-150300.23.40.1 * python3-sssd-config-1.16.1-150300.23.40.1 * libsss_simpleifp0-debuginfo-1.16.1-150300.23.40.1 * libsss_nss_idmap0-1.16.1-150300.23.40.1 * sssd-proxy-debuginfo-1.16.1-150300.23.40.1 * sssd-common-1.16.1-150300.23.40.1 * sssd-krb5-common-debuginfo-1.16.1-150300.23.40.1 * libsss_certmap-devel-1.16.1-150300.23.40.1 * sssd-krb5-common-1.16.1-150300.23.40.1 * sssd-winbind-idmap-1.16.1-150300.23.40.1 * libsss_simpleifp-devel-1.16.1-150300.23.40.1 * sssd-winbind-idmap-debuginfo-1.16.1-150300.23.40.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * sssd-common-32bit-1.16.1-150300.23.40.1 * sssd-common-32bit-debuginfo-1.16.1-150300.23.40.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libsss_nss_idmap-devel-1.16.1-150300.23.40.1 * libsss_idmap-devel-1.16.1-150300.23.40.1 * sssd-ipa-debuginfo-1.16.1-150300.23.40.1 * libsss_idmap0-debuginfo-1.16.1-150300.23.40.1 * sssd-common-debuginfo-1.16.1-150300.23.40.1 * libipa_hbac0-debuginfo-1.16.1-150300.23.40.1 * sssd-tools-debuginfo-1.16.1-150300.23.40.1 * sssd-krb5-debuginfo-1.16.1-150300.23.40.1 * sssd-proxy-1.16.1-150300.23.40.1 * sssd-dbus-debuginfo-1.16.1-150300.23.40.1 * sssd-ldap-debuginfo-1.16.1-150300.23.40.1 * sssd-debugsource-1.16.1-150300.23.40.1 * libsss_idmap0-1.16.1-150300.23.40.1 * libsss_simpleifp0-1.16.1-150300.23.40.1 * libsss_certmap0-debuginfo-1.16.1-150300.23.40.1 * sssd-ldap-1.16.1-150300.23.40.1 * libipa_hbac-devel-1.16.1-150300.23.40.1 * libipa_hbac0-1.16.1-150300.23.40.1 * sssd-ad-debuginfo-1.16.1-150300.23.40.1 * libsss_nss_idmap0-debuginfo-1.16.1-150300.23.40.1 * sssd-krb5-1.16.1-150300.23.40.1 * sssd-dbus-1.16.1-150300.23.40.1 * python3-sssd-config-debuginfo-1.16.1-150300.23.40.1 * sssd-ad-1.16.1-150300.23.40.1 * sssd-1.16.1-150300.23.40.1 * libsss_certmap0-1.16.1-150300.23.40.1 * sssd-tools-1.16.1-150300.23.40.1 * sssd-ipa-1.16.1-150300.23.40.1 * python3-sssd-config-1.16.1-150300.23.40.1 * libsss_simpleifp0-debuginfo-1.16.1-150300.23.40.1 * libsss_nss_idmap0-1.16.1-150300.23.40.1 * sssd-proxy-debuginfo-1.16.1-150300.23.40.1 * sssd-common-1.16.1-150300.23.40.1 * sssd-krb5-common-debuginfo-1.16.1-150300.23.40.1 * libsss_certmap-devel-1.16.1-150300.23.40.1 * sssd-krb5-common-1.16.1-150300.23.40.1 * sssd-winbind-idmap-1.16.1-150300.23.40.1 * libsss_simpleifp-devel-1.16.1-150300.23.40.1 * sssd-winbind-idmap-debuginfo-1.16.1-150300.23.40.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * sssd-common-32bit-1.16.1-150300.23.40.1 * sssd-common-32bit-debuginfo-1.16.1-150300.23.40.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libsss_nss_idmap-devel-1.16.1-150300.23.40.1 * libsss_idmap-devel-1.16.1-150300.23.40.1 * sssd-ipa-debuginfo-1.16.1-150300.23.40.1 * libsss_idmap0-debuginfo-1.16.1-150300.23.40.1 * sssd-common-debuginfo-1.16.1-150300.23.40.1 * libipa_hbac0-debuginfo-1.16.1-150300.23.40.1 * sssd-tools-debuginfo-1.16.1-150300.23.40.1 * sssd-krb5-debuginfo-1.16.1-150300.23.40.1 * sssd-proxy-1.16.1-150300.23.40.1 * sssd-dbus-debuginfo-1.16.1-150300.23.40.1 * sssd-ldap-debuginfo-1.16.1-150300.23.40.1 * sssd-debugsource-1.16.1-150300.23.40.1 * libsss_idmap0-1.16.1-150300.23.40.1 * libsss_simpleifp0-1.16.1-150300.23.40.1 * libsss_certmap0-debuginfo-1.16.1-150300.23.40.1 * sssd-ldap-1.16.1-150300.23.40.1 * libipa_hbac-devel-1.16.1-150300.23.40.1 * libipa_hbac0-1.16.1-150300.23.40.1 * sssd-ad-debuginfo-1.16.1-150300.23.40.1 * libsss_nss_idmap0-debuginfo-1.16.1-150300.23.40.1 * sssd-krb5-1.16.1-150300.23.40.1 * sssd-dbus-1.16.1-150300.23.40.1 * python3-sssd-config-debuginfo-1.16.1-150300.23.40.1 * sssd-ad-1.16.1-150300.23.40.1 * sssd-1.16.1-150300.23.40.1 * libsss_certmap0-1.16.1-150300.23.40.1 * sssd-tools-1.16.1-150300.23.40.1 * sssd-ipa-1.16.1-150300.23.40.1 * python3-sssd-config-1.16.1-150300.23.40.1 * libsss_simpleifp0-debuginfo-1.16.1-150300.23.40.1 * libsss_nss_idmap0-1.16.1-150300.23.40.1 * sssd-proxy-debuginfo-1.16.1-150300.23.40.1 * sssd-common-1.16.1-150300.23.40.1 * sssd-krb5-common-debuginfo-1.16.1-150300.23.40.1 * libsss_certmap-devel-1.16.1-150300.23.40.1 * sssd-krb5-common-1.16.1-150300.23.40.1 * sssd-winbind-idmap-1.16.1-150300.23.40.1 * libsss_simpleifp-devel-1.16.1-150300.23.40.1 * sssd-winbind-idmap-debuginfo-1.16.1-150300.23.40.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * sssd-common-32bit-1.16.1-150300.23.40.1 * sssd-common-32bit-debuginfo-1.16.1-150300.23.40.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libsss_nss_idmap-devel-1.16.1-150300.23.40.1 * libsss_idmap-devel-1.16.1-150300.23.40.1 * sssd-ipa-debuginfo-1.16.1-150300.23.40.1 * libsss_idmap0-debuginfo-1.16.1-150300.23.40.1 * sssd-common-debuginfo-1.16.1-150300.23.40.1 * libipa_hbac0-debuginfo-1.16.1-150300.23.40.1 * sssd-tools-debuginfo-1.16.1-150300.23.40.1 * sssd-krb5-debuginfo-1.16.1-150300.23.40.1 * sssd-proxy-1.16.1-150300.23.40.1 * sssd-dbus-debuginfo-1.16.1-150300.23.40.1 * sssd-ldap-debuginfo-1.16.1-150300.23.40.1 * sssd-debugsource-1.16.1-150300.23.40.1 * libsss_idmap0-1.16.1-150300.23.40.1 * libsss_simpleifp0-1.16.1-150300.23.40.1 * libsss_certmap0-debuginfo-1.16.1-150300.23.40.1 * sssd-ldap-1.16.1-150300.23.40.1 * libipa_hbac-devel-1.16.1-150300.23.40.1 * libipa_hbac0-1.16.1-150300.23.40.1 * sssd-ad-debuginfo-1.16.1-150300.23.40.1 * libsss_nss_idmap0-debuginfo-1.16.1-150300.23.40.1 * sssd-krb5-1.16.1-150300.23.40.1 * sssd-dbus-1.16.1-150300.23.40.1 * python3-sssd-config-debuginfo-1.16.1-150300.23.40.1 * sssd-ad-1.16.1-150300.23.40.1 * sssd-1.16.1-150300.23.40.1 * libsss_certmap0-1.16.1-150300.23.40.1 * sssd-tools-1.16.1-150300.23.40.1 * sssd-ipa-1.16.1-150300.23.40.1 * python3-sssd-config-1.16.1-150300.23.40.1 * libsss_simpleifp0-debuginfo-1.16.1-150300.23.40.1 * libsss_nss_idmap0-1.16.1-150300.23.40.1 * sssd-proxy-debuginfo-1.16.1-150300.23.40.1 * sssd-common-1.16.1-150300.23.40.1 * sssd-krb5-common-debuginfo-1.16.1-150300.23.40.1 * libsss_certmap-devel-1.16.1-150300.23.40.1 * sssd-krb5-common-1.16.1-150300.23.40.1 * sssd-winbind-idmap-1.16.1-150300.23.40.1 * libsss_simpleifp-devel-1.16.1-150300.23.40.1 * sssd-winbind-idmap-debuginfo-1.16.1-150300.23.40.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * sssd-common-32bit-1.16.1-150300.23.40.1 * sssd-common-32bit-debuginfo-1.16.1-150300.23.40.1 * SUSE Manager Proxy 4.2 (x86_64) * libsss_nss_idmap-devel-1.16.1-150300.23.40.1 * libsss_idmap-devel-1.16.1-150300.23.40.1 * sssd-ipa-debuginfo-1.16.1-150300.23.40.1 * libsss_idmap0-debuginfo-1.16.1-150300.23.40.1 * sssd-common-32bit-1.16.1-150300.23.40.1 * sssd-common-debuginfo-1.16.1-150300.23.40.1 * libipa_hbac0-debuginfo-1.16.1-150300.23.40.1 * sssd-tools-debuginfo-1.16.1-150300.23.40.1 * sssd-krb5-debuginfo-1.16.1-150300.23.40.1 * sssd-proxy-1.16.1-150300.23.40.1 * sssd-dbus-debuginfo-1.16.1-150300.23.40.1 * sssd-ldap-debuginfo-1.16.1-150300.23.40.1 * sssd-debugsource-1.16.1-150300.23.40.1 * libsss_idmap0-1.16.1-150300.23.40.1 * libsss_simpleifp0-1.16.1-150300.23.40.1 * libsss_certmap0-debuginfo-1.16.1-150300.23.40.1 * sssd-ldap-1.16.1-150300.23.40.1 * libipa_hbac-devel-1.16.1-150300.23.40.1 * libipa_hbac0-1.16.1-150300.23.40.1 * sssd-ad-debuginfo-1.16.1-150300.23.40.1 * libsss_nss_idmap0-debuginfo-1.16.1-150300.23.40.1 * sssd-krb5-1.16.1-150300.23.40.1 * sssd-dbus-1.16.1-150300.23.40.1 * python3-sssd-config-debuginfo-1.16.1-150300.23.40.1 * sssd-ad-1.16.1-150300.23.40.1 * sssd-1.16.1-150300.23.40.1 * libsss_certmap0-1.16.1-150300.23.40.1 * sssd-tools-1.16.1-150300.23.40.1 * sssd-ipa-1.16.1-150300.23.40.1 * python3-sssd-config-1.16.1-150300.23.40.1 * libsss_simpleifp0-debuginfo-1.16.1-150300.23.40.1 * libsss_nss_idmap0-1.16.1-150300.23.40.1 * sssd-proxy-debuginfo-1.16.1-150300.23.40.1 * sssd-common-1.16.1-150300.23.40.1 * sssd-common-32bit-debuginfo-1.16.1-150300.23.40.1 * sssd-krb5-common-debuginfo-1.16.1-150300.23.40.1 * libsss_certmap-devel-1.16.1-150300.23.40.1 * sssd-krb5-common-1.16.1-150300.23.40.1 * sssd-winbind-idmap-1.16.1-150300.23.40.1 * libsss_simpleifp-devel-1.16.1-150300.23.40.1 * sssd-winbind-idmap-debuginfo-1.16.1-150300.23.40.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libsss_nss_idmap-devel-1.16.1-150300.23.40.1 * libsss_idmap-devel-1.16.1-150300.23.40.1 * sssd-ipa-debuginfo-1.16.1-150300.23.40.1 * libsss_idmap0-debuginfo-1.16.1-150300.23.40.1 * sssd-common-32bit-1.16.1-150300.23.40.1 * sssd-common-debuginfo-1.16.1-150300.23.40.1 * libipa_hbac0-debuginfo-1.16.1-150300.23.40.1 * sssd-tools-debuginfo-1.16.1-150300.23.40.1 * sssd-krb5-debuginfo-1.16.1-150300.23.40.1 * sssd-proxy-1.16.1-150300.23.40.1 * sssd-dbus-debuginfo-1.16.1-150300.23.40.1 * sssd-ldap-debuginfo-1.16.1-150300.23.40.1 * sssd-debugsource-1.16.1-150300.23.40.1 * libsss_idmap0-1.16.1-150300.23.40.1 * libsss_simpleifp0-1.16.1-150300.23.40.1 * libsss_certmap0-debuginfo-1.16.1-150300.23.40.1 * sssd-ldap-1.16.1-150300.23.40.1 * libipa_hbac-devel-1.16.1-150300.23.40.1 * libipa_hbac0-1.16.1-150300.23.40.1 * sssd-ad-debuginfo-1.16.1-150300.23.40.1 * libsss_nss_idmap0-debuginfo-1.16.1-150300.23.40.1 * sssd-krb5-1.16.1-150300.23.40.1 * sssd-dbus-1.16.1-150300.23.40.1 * python3-sssd-config-debuginfo-1.16.1-150300.23.40.1 * sssd-ad-1.16.1-150300.23.40.1 * sssd-1.16.1-150300.23.40.1 * libsss_certmap0-1.16.1-150300.23.40.1 * sssd-tools-1.16.1-150300.23.40.1 * sssd-ipa-1.16.1-150300.23.40.1 * python3-sssd-config-1.16.1-150300.23.40.1 * libsss_simpleifp0-debuginfo-1.16.1-150300.23.40.1 * libsss_nss_idmap0-1.16.1-150300.23.40.1 * sssd-proxy-debuginfo-1.16.1-150300.23.40.1 * sssd-common-1.16.1-150300.23.40.1 * sssd-common-32bit-debuginfo-1.16.1-150300.23.40.1 * sssd-krb5-common-debuginfo-1.16.1-150300.23.40.1 * libsss_certmap-devel-1.16.1-150300.23.40.1 * sssd-krb5-common-1.16.1-150300.23.40.1 * sssd-winbind-idmap-1.16.1-150300.23.40.1 * libsss_simpleifp-devel-1.16.1-150300.23.40.1 * sssd-winbind-idmap-debuginfo-1.16.1-150300.23.40.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libsss_nss_idmap-devel-1.16.1-150300.23.40.1 * libsss_idmap-devel-1.16.1-150300.23.40.1 * sssd-ipa-debuginfo-1.16.1-150300.23.40.1 * libsss_idmap0-debuginfo-1.16.1-150300.23.40.1 * sssd-common-debuginfo-1.16.1-150300.23.40.1 * libipa_hbac0-debuginfo-1.16.1-150300.23.40.1 * sssd-tools-debuginfo-1.16.1-150300.23.40.1 * sssd-krb5-debuginfo-1.16.1-150300.23.40.1 * sssd-proxy-1.16.1-150300.23.40.1 * sssd-dbus-debuginfo-1.16.1-150300.23.40.1 * sssd-ldap-debuginfo-1.16.1-150300.23.40.1 * sssd-debugsource-1.16.1-150300.23.40.1 * libsss_idmap0-1.16.1-150300.23.40.1 * libsss_simpleifp0-1.16.1-150300.23.40.1 * libsss_certmap0-debuginfo-1.16.1-150300.23.40.1 * sssd-ldap-1.16.1-150300.23.40.1 * libipa_hbac-devel-1.16.1-150300.23.40.1 * libipa_hbac0-1.16.1-150300.23.40.1 * sssd-ad-debuginfo-1.16.1-150300.23.40.1 * libsss_nss_idmap0-debuginfo-1.16.1-150300.23.40.1 * sssd-krb5-1.16.1-150300.23.40.1 * sssd-dbus-1.16.1-150300.23.40.1 * python3-sssd-config-debuginfo-1.16.1-150300.23.40.1 * sssd-ad-1.16.1-150300.23.40.1 * sssd-1.16.1-150300.23.40.1 * libsss_certmap0-1.16.1-150300.23.40.1 * sssd-tools-1.16.1-150300.23.40.1 * sssd-ipa-1.16.1-150300.23.40.1 * python3-sssd-config-1.16.1-150300.23.40.1 * libsss_simpleifp0-debuginfo-1.16.1-150300.23.40.1 * libsss_nss_idmap0-1.16.1-150300.23.40.1 * sssd-proxy-debuginfo-1.16.1-150300.23.40.1 * sssd-common-1.16.1-150300.23.40.1 * sssd-krb5-common-debuginfo-1.16.1-150300.23.40.1 * libsss_certmap-devel-1.16.1-150300.23.40.1 * sssd-krb5-common-1.16.1-150300.23.40.1 * sssd-winbind-idmap-1.16.1-150300.23.40.1 * libsss_simpleifp-devel-1.16.1-150300.23.40.1 * sssd-winbind-idmap-debuginfo-1.16.1-150300.23.40.1 * SUSE Manager Server 4.2 (x86_64) * sssd-common-32bit-1.16.1-150300.23.40.1 * sssd-common-32bit-debuginfo-1.16.1-150300.23.40.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libsss_nss_idmap-devel-1.16.1-150300.23.40.1 * libsss_idmap-devel-1.16.1-150300.23.40.1 * sssd-ipa-debuginfo-1.16.1-150300.23.40.1 * libsss_idmap0-debuginfo-1.16.1-150300.23.40.1 * sssd-common-debuginfo-1.16.1-150300.23.40.1 * libipa_hbac0-debuginfo-1.16.1-150300.23.40.1 * sssd-tools-debuginfo-1.16.1-150300.23.40.1 * sssd-krb5-debuginfo-1.16.1-150300.23.40.1 * sssd-proxy-1.16.1-150300.23.40.1 * sssd-dbus-debuginfo-1.16.1-150300.23.40.1 * sssd-ldap-debuginfo-1.16.1-150300.23.40.1 * sssd-debugsource-1.16.1-150300.23.40.1 * libsss_idmap0-1.16.1-150300.23.40.1 * libsss_simpleifp0-1.16.1-150300.23.40.1 * libsss_certmap0-debuginfo-1.16.1-150300.23.40.1 * sssd-ldap-1.16.1-150300.23.40.1 * libipa_hbac-devel-1.16.1-150300.23.40.1 * libipa_hbac0-1.16.1-150300.23.40.1 * sssd-ad-debuginfo-1.16.1-150300.23.40.1 * libsss_nss_idmap0-debuginfo-1.16.1-150300.23.40.1 * sssd-krb5-1.16.1-150300.23.40.1 * sssd-dbus-1.16.1-150300.23.40.1 * python3-sssd-config-debuginfo-1.16.1-150300.23.40.1 * sssd-ad-1.16.1-150300.23.40.1 * sssd-1.16.1-150300.23.40.1 * libsss_certmap0-1.16.1-150300.23.40.1 * sssd-tools-1.16.1-150300.23.40.1 * sssd-ipa-1.16.1-150300.23.40.1 * python3-sssd-config-1.16.1-150300.23.40.1 * libsss_simpleifp0-debuginfo-1.16.1-150300.23.40.1 * libsss_nss_idmap0-1.16.1-150300.23.40.1 * sssd-proxy-debuginfo-1.16.1-150300.23.40.1 * sssd-common-1.16.1-150300.23.40.1 * sssd-krb5-common-debuginfo-1.16.1-150300.23.40.1 * libsss_certmap-devel-1.16.1-150300.23.40.1 * sssd-krb5-common-1.16.1-150300.23.40.1 * sssd-winbind-idmap-1.16.1-150300.23.40.1 * libsss_simpleifp-devel-1.16.1-150300.23.40.1 * sssd-winbind-idmap-debuginfo-1.16.1-150300.23.40.1 * SUSE Enterprise Storage 7.1 (x86_64) * sssd-common-32bit-1.16.1-150300.23.40.1 * sssd-common-32bit-debuginfo-1.16.1-150300.23.40.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libsss_nss_idmap0-1.16.1-150300.23.40.1 * sssd-ldap-1.16.1-150300.23.40.1 * sssd-common-1.16.1-150300.23.40.1 * libsss_nss_idmap0-debuginfo-1.16.1-150300.23.40.1 * sssd-debugsource-1.16.1-150300.23.40.1 * sssd-krb5-common-debuginfo-1.16.1-150300.23.40.1 * sssd-ldap-debuginfo-1.16.1-150300.23.40.1 * libsss_idmap0-1.16.1-150300.23.40.1 * sssd-1.16.1-150300.23.40.1 * libsss_certmap0-1.16.1-150300.23.40.1 * libsss_idmap0-debuginfo-1.16.1-150300.23.40.1 * sssd-krb5-common-1.16.1-150300.23.40.1 * sssd-common-debuginfo-1.16.1-150300.23.40.1 * libsss_certmap0-debuginfo-1.16.1-150300.23.40.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libsss_nss_idmap0-1.16.1-150300.23.40.1 * sssd-ldap-1.16.1-150300.23.40.1 * sssd-common-1.16.1-150300.23.40.1 * libsss_nss_idmap0-debuginfo-1.16.1-150300.23.40.1 * sssd-debugsource-1.16.1-150300.23.40.1 * sssd-krb5-common-debuginfo-1.16.1-150300.23.40.1 * sssd-ldap-debuginfo-1.16.1-150300.23.40.1 * libsss_idmap0-1.16.1-150300.23.40.1 * sssd-1.16.1-150300.23.40.1 * libsss_certmap0-1.16.1-150300.23.40.1 * libsss_idmap0-debuginfo-1.16.1-150300.23.40.1 * sssd-krb5-common-1.16.1-150300.23.40.1 * sssd-common-debuginfo-1.16.1-150300.23.40.1 * libsss_certmap0-debuginfo-1.16.1-150300.23.40.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libsss_nss_idmap0-1.16.1-150300.23.40.1 * sssd-ldap-1.16.1-150300.23.40.1 * sssd-common-1.16.1-150300.23.40.1 * libsss_nss_idmap0-debuginfo-1.16.1-150300.23.40.1 * sssd-debugsource-1.16.1-150300.23.40.1 * sssd-krb5-common-debuginfo-1.16.1-150300.23.40.1 * sssd-ldap-debuginfo-1.16.1-150300.23.40.1 * libsss_idmap0-1.16.1-150300.23.40.1 * sssd-1.16.1-150300.23.40.1 * libsss_certmap0-1.16.1-150300.23.40.1 * libsss_idmap0-debuginfo-1.16.1-150300.23.40.1 * sssd-krb5-common-1.16.1-150300.23.40.1 * sssd-common-debuginfo-1.16.1-150300.23.40.1 * libsss_certmap0-debuginfo-1.16.1-150300.23.40.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214434 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 24 16:30:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Oct 2023 16:30:33 -0000 Subject: SUSE-RU-2023:4178-1: important: Recommended update for sssd Message-ID: <169816503372.29027.1337459441341343959@smelt2.prg2.suse.org> # Recommended update for sssd Announcement ID: SUSE-RU-2023:4178-1 Rating: important References: * bsc#1214434 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for sssd fixes the following issues: * LDAP password policy: return failure if there are no grace logins left (bsc#1214434) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4178=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4178=1 openSUSE-SLE-15.4-2023-4178=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4178=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4178=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4178=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4178=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4178=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4178=1 ## Package List: * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * sssd-ipa-debuginfo-2.5.2-150400.4.17.1 * sssd-krb5-common-2.5.2-150400.4.17.1 * python3-sssd-config-2.5.2-150400.4.17.1 * libipa_hbac-devel-2.5.2-150400.4.17.1 * sssd-kcm-2.5.2-150400.4.17.1 * sssd-winbind-idmap-debuginfo-2.5.2-150400.4.17.1 * libsss_certmap0-debuginfo-2.5.2-150400.4.17.1 * sssd-winbind-idmap-2.5.2-150400.4.17.1 * libsss_simpleifp-devel-2.5.2-150400.4.17.1 * libipa_hbac0-2.5.2-150400.4.17.1 * sssd-ipa-2.5.2-150400.4.17.1 * sssd-krb5-2.5.2-150400.4.17.1 * sssd-tools-debuginfo-2.5.2-150400.4.17.1 * libsss_idmap0-2.5.2-150400.4.17.1 * libsss_nss_idmap-devel-2.5.2-150400.4.17.1 * libsss_certmap-devel-2.5.2-150400.4.17.1 * libsss_idmap0-debuginfo-2.5.2-150400.4.17.1 * libsss_nss_idmap0-2.5.2-150400.4.17.1 * libsss_simpleifp0-2.5.2-150400.4.17.1 * sssd-proxy-2.5.2-150400.4.17.1 * sssd-tools-2.5.2-150400.4.17.1 * libsss_simpleifp0-debuginfo-2.5.2-150400.4.17.1 * sssd-dbus-2.5.2-150400.4.17.1 * libipa_hbac0-debuginfo-2.5.2-150400.4.17.1 * sssd-ad-debuginfo-2.5.2-150400.4.17.1 * sssd-krb5-debuginfo-2.5.2-150400.4.17.1 * sssd-common-debuginfo-2.5.2-150400.4.17.1 * python3-sssd-config-debuginfo-2.5.2-150400.4.17.1 * sssd-common-2.5.2-150400.4.17.1 * sssd-ldap-debuginfo-2.5.2-150400.4.17.1 * sssd-ldap-2.5.2-150400.4.17.1 * libsss_certmap0-2.5.2-150400.4.17.1 * sssd-proxy-debuginfo-2.5.2-150400.4.17.1 * sssd-kcm-debuginfo-2.5.2-150400.4.17.1 * sssd-ad-2.5.2-150400.4.17.1 * sssd-2.5.2-150400.4.17.1 * sssd-dbus-debuginfo-2.5.2-150400.4.17.1 * libsss_nss_idmap0-debuginfo-2.5.2-150400.4.17.1 * sssd-debugsource-2.5.2-150400.4.17.1 * sssd-krb5-common-debuginfo-2.5.2-150400.4.17.1 * libsss_idmap-devel-2.5.2-150400.4.17.1 * Basesystem Module 15-SP4 (x86_64) * sssd-common-32bit-debuginfo-2.5.2-150400.4.17.1 * sssd-common-32bit-2.5.2-150400.4.17.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * sssd-ipa-debuginfo-2.5.2-150400.4.17.1 * sssd-krb5-common-2.5.2-150400.4.17.1 * python3-sssd-config-2.5.2-150400.4.17.1 * libipa_hbac-devel-2.5.2-150400.4.17.1 * sssd-kcm-2.5.2-150400.4.17.1 * sssd-winbind-idmap-debuginfo-2.5.2-150400.4.17.1 * libsss_certmap0-debuginfo-2.5.2-150400.4.17.1 * python3-sss-murmur-debuginfo-2.5.2-150400.4.17.1 * sssd-winbind-idmap-2.5.2-150400.4.17.1 * libsss_simpleifp-devel-2.5.2-150400.4.17.1 * libipa_hbac0-2.5.2-150400.4.17.1 * sssd-ipa-2.5.2-150400.4.17.1 * sssd-krb5-2.5.2-150400.4.17.1 * sssd-tools-debuginfo-2.5.2-150400.4.17.1 * libsss_idmap0-2.5.2-150400.4.17.1 * libsss_nss_idmap-devel-2.5.2-150400.4.17.1 * python3-sss_nss_idmap-2.5.2-150400.4.17.1 * libsss_certmap-devel-2.5.2-150400.4.17.1 * libsss_idmap0-debuginfo-2.5.2-150400.4.17.1 * libsss_nss_idmap0-2.5.2-150400.4.17.1 * libsss_simpleifp0-2.5.2-150400.4.17.1 * python3-sss-murmur-2.5.2-150400.4.17.1 * sssd-proxy-2.5.2-150400.4.17.1 * libsss_simpleifp0-debuginfo-2.5.2-150400.4.17.1 * sssd-tools-2.5.2-150400.4.17.1 * sssd-dbus-2.5.2-150400.4.17.1 * libipa_hbac0-debuginfo-2.5.2-150400.4.17.1 * sssd-ad-debuginfo-2.5.2-150400.4.17.1 * python3-ipa_hbac-debuginfo-2.5.2-150400.4.17.1 * libnfsidmap-sss-debuginfo-2.5.2-150400.4.17.1 * libnfsidmap-sss-2.5.2-150400.4.17.1 * sssd-krb5-debuginfo-2.5.2-150400.4.17.1 * sssd-common-debuginfo-2.5.2-150400.4.17.1 * python3-sssd-config-debuginfo-2.5.2-150400.4.17.1 * sssd-common-2.5.2-150400.4.17.1 * sssd-ldap-debuginfo-2.5.2-150400.4.17.1 * sssd-ldap-2.5.2-150400.4.17.1 * libsss_certmap0-2.5.2-150400.4.17.1 * sssd-proxy-debuginfo-2.5.2-150400.4.17.1 * sssd-kcm-debuginfo-2.5.2-150400.4.17.1 * sssd-ad-2.5.2-150400.4.17.1 * sssd-2.5.2-150400.4.17.1 * sssd-dbus-debuginfo-2.5.2-150400.4.17.1 * libsss_nss_idmap0-debuginfo-2.5.2-150400.4.17.1 * sssd-debugsource-2.5.2-150400.4.17.1 * sssd-krb5-common-debuginfo-2.5.2-150400.4.17.1 * python3-ipa_hbac-2.5.2-150400.4.17.1 * libsss_idmap-devel-2.5.2-150400.4.17.1 * python3-sss_nss_idmap-debuginfo-2.5.2-150400.4.17.1 * openSUSE Leap 15.4 (x86_64) * sssd-common-32bit-debuginfo-2.5.2-150400.4.17.1 * sssd-common-32bit-2.5.2-150400.4.17.1 * openSUSE Leap 15.4 (aarch64_ilp32) * sssd-common-64bit-2.5.2-150400.4.17.1 * sssd-common-64bit-debuginfo-2.5.2-150400.4.17.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * sssd-krb5-common-2.5.2-150400.4.17.1 * libsss_idmap0-2.5.2-150400.4.17.1 * sssd-2.5.2-150400.4.17.1 * libsss_nss_idmap0-debuginfo-2.5.2-150400.4.17.1 * sssd-common-debuginfo-2.5.2-150400.4.17.1 * libsss_idmap0-debuginfo-2.5.2-150400.4.17.1 * libsss_nss_idmap0-2.5.2-150400.4.17.1 * sssd-ldap-2.5.2-150400.4.17.1 * sssd-common-2.5.2-150400.4.17.1 * sssd-ldap-debuginfo-2.5.2-150400.4.17.1 * libsss_certmap0-debuginfo-2.5.2-150400.4.17.1 * sssd-debugsource-2.5.2-150400.4.17.1 * sssd-krb5-common-debuginfo-2.5.2-150400.4.17.1 * libsss_certmap0-2.5.2-150400.4.17.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * sssd-krb5-common-2.5.2-150400.4.17.1 * libsss_idmap0-2.5.2-150400.4.17.1 * sssd-2.5.2-150400.4.17.1 * libsss_nss_idmap0-debuginfo-2.5.2-150400.4.17.1 * sssd-common-debuginfo-2.5.2-150400.4.17.1 * libsss_idmap0-debuginfo-2.5.2-150400.4.17.1 * libsss_nss_idmap0-2.5.2-150400.4.17.1 * sssd-ldap-2.5.2-150400.4.17.1 * sssd-common-2.5.2-150400.4.17.1 * sssd-ldap-debuginfo-2.5.2-150400.4.17.1 * libsss_certmap0-debuginfo-2.5.2-150400.4.17.1 * sssd-debugsource-2.5.2-150400.4.17.1 * sssd-krb5-common-debuginfo-2.5.2-150400.4.17.1 * libsss_certmap0-2.5.2-150400.4.17.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * sssd-krb5-common-2.5.2-150400.4.17.1 * libsss_idmap0-2.5.2-150400.4.17.1 * sssd-2.5.2-150400.4.17.1 * libsss_nss_idmap0-debuginfo-2.5.2-150400.4.17.1 * sssd-common-debuginfo-2.5.2-150400.4.17.1 * libsss_idmap0-debuginfo-2.5.2-150400.4.17.1 * libsss_nss_idmap0-2.5.2-150400.4.17.1 * sssd-ldap-2.5.2-150400.4.17.1 * sssd-common-2.5.2-150400.4.17.1 * sssd-ldap-debuginfo-2.5.2-150400.4.17.1 * libsss_certmap0-debuginfo-2.5.2-150400.4.17.1 * sssd-debugsource-2.5.2-150400.4.17.1 * sssd-krb5-common-debuginfo-2.5.2-150400.4.17.1 * libsss_certmap0-2.5.2-150400.4.17.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * sssd-krb5-common-2.5.2-150400.4.17.1 * libsss_idmap0-2.5.2-150400.4.17.1 * sssd-2.5.2-150400.4.17.1 * libsss_nss_idmap0-debuginfo-2.5.2-150400.4.17.1 * sssd-common-debuginfo-2.5.2-150400.4.17.1 * libsss_idmap0-debuginfo-2.5.2-150400.4.17.1 * libsss_nss_idmap0-2.5.2-150400.4.17.1 * sssd-ldap-2.5.2-150400.4.17.1 * sssd-common-2.5.2-150400.4.17.1 * sssd-ldap-debuginfo-2.5.2-150400.4.17.1 * libsss_certmap0-debuginfo-2.5.2-150400.4.17.1 * sssd-debugsource-2.5.2-150400.4.17.1 * sssd-krb5-common-debuginfo-2.5.2-150400.4.17.1 * libsss_certmap0-2.5.2-150400.4.17.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * sssd-krb5-common-2.5.2-150400.4.17.1 * libsss_idmap0-2.5.2-150400.4.17.1 * sssd-2.5.2-150400.4.17.1 * libsss_nss_idmap0-debuginfo-2.5.2-150400.4.17.1 * sssd-common-debuginfo-2.5.2-150400.4.17.1 * libsss_idmap0-debuginfo-2.5.2-150400.4.17.1 * libsss_nss_idmap0-2.5.2-150400.4.17.1 * sssd-ldap-2.5.2-150400.4.17.1 * sssd-common-2.5.2-150400.4.17.1 * sssd-ldap-debuginfo-2.5.2-150400.4.17.1 * libsss_certmap0-debuginfo-2.5.2-150400.4.17.1 * sssd-debugsource-2.5.2-150400.4.17.1 * sssd-krb5-common-debuginfo-2.5.2-150400.4.17.1 * libsss_certmap0-2.5.2-150400.4.17.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * sssd-krb5-common-2.5.2-150400.4.17.1 * libsss_idmap0-2.5.2-150400.4.17.1 * sssd-2.5.2-150400.4.17.1 * libsss_nss_idmap0-debuginfo-2.5.2-150400.4.17.1 * sssd-common-debuginfo-2.5.2-150400.4.17.1 * libsss_idmap0-debuginfo-2.5.2-150400.4.17.1 * libsss_nss_idmap0-2.5.2-150400.4.17.1 * sssd-ldap-2.5.2-150400.4.17.1 * sssd-common-2.5.2-150400.4.17.1 * sssd-ldap-debuginfo-2.5.2-150400.4.17.1 * libsss_certmap0-debuginfo-2.5.2-150400.4.17.1 * sssd-debugsource-2.5.2-150400.4.17.1 * sssd-krb5-common-debuginfo-2.5.2-150400.4.17.1 * libsss_certmap0-2.5.2-150400.4.17.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214434 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 24 16:30:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Oct 2023 16:30:35 -0000 Subject: SUSE-RU-2023:4177-1: important: Recommended update for sssd Message-ID: <169816503581.29027.13929958255186425226@smelt2.prg2.suse.org> # Recommended update for sssd Announcement ID: SUSE-RU-2023:4177-1 Rating: important References: * bsc#1214434 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one fix can now be installed. ## Description: This update for sssd fixes the following issues: * LDAP password policy: return failure if there are no grace logins left (bsc#1214434) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4177=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4177=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4177=1 openSUSE-SLE-15.5-2023-4177=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * sssd-2.5.2-150500.10.6.1 * libsss_nss_idmap0-debuginfo-2.5.2-150500.10.6.1 * libsss_certmap0-2.5.2-150500.10.6.1 * libsss_certmap0-debuginfo-2.5.2-150500.10.6.1 * sssd-krb5-common-debuginfo-2.5.2-150500.10.6.1 * sssd-ldap-debuginfo-2.5.2-150500.10.6.1 * sssd-common-2.5.2-150500.10.6.1 * libsss_nss_idmap0-2.5.2-150500.10.6.1 * sssd-common-debuginfo-2.5.2-150500.10.6.1 * sssd-krb5-common-2.5.2-150500.10.6.1 * sssd-ldap-2.5.2-150500.10.6.1 * libsss_idmap0-2.5.2-150500.10.6.1 * sssd-debugsource-2.5.2-150500.10.6.1 * libsss_idmap0-debuginfo-2.5.2-150500.10.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libsss_simpleifp-devel-2.5.2-150500.10.6.1 * libsss_certmap-devel-2.5.2-150500.10.6.1 * sssd-ldap-2.5.2-150500.10.6.1 * python3-sssd-config-2.5.2-150500.10.6.1 * sssd-krb5-debuginfo-2.5.2-150500.10.6.1 * libsss_idmap0-debuginfo-2.5.2-150500.10.6.1 * python3-sssd-config-debuginfo-2.5.2-150500.10.6.1 * libsss_simpleifp0-2.5.2-150500.10.6.1 * sssd-2.5.2-150500.10.6.1 * libsss_nss_idmap0-debuginfo-2.5.2-150500.10.6.1 * sssd-ad-2.5.2-150500.10.6.1 * sssd-tools-debuginfo-2.5.2-150500.10.6.1 * sssd-ldap-debuginfo-2.5.2-150500.10.6.1 * sssd-kcm-debuginfo-2.5.2-150500.10.6.1 * sssd-common-2.5.2-150500.10.6.1 * libipa_hbac0-2.5.2-150500.10.6.1 * sssd-common-debuginfo-2.5.2-150500.10.6.1 * sssd-tools-2.5.2-150500.10.6.1 * sssd-ad-debuginfo-2.5.2-150500.10.6.1 * sssd-krb5-2.5.2-150500.10.6.1 * libsss_simpleifp0-debuginfo-2.5.2-150500.10.6.1 * libipa_hbac0-debuginfo-2.5.2-150500.10.6.1 * libsss_certmap0-2.5.2-150500.10.6.1 * sssd-krb5-common-debuginfo-2.5.2-150500.10.6.1 * sssd-proxy-2.5.2-150500.10.6.1 * libipa_hbac-devel-2.5.2-150500.10.6.1 * libsss_nss_idmap0-2.5.2-150500.10.6.1 * sssd-kcm-2.5.2-150500.10.6.1 * libsss_idmap-devel-2.5.2-150500.10.6.1 * sssd-winbind-idmap-debuginfo-2.5.2-150500.10.6.1 * sssd-ipa-2.5.2-150500.10.6.1 * sssd-dbus-debuginfo-2.5.2-150500.10.6.1 * sssd-ipa-debuginfo-2.5.2-150500.10.6.1 * libsss_certmap0-debuginfo-2.5.2-150500.10.6.1 * sssd-dbus-2.5.2-150500.10.6.1 * sssd-proxy-debuginfo-2.5.2-150500.10.6.1 * sssd-krb5-common-2.5.2-150500.10.6.1 * libsss_idmap0-2.5.2-150500.10.6.1 * sssd-debugsource-2.5.2-150500.10.6.1 * libsss_nss_idmap-devel-2.5.2-150500.10.6.1 * sssd-winbind-idmap-2.5.2-150500.10.6.1 * Basesystem Module 15-SP5 (x86_64) * sssd-common-32bit-2.5.2-150500.10.6.1 * sssd-common-32bit-debuginfo-2.5.2-150500.10.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libnfsidmap-sss-debuginfo-2.5.2-150500.10.6.1 * libsss_simpleifp-devel-2.5.2-150500.10.6.1 * libsss_certmap-devel-2.5.2-150500.10.6.1 * python3-sss-murmur-2.5.2-150500.10.6.1 * sssd-ldap-2.5.2-150500.10.6.1 * python3-sssd-config-2.5.2-150500.10.6.1 * sssd-krb5-debuginfo-2.5.2-150500.10.6.1 * libsss_idmap0-debuginfo-2.5.2-150500.10.6.1 * python3-sssd-config-debuginfo-2.5.2-150500.10.6.1 * libnfsidmap-sss-2.5.2-150500.10.6.1 * libsss_simpleifp0-2.5.2-150500.10.6.1 * sssd-2.5.2-150500.10.6.1 * libsss_nss_idmap0-debuginfo-2.5.2-150500.10.6.1 * sssd-ad-2.5.2-150500.10.6.1 * sssd-tools-debuginfo-2.5.2-150500.10.6.1 * python3-ipa_hbac-debuginfo-2.5.2-150500.10.6.1 * sssd-kcm-debuginfo-2.5.2-150500.10.6.1 * sssd-ldap-debuginfo-2.5.2-150500.10.6.1 * sssd-common-2.5.2-150500.10.6.1 * libipa_hbac0-2.5.2-150500.10.6.1 * sssd-common-debuginfo-2.5.2-150500.10.6.1 * sssd-tools-2.5.2-150500.10.6.1 * sssd-ad-debuginfo-2.5.2-150500.10.6.1 * sssd-krb5-2.5.2-150500.10.6.1 * libsss_simpleifp0-debuginfo-2.5.2-150500.10.6.1 * libipa_hbac0-debuginfo-2.5.2-150500.10.6.1 * python3-sss-murmur-debuginfo-2.5.2-150500.10.6.1 * libsss_certmap0-2.5.2-150500.10.6.1 * sssd-krb5-common-debuginfo-2.5.2-150500.10.6.1 * sssd-proxy-2.5.2-150500.10.6.1 * libipa_hbac-devel-2.5.2-150500.10.6.1 * libsss_nss_idmap0-2.5.2-150500.10.6.1 * sssd-kcm-2.5.2-150500.10.6.1 * libsss_idmap-devel-2.5.2-150500.10.6.1 * sssd-winbind-idmap-debuginfo-2.5.2-150500.10.6.1 * python3-sss_nss_idmap-debuginfo-2.5.2-150500.10.6.1 * sssd-ipa-2.5.2-150500.10.6.1 * python3-sss_nss_idmap-2.5.2-150500.10.6.1 * sssd-dbus-debuginfo-2.5.2-150500.10.6.1 * sssd-ipa-debuginfo-2.5.2-150500.10.6.1 * libsss_certmap0-debuginfo-2.5.2-150500.10.6.1 * python3-ipa_hbac-2.5.2-150500.10.6.1 * sssd-dbus-2.5.2-150500.10.6.1 * sssd-proxy-debuginfo-2.5.2-150500.10.6.1 * sssd-krb5-common-2.5.2-150500.10.6.1 * libsss_idmap0-2.5.2-150500.10.6.1 * sssd-debugsource-2.5.2-150500.10.6.1 * libsss_nss_idmap-devel-2.5.2-150500.10.6.1 * sssd-winbind-idmap-2.5.2-150500.10.6.1 * openSUSE Leap 15.5 (x86_64) * sssd-common-32bit-2.5.2-150500.10.6.1 * sssd-common-32bit-debuginfo-2.5.2-150500.10.6.1 * openSUSE Leap 15.5 (aarch64_ilp32) * sssd-common-64bit-debuginfo-2.5.2-150500.10.6.1 * sssd-common-64bit-2.5.2-150500.10.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214434 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 24 16:30:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Oct 2023 16:30:38 -0000 Subject: SUSE-SU-2023:4176-1: important: Security update for ruby2.5 Message-ID: <169816503846.29027.6174781264484780091@smelt2.prg2.suse.org> # Security update for ruby2.5 Announcement ID: SUSE-SU-2023:4176-1 Rating: important References: * bsc#1193035 * bsc#1205726 * bsc#1209891 * bsc#1209967 Cross-References: * CVE-2021-33621 * CVE-2021-41817 * CVE-2023-28755 * CVE-2023-28756 CVSS scores: * CVE-2021-33621 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2021-33621 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-41817 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2021-41817 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28755 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-28755 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-28756 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28756 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves four vulnerabilities can now be installed. ## Description: This update for ruby2.5 fixes the following issues: * CVE-2023-28755: Fixed a ReDoS vulnerability in URI. (bsc#1209891) * CVE-2023-28756: Fixed an expensive regexp in the RFC2822 time parser. (bsc#1209967) * CVE-2021-41817: Fixed a Regular Expression Denial of Service Vulnerability of Date Parsing Methods. (bsc#1193035) * CVE-2021-33621: Fixed a HTTP response splitting vulnerability in CGI gem. (bsc#1205726) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4176=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4176=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4176=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4176=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4176=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4176=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4176=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4176=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4176=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4176=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4176=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4176=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4176=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4176=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4176=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4176=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4176=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4176=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.29.1 * ruby2.5-devel-2.5.9-150000.4.29.1 * libruby2_5-2_5-2.5.9-150000.4.29.1 * ruby2.5-stdlib-2.5.9-150000.4.29.1 * ruby2.5-doc-2.5.9-150000.4.29.1 * ruby2.5-debuginfo-2.5.9-150000.4.29.1 * ruby2.5-debugsource-2.5.9-150000.4.29.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.29.1 * ruby2.5-2.5.9-150000.4.29.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.29.1 * openSUSE Leap 15.4 (noarch) * ruby2.5-doc-ri-2.5.9-150000.4.29.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.29.1 * ruby2.5-devel-2.5.9-150000.4.29.1 * libruby2_5-2_5-2.5.9-150000.4.29.1 * ruby2.5-stdlib-2.5.9-150000.4.29.1 * ruby2.5-doc-2.5.9-150000.4.29.1 * ruby2.5-debuginfo-2.5.9-150000.4.29.1 * ruby2.5-debugsource-2.5.9-150000.4.29.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.29.1 * ruby2.5-2.5.9-150000.4.29.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.29.1 * openSUSE Leap 15.5 (noarch) * ruby2.5-doc-ri-2.5.9-150000.4.29.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.29.1 * ruby2.5-devel-2.5.9-150000.4.29.1 * libruby2_5-2_5-2.5.9-150000.4.29.1 * ruby2.5-stdlib-2.5.9-150000.4.29.1 * ruby2.5-debuginfo-2.5.9-150000.4.29.1 * ruby2.5-debugsource-2.5.9-150000.4.29.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.29.1 * ruby2.5-2.5.9-150000.4.29.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.29.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.29.1 * ruby2.5-devel-2.5.9-150000.4.29.1 * libruby2_5-2_5-2.5.9-150000.4.29.1 * ruby2.5-stdlib-2.5.9-150000.4.29.1 * ruby2.5-debuginfo-2.5.9-150000.4.29.1 * ruby2.5-debugsource-2.5.9-150000.4.29.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.29.1 * ruby2.5-2.5.9-150000.4.29.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.29.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.29.1 * ruby2.5-devel-2.5.9-150000.4.29.1 * libruby2_5-2_5-2.5.9-150000.4.29.1 * ruby2.5-stdlib-2.5.9-150000.4.29.1 * ruby2.5-debuginfo-2.5.9-150000.4.29.1 * ruby2.5-debugsource-2.5.9-150000.4.29.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.29.1 * ruby2.5-2.5.9-150000.4.29.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.29.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.29.1 * ruby2.5-devel-2.5.9-150000.4.29.1 * libruby2_5-2_5-2.5.9-150000.4.29.1 * ruby2.5-stdlib-2.5.9-150000.4.29.1 * ruby2.5-debuginfo-2.5.9-150000.4.29.1 * ruby2.5-debugsource-2.5.9-150000.4.29.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.29.1 * ruby2.5-2.5.9-150000.4.29.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.29.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.29.1 * ruby2.5-devel-2.5.9-150000.4.29.1 * libruby2_5-2_5-2.5.9-150000.4.29.1 * ruby2.5-stdlib-2.5.9-150000.4.29.1 * ruby2.5-debuginfo-2.5.9-150000.4.29.1 * ruby2.5-debugsource-2.5.9-150000.4.29.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.29.1 * ruby2.5-2.5.9-150000.4.29.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.29.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.29.1 * ruby2.5-devel-2.5.9-150000.4.29.1 * libruby2_5-2_5-2.5.9-150000.4.29.1 * ruby2.5-stdlib-2.5.9-150000.4.29.1 * ruby2.5-debuginfo-2.5.9-150000.4.29.1 * ruby2.5-debugsource-2.5.9-150000.4.29.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.29.1 * ruby2.5-2.5.9-150000.4.29.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.29.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.29.1 * ruby2.5-devel-2.5.9-150000.4.29.1 * libruby2_5-2_5-2.5.9-150000.4.29.1 * ruby2.5-stdlib-2.5.9-150000.4.29.1 * ruby2.5-debuginfo-2.5.9-150000.4.29.1 * ruby2.5-debugsource-2.5.9-150000.4.29.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.29.1 * ruby2.5-2.5.9-150000.4.29.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.29.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.29.1 * ruby2.5-devel-2.5.9-150000.4.29.1 * libruby2_5-2_5-2.5.9-150000.4.29.1 * ruby2.5-stdlib-2.5.9-150000.4.29.1 * ruby2.5-debuginfo-2.5.9-150000.4.29.1 * ruby2.5-debugsource-2.5.9-150000.4.29.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.29.1 * ruby2.5-2.5.9-150000.4.29.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.29.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.29.1 * ruby2.5-devel-2.5.9-150000.4.29.1 * libruby2_5-2_5-2.5.9-150000.4.29.1 * ruby2.5-stdlib-2.5.9-150000.4.29.1 * ruby2.5-debuginfo-2.5.9-150000.4.29.1 * ruby2.5-debugsource-2.5.9-150000.4.29.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.29.1 * ruby2.5-2.5.9-150000.4.29.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.29.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.29.1 * ruby2.5-devel-2.5.9-150000.4.29.1 * libruby2_5-2_5-2.5.9-150000.4.29.1 * ruby2.5-stdlib-2.5.9-150000.4.29.1 * ruby2.5-debuginfo-2.5.9-150000.4.29.1 * ruby2.5-debugsource-2.5.9-150000.4.29.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.29.1 * ruby2.5-2.5.9-150000.4.29.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.29.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.29.1 * ruby2.5-devel-2.5.9-150000.4.29.1 * libruby2_5-2_5-2.5.9-150000.4.29.1 * ruby2.5-stdlib-2.5.9-150000.4.29.1 * ruby2.5-debuginfo-2.5.9-150000.4.29.1 * ruby2.5-debugsource-2.5.9-150000.4.29.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.29.1 * ruby2.5-2.5.9-150000.4.29.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.29.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.29.1 * ruby2.5-devel-2.5.9-150000.4.29.1 * libruby2_5-2_5-2.5.9-150000.4.29.1 * ruby2.5-stdlib-2.5.9-150000.4.29.1 * ruby2.5-debuginfo-2.5.9-150000.4.29.1 * ruby2.5-debugsource-2.5.9-150000.4.29.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.29.1 * ruby2.5-2.5.9-150000.4.29.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.29.1 * SUSE Manager Proxy 4.2 (x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.29.1 * ruby2.5-devel-2.5.9-150000.4.29.1 * libruby2_5-2_5-2.5.9-150000.4.29.1 * ruby2.5-stdlib-2.5.9-150000.4.29.1 * ruby2.5-debuginfo-2.5.9-150000.4.29.1 * ruby2.5-debugsource-2.5.9-150000.4.29.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.29.1 * ruby2.5-2.5.9-150000.4.29.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.29.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.29.1 * ruby2.5-devel-2.5.9-150000.4.29.1 * libruby2_5-2_5-2.5.9-150000.4.29.1 * ruby2.5-stdlib-2.5.9-150000.4.29.1 * ruby2.5-debuginfo-2.5.9-150000.4.29.1 * ruby2.5-debugsource-2.5.9-150000.4.29.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.29.1 * ruby2.5-2.5.9-150000.4.29.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.29.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.29.1 * ruby2.5-devel-2.5.9-150000.4.29.1 * libruby2_5-2_5-2.5.9-150000.4.29.1 * ruby2.5-stdlib-2.5.9-150000.4.29.1 * ruby2.5-debuginfo-2.5.9-150000.4.29.1 * ruby2.5-debugsource-2.5.9-150000.4.29.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.29.1 * ruby2.5-2.5.9-150000.4.29.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.29.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.29.1 * ruby2.5-devel-2.5.9-150000.4.29.1 * libruby2_5-2_5-2.5.9-150000.4.29.1 * ruby2.5-stdlib-2.5.9-150000.4.29.1 * ruby2.5-debuginfo-2.5.9-150000.4.29.1 * ruby2.5-debugsource-2.5.9-150000.4.29.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.29.1 * ruby2.5-2.5.9-150000.4.29.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.29.1 * SUSE CaaS Platform 4.0 (x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.29.1 * ruby2.5-devel-2.5.9-150000.4.29.1 * libruby2_5-2_5-2.5.9-150000.4.29.1 * ruby2.5-stdlib-2.5.9-150000.4.29.1 * ruby2.5-debuginfo-2.5.9-150000.4.29.1 * ruby2.5-debugsource-2.5.9-150000.4.29.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.29.1 * ruby2.5-2.5.9-150000.4.29.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.29.1 ## References: * https://www.suse.com/security/cve/CVE-2021-33621.html * https://www.suse.com/security/cve/CVE-2021-41817.html * https://www.suse.com/security/cve/CVE-2023-28755.html * https://www.suse.com/security/cve/CVE-2023-28756.html * https://bugzilla.suse.com/show_bug.cgi?id=1193035 * https://bugzilla.suse.com/show_bug.cgi?id=1205726 * https://bugzilla.suse.com/show_bug.cgi?id=1209891 * https://bugzilla.suse.com/show_bug.cgi?id=1209967 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 25 07:01:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Oct 2023 09:01:55 +0200 (CEST) Subject: SUSE-CU-2023:3540-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20231025070155.063F5F417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3540-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.241 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.241 Severity : moderate Type : recommended References : 1107342 1215215 1215434 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4122-1 Released: Thu Oct 19 08:24:34 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - glibc-2.31-150300.63.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.57.1 updated - libopenssl1_1-1.1.1l-150400.7.57.1 updated - libsystemd0-249.16-150400.8.35.5 updated - libudev1-249.16-150400.8.35.5 updated - openssl-1_1-1.1.1l-150400.7.57.1 updated - rpm-ndb-4.14.3-150400.59.3.1 updated - container:sles15-image-15.0.0-27.14.111 updated From sle-updates at lists.suse.com Wed Oct 25 07:02:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Oct 2023 09:02:04 +0200 (CEST) Subject: SUSE-CU-2023:3541-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20231025070204.D7F83F417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3541-1 Container Tags : suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.83 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.83 Severity : moderate Type : recommended References : 1107342 1215215 1215434 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4105-1 Released: Wed Oct 18 08:15:40 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - glibc-2.31-150300.63.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.19.1 updated - libopenssl1_1-1.1.1l-150500.17.19.1 updated - libsystemd0-249.16-150400.8.35.5 updated - libudev1-249.16-150400.8.35.5 updated - openssl-1_1-1.1.1l-150500.17.19.1 updated - container:sles15-image-15.0.0-36.5.47 updated From sle-updates at lists.suse.com Wed Oct 25 07:02:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Oct 2023 09:02:34 +0200 (CEST) Subject: SUSE-CU-2023:3542-1: Security update of bci/openjdk Message-ID: <20231025070234.B28DAF417@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3542-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-11.23 Container Release : 11.23 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 CVE-2023-4039 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - container:sles15-image-15.0.0-36.5.48 updated From sle-updates at lists.suse.com Wed Oct 25 08:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Oct 2023 08:30:02 -0000 Subject: SUSE-RU-2023:4191-1: moderate: Recommended update for yast2-iscsi-client Message-ID: <169822260269.18846.13304943561209414153@smelt2.prg2.suse.org> # Recommended update for yast2-iscsi-client Announcement ID: SUSE-RU-2023:4191-1 Rating: moderate References: * bsc#1214273 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one fix can now be installed. ## Description: This update for yast2-iscsi-client fixes the following issues: * Fix ruby error during the launch of yast iSCSI initiator setup (bsc#1214273) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4191=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4191=1 openSUSE-SLE-15.5-2023-4191=1 ## Package List: * Basesystem Module 15-SP5 (noarch) * yast2-iscsi-client-4.5.8-150500.3.3.1 * openSUSE Leap 15.5 (noarch) * yast2-iscsi-client-4.5.8-150500.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214273 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 25 08:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Oct 2023 08:30:06 -0000 Subject: SUSE-SU-2023:4190-1: important: Security update for openssl-3 Message-ID: <169822260669.18846.1006092588201752609@smelt2.prg2.suse.org> # Security update for openssl-3 Announcement ID: SUSE-SU-2023:4190-1 Rating: important References: * bsc#1213853 * bsc#1216163 Cross-References: * CVE-2023-3817 * CVE-2023-5363 CVSS scores: * CVE-2023-3817 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-3817 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-5363 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for openssl-3 fixes the following issues: * CVE-2023-5363: Incorrect cipher key and IV length processing. (bsc#1216163) * CVE-2023-3817: Add test of DH_check() with q = p + 1. (bsc#1213853) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4190=1 openSUSE-SLE-15.5-2023-4190=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4190=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libopenssl3-3.0.8-150500.5.14.1 * openssl-3-debugsource-3.0.8-150500.5.14.1 * openssl-3-debuginfo-3.0.8-150500.5.14.1 * openssl-3-3.0.8-150500.5.14.1 * libopenssl-3-devel-3.0.8-150500.5.14.1 * libopenssl3-debuginfo-3.0.8-150500.5.14.1 * openSUSE Leap 15.5 (x86_64) * libopenssl3-32bit-3.0.8-150500.5.14.1 * libopenssl-3-devel-32bit-3.0.8-150500.5.14.1 * libopenssl3-32bit-debuginfo-3.0.8-150500.5.14.1 * openSUSE Leap 15.5 (noarch) * openssl-3-doc-3.0.8-150500.5.14.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libopenssl3-64bit-debuginfo-3.0.8-150500.5.14.1 * libopenssl-3-devel-64bit-3.0.8-150500.5.14.1 * libopenssl3-64bit-3.0.8-150500.5.14.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libopenssl3-3.0.8-150500.5.14.1 * openssl-3-debugsource-3.0.8-150500.5.14.1 * openssl-3-debuginfo-3.0.8-150500.5.14.1 * openssl-3-3.0.8-150500.5.14.1 * libopenssl-3-devel-3.0.8-150500.5.14.1 * libopenssl3-debuginfo-3.0.8-150500.5.14.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3817.html * https://www.suse.com/security/cve/CVE-2023-5363.html * https://bugzilla.suse.com/show_bug.cgi?id=1213853 * https://bugzilla.suse.com/show_bug.cgi?id=1216163 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 25 08:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Oct 2023 08:30:09 -0000 Subject: SUSE-SU-2023:4189-1: important: Security update for openssl-3 Message-ID: <169822260922.18846.6824164727748372671@smelt2.prg2.suse.org> # Security update for openssl-3 Announcement ID: SUSE-SU-2023:4189-1 Rating: important References: * bsc#1213853 * bsc#1216163 Cross-References: * CVE-2023-3817 * CVE-2023-5363 CVSS scores: * CVE-2023-3817 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-3817 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-5363 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for openssl-3 fixes the following issues: * CVE-2023-5363: Incorrect cipher key and IV length processing. (bsc#1216163) * CVE-2023-3817: Add test of DH_check() with q = p + 1. (bsc#1213853) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4189=1 openSUSE-SLE-15.4-2023-4189=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4189=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4189=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4189=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4189=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4189=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4189=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4189=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * openssl-3-3.0.8-150400.4.37.1 * libopenssl-3-devel-3.0.8-150400.4.37.1 * openssl-3-debugsource-3.0.8-150400.4.37.1 * libopenssl3-debuginfo-3.0.8-150400.4.37.1 * libopenssl3-3.0.8-150400.4.37.1 * openssl-3-debuginfo-3.0.8-150400.4.37.1 * openSUSE Leap 15.4 (x86_64) * libopenssl3-32bit-debuginfo-3.0.8-150400.4.37.1 * libopenssl3-32bit-3.0.8-150400.4.37.1 * libopenssl-3-devel-32bit-3.0.8-150400.4.37.1 * openSUSE Leap 15.4 (noarch) * openssl-3-doc-3.0.8-150400.4.37.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libopenssl-3-devel-64bit-3.0.8-150400.4.37.1 * libopenssl3-64bit-3.0.8-150400.4.37.1 * libopenssl3-64bit-debuginfo-3.0.8-150400.4.37.1 * openSUSE Leap Micro 5.3 (aarch64 ppc64le s390x x86_64) * libopenssl3-debuginfo-3.0.8-150400.4.37.1 * libopenssl3-3.0.8-150400.4.37.1 * openssl-3-debugsource-3.0.8-150400.4.37.1 * openSUSE Leap Micro 5.4 (aarch64 ppc64le s390x x86_64) * libopenssl3-debuginfo-3.0.8-150400.4.37.1 * libopenssl3-3.0.8-150400.4.37.1 * openssl-3-debugsource-3.0.8-150400.4.37.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libopenssl3-debuginfo-3.0.8-150400.4.37.1 * libopenssl3-3.0.8-150400.4.37.1 * openssl-3-debugsource-3.0.8-150400.4.37.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libopenssl3-debuginfo-3.0.8-150400.4.37.1 * libopenssl3-3.0.8-150400.4.37.1 * openssl-3-debugsource-3.0.8-150400.4.37.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libopenssl3-debuginfo-3.0.8-150400.4.37.1 * libopenssl3-3.0.8-150400.4.37.1 * openssl-3-debugsource-3.0.8-150400.4.37.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libopenssl3-debuginfo-3.0.8-150400.4.37.1 * libopenssl3-3.0.8-150400.4.37.1 * openssl-3-debugsource-3.0.8-150400.4.37.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * openssl-3-3.0.8-150400.4.37.1 * libopenssl-3-devel-3.0.8-150400.4.37.1 * openssl-3-debugsource-3.0.8-150400.4.37.1 * libopenssl3-debuginfo-3.0.8-150400.4.37.1 * libopenssl3-3.0.8-150400.4.37.1 * openssl-3-debuginfo-3.0.8-150400.4.37.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3817.html * https://www.suse.com/security/cve/CVE-2023-5363.html * https://bugzilla.suse.com/show_bug.cgi?id=1213853 * https://bugzilla.suse.com/show_bug.cgi?id=1216163 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Oct 25 11:29:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Oct 2023 13:29:54 +0200 (CEST) Subject: SUSE-CU-2023:3544-1: Security update of suse/git Message-ID: <20231025112954.B18B6F417@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3544-1 Container Tags : suse/git:2.35 , suse/git:2.35-4.10 , suse/git:latest Container Release : 4.10 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215215 1215286 1215891 CVE-2023-4039 CVE-2023-4813 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4105-1 Released: Wed Oct 18 08:15:40 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - glibc-2.31-150300.63.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libopenssl1_1-1.1.1l-150500.17.19.1 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - container:micro-image-15.5.0-12.3 updated From sle-updates at lists.suse.com Wed Oct 25 11:29:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Oct 2023 13:29:51 +0200 (CEST) Subject: SUSE-CU-2023:3543-1: Security update of suse/registry Message-ID: <20231025112951.0BF42F417@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3543-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-15.9 , suse/registry:latest Container Release : 15.9 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215215 1215286 1215891 CVE-2023-4039 CVE-2023-4813 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4105-1 Released: Wed Oct 18 08:15:40 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - glibc-2.31-150300.63.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libopenssl1_1-1.1.1l-150500.17.19.1 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - openssl-1_1-1.1.1l-150500.17.19.1 updated - container:micro-image-15.5.0-12.3 updated From sle-updates at lists.suse.com Wed Oct 25 11:30:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Oct 2023 13:30:00 +0200 (CEST) Subject: SUSE-CU-2023:3545-1: Security update of bci/golang Message-ID: <20231025113000.0D001F417@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3545-1 Container Tags : bci/golang:1.19-openssl , bci/golang:1.19-openssl-7.24 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-7.24 Container Release : 7.24 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 CVE-2023-4039 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libatomic1-13.2.1+git7813-150000.1.3.3 updated - libgomp1-13.2.1+git7813-150000.1.3.3 updated - libitm1-13.2.1+git7813-150000.1.3.3 updated - liblsan0-13.2.1+git7813-150000.1.3.3 updated - container:sles15-image-15.0.0-36.5.48 updated From sle-updates at lists.suse.com Wed Oct 25 11:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Oct 2023 13:30:02 +0200 (CEST) Subject: SUSE-CU-2023:3546-1: Security update of suse/helm Message-ID: <20231025113002.D7AC6F417@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3546-1 Container Tags : suse/helm:3.13 , suse/helm:3.13-3.9 , suse/helm:latest Container Release : 3.9 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 CVE-2023-4039 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - container:micro-image-15.5.0-12.3 updated From sle-updates at lists.suse.com Wed Oct 25 11:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Oct 2023 13:30:09 +0200 (CEST) Subject: SUSE-CU-2023:3547-1: Security update of suse/nginx Message-ID: <20231025113009.72356F417@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3547-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-5.20 , suse/nginx:latest Container Release : 5.20 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 CVE-2023-4039 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - container:sles15-image-15.0.0-36.5.48 updated From sle-updates at lists.suse.com Wed Oct 25 11:30:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Oct 2023 13:30:25 +0200 (CEST) Subject: SUSE-CU-2023:3548-1: Security update of bci/nodejs Message-ID: <20231025113025.574C8F417@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3548-1 Container Tags : bci/node:18 , bci/node:18-11.22 , bci/node:latest , bci/nodejs:18 , bci/nodejs:18-11.22 , bci/nodejs:latest Container Release : 11.22 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 CVE-2023-4039 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - container:sles15-image-15.0.0-36.5.48 updated From sle-updates at lists.suse.com Wed Oct 25 11:30:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Oct 2023 13:30:57 +0200 (CEST) Subject: SUSE-CU-2023:3549-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20231025113057.CC7C6F417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3549-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.480 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.480 Severity : important Type : security References : 1107342 1205767 1207853 1210335 1215434 CVE-2023-1829 CVE-2023-23559 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4158-1 Released: Mon Oct 23 09:52:06 2023 Summary: Security update for suse-module-tools Type: security Severity: important References: 1205767,1207853,1210335,CVE-2023-1829,CVE-2023-23559 This update for suse-module-tools fixes the following issues: - Updated to version 15.3.17: - CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier module (bsc#1210335). - CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules (bsc#1205767, jsc#PED-5731). - Updated to version 15.3.16: - Fixed a build issue for s390x (bsc#1207853). The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - glibc-2.31-150300.63.1 updated - suse-module-tools-15.3.17-150300.3.22.1 updated - container:sles15-image-15.0.0-17.20.199 updated From sle-updates at lists.suse.com Wed Oct 25 11:31:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Oct 2023 13:31:24 +0200 (CEST) Subject: SUSE-CU-2023:3550-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20231025113124.F3320F417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3550-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.302 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.302 Severity : important Type : security References : 1107342 1205767 1207853 1210335 1215434 CVE-2023-1829 CVE-2023-23559 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4158-1 Released: Mon Oct 23 09:52:06 2023 Summary: Security update for suse-module-tools Type: security Severity: important References: 1205767,1207853,1210335,CVE-2023-1829,CVE-2023-23559 This update for suse-module-tools fixes the following issues: - Updated to version 15.3.17: - CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier module (bsc#1210335). - CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules (bsc#1205767, jsc#PED-5731). - Updated to version 15.3.16: - Fixed a build issue for s390x (bsc#1207853). The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - glibc-2.31-150300.63.1 updated - suse-module-tools-15.3.17-150300.3.22.1 updated - container:sles15-image-15.0.0-17.20.199 updated From sle-updates at lists.suse.com Thu Oct 26 08:40:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Oct 2023 08:40:01 -0000 Subject: SUSE-SU-2023:4204-1: important: Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP5) Message-ID: <169830960189.4322.8496355425503264289@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP5) Announcement ID: SUSE-SU-2023:4204-1 Rating: important References: * bsc#1215440 Cross-References: * CVE-2023-4623 CVSS scores: * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_136 fixes one issue. The following security issue was fixed: * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215440). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-4204=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_136-default-12-2.3 ## References: * https://www.suse.com/security/cve/CVE-2023-4623.html * https://bugzilla.suse.com/show_bug.cgi?id=1215440 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 26 08:40:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Oct 2023 08:40:04 -0000 Subject: SUSE-RU-2023:4206-1: important: Recommended update for openslp Message-ID: <169830960424.4322.8258671701101996738@smelt2.prg2.suse.org> # Recommended update for openslp Announcement ID: SUSE-RU-2023:4206-1 Rating: important References: * bsc#1206153 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that has one fix can now be installed. ## Description: This update for openslp fixes the following issues: * Use systemctl reload for logrotate configuration (bsc#1206153) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4206=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4206=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4206=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4206=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * openslp-debuginfo-2.0.0-24.5.2 * openslp-devel-2.0.0-24.5.2 * openslp-debugsource-2.0.0-24.5.2 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * openslp-debugsource-2.0.0-24.5.2 * openslp-2.0.0-24.5.2 * openslp-server-2.0.0-24.5.2 * openslp-debuginfo-2.0.0-24.5.2 * openslp-server-debuginfo-2.0.0-24.5.2 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * openslp-32bit-2.0.0-24.5.2 * openslp-debuginfo-32bit-2.0.0-24.5.2 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * openslp-debugsource-2.0.0-24.5.2 * openslp-2.0.0-24.5.2 * openslp-server-2.0.0-24.5.2 * openslp-debuginfo-2.0.0-24.5.2 * openslp-server-debuginfo-2.0.0-24.5.2 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * openslp-32bit-2.0.0-24.5.2 * openslp-debuginfo-32bit-2.0.0-24.5.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * openslp-debugsource-2.0.0-24.5.2 * openslp-2.0.0-24.5.2 * openslp-server-2.0.0-24.5.2 * openslp-debuginfo-2.0.0-24.5.2 * openslp-server-debuginfo-2.0.0-24.5.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * openslp-32bit-2.0.0-24.5.2 * openslp-debuginfo-32bit-2.0.0-24.5.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206153 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 26 08:40:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Oct 2023 08:40:06 -0000 Subject: SUSE-RU-2023:4205-1: moderate: Recommended update for patterns-sles Message-ID: <169830960607.4322.10547466729277024391@smelt2.prg2.suse.org> # Recommended update for patterns-sles Announcement ID: SUSE-RU-2023:4205-1 Rating: moderate References: * bsc#1215533 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one fix can now be installed. ## Description: This update for patterns-sles fixes the following issues: * Require kmod-compat rather than kmod. It's kmod-compat that has the tools used by the kernel and scripts (bsc#1215533). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4205=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4205=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4205=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * patterns-sles-printing-12-12.12.1 * patterns-sles-Basis-Devel-12-12.12.1 * patterns-sles-WBEM-12-12.12.1 * patterns-sles-mail_server-12-12.12.1 * patterns-sles-kvm_tools-12-12.12.1 * patterns-sles-base-12-12.12.1 * patterns-sles-gateway_server-12-12.12.1 * patterns-sles-lamp_server-12-12.12.1 * patterns-sles-dhcp_dns_server-12-12.12.1 * patterns-sles-x11-12-12.12.1 * patterns-sles-Minimal-12-12.12.1 * patterns-sles-directory_server-12-12.12.1 * patterns-sles-file_server-12-12.12.1 * patterns-sles-yast2-12-12.12.1 * patterns-sles-kvm_server-12-12.12.1 * patterns-sles-ofed-12-12.12.1 * patterns-sles-apparmor-12-12.12.1 * patterns-sles-documentation-12-12.12.1 * patterns-sles-fips-12-12.12.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * patterns-sles-fips-32bit-12-12.12.1 * patterns-sles-yast2-32bit-12-12.12.1 * patterns-sles-xen_server-12-12.12.1 * patterns-sles-directory_server-32bit-12-12.12.1 * patterns-sles-oracle_server-32bit-12-12.12.1 * patterns-sles-apparmor-32bit-12-12.12.1 * patterns-sles-xen_tools-12-12.12.1 * patterns-sles-sap_server-32bit-12-12.12.1 * patterns-sles-mail_server-32bit-12-12.12.1 * patterns-sles-x11-32bit-12-12.12.1 * patterns-sles-laptop-32bit-12-12.12.1 * patterns-sles-32bit-12-12.12.1 * patterns-sles-file_server-32bit-12-12.12.1 * patterns-sles-WBEM-32bit-12-12.12.1 * patterns-sles-Basis-Devel-32bit-12-12.12.1 * patterns-sles-printing-32bit-12-12.12.1 * patterns-sles-oracle_server-12-12.12.1 * patterns-sles-ofed-32bit-12-12.12.1 * patterns-sles-Minimal-32bit-12-12.12.1 * patterns-sles-dhcp_dns_server-32bit-12-12.12.1 * patterns-sles-xen_tools-32bit-12-12.12.1 * patterns-sles-kvm_tools-32bit-12-12.12.1 * patterns-sles-gateway_server-32bit-12-12.12.1 * patterns-sles-kvm_server-32bit-12-12.12.1 * patterns-sles-documentation-32bit-12-12.12.1 * patterns-sles-sap_server-12-12.12.1 * patterns-sles-base-32bit-12-12.12.1 * patterns-sles-lamp_server-32bit-12-12.12.1 * patterns-sles-xen_server-32bit-12-12.12.1 * patterns-sles-laptop-12-12.12.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * patterns-sles-printing-12-12.12.1 * patterns-sles-Basis-Devel-12-12.12.1 * patterns-sles-WBEM-12-12.12.1 * patterns-sles-mail_server-12-12.12.1 * patterns-sles-base-12-12.12.1 * patterns-sles-gateway_server-12-12.12.1 * patterns-sles-lamp_server-12-12.12.1 * patterns-sles-dhcp_dns_server-12-12.12.1 * patterns-sles-x11-12-12.12.1 * patterns-sles-Minimal-12-12.12.1 * patterns-sles-directory_server-12-12.12.1 * patterns-sles-file_server-12-12.12.1 * patterns-sles-yast2-12-12.12.1 * patterns-sles-ofed-12-12.12.1 * patterns-sles-apparmor-12-12.12.1 * patterns-sles-documentation-12-12.12.1 * patterns-sles-fips-12-12.12.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 s390x x86_64) * patterns-sles-kvm_server-12-12.12.1 * patterns-sles-kvm_tools-12-12.12.1 * SUSE Linux Enterprise Server 12 SP5 (ppc64le s390x x86_64) * patterns-sles-sap_server-12-12.12.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * patterns-sles-fips-32bit-12-12.12.1 * patterns-sles-directory_server-32bit-12-12.12.1 * patterns-sles-oracle_server-32bit-12-12.12.1 * patterns-sles-apparmor-32bit-12-12.12.1 * patterns-sles-sap_server-32bit-12-12.12.1 * patterns-sles-mail_server-32bit-12-12.12.1 * patterns-sles-x11-32bit-12-12.12.1 * patterns-sles-laptop-32bit-12-12.12.1 * patterns-sles-32bit-12-12.12.1 * patterns-sles-file_server-32bit-12-12.12.1 * patterns-sles-WBEM-32bit-12-12.12.1 * patterns-sles-Basis-Devel-32bit-12-12.12.1 * patterns-sles-printing-32bit-12-12.12.1 * patterns-sles-oracle_server-12-12.12.1 * patterns-sles-ofed-32bit-12-12.12.1 * patterns-sles-Minimal-32bit-12-12.12.1 * patterns-sles-dhcp_dns_server-32bit-12-12.12.1 * patterns-sles-kvm_tools-32bit-12-12.12.1 * patterns-sles-gateway_server-32bit-12-12.12.1 * patterns-sles-kvm_server-32bit-12-12.12.1 * patterns-sles-documentation-32bit-12-12.12.1 * patterns-sles-base-32bit-12-12.12.1 * patterns-sles-lamp_server-32bit-12-12.12.1 * SUSE Linux Enterprise Server 12 SP5 (s390x) * patterns-sles-hwcrypto-32bit-12-12.12.1 * patterns-sles-hwcrypto-12-12.12.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * patterns-sles-yast2-32bit-12-12.12.1 * patterns-sles-xen_server-12-12.12.1 * patterns-sles-xen_tools-12-12.12.1 * patterns-sles-xen_tools-32bit-12-12.12.1 * patterns-sles-xen_server-32bit-12-12.12.1 * patterns-sles-laptop-12-12.12.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * patterns-sles-printing-12-12.12.1 * patterns-sles-Basis-Devel-12-12.12.1 * patterns-sles-WBEM-12-12.12.1 * patterns-sles-mail_server-12-12.12.1 * patterns-sles-base-12-12.12.1 * patterns-sles-gateway_server-12-12.12.1 * patterns-sles-lamp_server-12-12.12.1 * patterns-sles-dhcp_dns_server-12-12.12.1 * patterns-sles-sap_server-12-12.12.1 * patterns-sles-x11-12-12.12.1 * patterns-sles-Minimal-12-12.12.1 * patterns-sles-directory_server-12-12.12.1 * patterns-sles-file_server-12-12.12.1 * patterns-sles-yast2-12-12.12.1 * patterns-sles-ofed-12-12.12.1 * patterns-sles-apparmor-12-12.12.1 * patterns-sles-documentation-12-12.12.1 * patterns-sles-fips-12-12.12.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * patterns-sles-fips-32bit-12-12.12.1 * patterns-sles-yast2-32bit-12-12.12.1 * patterns-sles-xen_server-12-12.12.1 * patterns-sles-directory_server-32bit-12-12.12.1 * patterns-sles-oracle_server-32bit-12-12.12.1 * patterns-sles-apparmor-32bit-12-12.12.1 * patterns-sles-xen_tools-12-12.12.1 * patterns-sles-sap_server-32bit-12-12.12.1 * patterns-sles-mail_server-32bit-12-12.12.1 * patterns-sles-x11-32bit-12-12.12.1 * patterns-sles-kvm_server-12-12.12.1 * patterns-sles-laptop-32bit-12-12.12.1 * patterns-sles-32bit-12-12.12.1 * patterns-sles-file_server-32bit-12-12.12.1 * patterns-sles-WBEM-32bit-12-12.12.1 * patterns-sles-Basis-Devel-32bit-12-12.12.1 * patterns-sles-printing-32bit-12-12.12.1 * patterns-sles-oracle_server-12-12.12.1 * patterns-sles-ofed-32bit-12-12.12.1 * patterns-sles-Minimal-32bit-12-12.12.1 * patterns-sles-dhcp_dns_server-32bit-12-12.12.1 * patterns-sles-xen_tools-32bit-12-12.12.1 * patterns-sles-kvm_tools-32bit-12-12.12.1 * patterns-sles-gateway_server-32bit-12-12.12.1 * patterns-sles-kvm_server-32bit-12-12.12.1 * patterns-sles-documentation-32bit-12-12.12.1 * patterns-sles-kvm_tools-12-12.12.1 * patterns-sles-base-32bit-12-12.12.1 * patterns-sles-lamp_server-32bit-12-12.12.1 * patterns-sles-xen_server-32bit-12-12.12.1 * patterns-sles-laptop-12-12.12.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215533 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 26 08:40:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Oct 2023 08:40:08 -0000 Subject: SUSE-SU-2023:4201-1: important: Security update for the Linux Kernel RT (Live Patch 3 for SLE 15 SP4) Message-ID: <169830960802.4322.6671778366334295732@smelt2.prg2.suse.org> # Security update for the Linux Kernel RT (Live Patch 3 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:4201-1 Rating: important References: * bsc#1212934 * bsc#1214812 * bsc#1215118 * bsc#1215440 Cross-References: * CVE-2023-3390 * CVE-2023-4004 * CVE-2023-4147 * CVE-2023-4623 CVSS scores: * CVE-2023-3390 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3390 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4004 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4147 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4147 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_15_11 fixes several issues. The following security issues were fixed: * CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1215118). * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215440). * CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1214812). * CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212934). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4201=1 SUSE-SLE- Module-Live-Patching-15-SP4-2023-4202=1 SUSE-SLE-Module-Live- Patching-15-SP4-2023-4203=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * kernel-livepatch-SLE15-SP4-RT_Update_2-debugsource-10-150400.2.3 * kernel-livepatch-5_14_21-150400_15_11-rt-9-150400.2.3 * kernel-livepatch-SLE15-SP4-RT_Update_3-debugsource-9-150400.2.3 * kernel-livepatch-5_14_21-150400_15_5-rt-11-150400.2.3 * kernel-livepatch-5_14_21-150400_15_5-rt-debuginfo-11-150400.2.3 * kernel-livepatch-5_14_21-150400_15_8-rt-debuginfo-10-150400.2.3 * kernel-livepatch-5_14_21-150400_15_8-rt-10-150400.2.3 * kernel-livepatch-SLE15-SP4-RT_Update_1-debugsource-11-150400.2.3 * kernel-livepatch-5_14_21-150400_15_11-rt-debuginfo-9-150400.2.3 ## References: * https://www.suse.com/security/cve/CVE-2023-3390.html * https://www.suse.com/security/cve/CVE-2023-4004.html * https://www.suse.com/security/cve/CVE-2023-4147.html * https://www.suse.com/security/cve/CVE-2023-4623.html * https://bugzilla.suse.com/show_bug.cgi?id=1212934 * https://bugzilla.suse.com/show_bug.cgi?id=1214812 * https://bugzilla.suse.com/show_bug.cgi?id=1215118 * https://bugzilla.suse.com/show_bug.cgi?id=1215440 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 26 08:40:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Oct 2023 08:40:10 -0000 Subject: SUSE-SU-2023:4200-1: important: Security update for nghttp2 Message-ID: <169830961035.4322.4540049410887183875@smelt2.prg2.suse.org> # Security update for nghttp2 Announcement ID: SUSE-SU-2023:4200-1 Rating: important References: * bsc#1216123 * bsc#1216174 Cross-References: * CVE-2023-44487 CVSS scores: * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for nghttp2 fixes the following issues: * CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4200=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4200=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4200=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4200=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4200=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4200=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4200=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4200=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4200=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4200=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4200=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4200=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4200=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4200=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4200=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4200=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4200=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4200=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4200=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4200=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4200=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4200=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4200=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4200=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4200=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libnghttp2-14-1.40.0-150200.12.1 * libnghttp2-14-debuginfo-1.40.0-150200.12.1 * nghttp2-debugsource-1.40.0-150200.12.1 * nghttp2-debuginfo-1.40.0-150200.12.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libnghttp2-14-1.40.0-150200.12.1 * libnghttp2-14-debuginfo-1.40.0-150200.12.1 * nghttp2-debugsource-1.40.0-150200.12.1 * nghttp2-debuginfo-1.40.0-150200.12.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * nghttp2-debugsource-1.40.0-150200.12.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.12.1 * libnghttp2_asio-devel-1.40.0-150200.12.1 * libnghttp2-14-debuginfo-1.40.0-150200.12.1 * nghttp2-python-debugsource-1.40.0-150200.12.1 * libnghttp2_asio1-1.40.0-150200.12.1 * python3-nghttp2-1.40.0-150200.12.1 * python3-nghttp2-debuginfo-1.40.0-150200.12.1 * libnghttp2-14-1.40.0-150200.12.1 * libnghttp2-devel-1.40.0-150200.12.1 * nghttp2-1.40.0-150200.12.1 * nghttp2-debuginfo-1.40.0-150200.12.1 * openSUSE Leap 15.4 (x86_64) * libnghttp2_asio1-32bit-1.40.0-150200.12.1 * libnghttp2-14-32bit-debuginfo-1.40.0-150200.12.1 * libnghttp2_asio1-32bit-debuginfo-1.40.0-150200.12.1 * libnghttp2-14-32bit-1.40.0-150200.12.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * nghttp2-debugsource-1.40.0-150200.12.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.12.1 * libnghttp2_asio-devel-1.40.0-150200.12.1 * libnghttp2-14-debuginfo-1.40.0-150200.12.1 * nghttp2-python-debugsource-1.40.0-150200.12.1 * libnghttp2_asio1-1.40.0-150200.12.1 * python3-nghttp2-1.40.0-150200.12.1 * python3-nghttp2-debuginfo-1.40.0-150200.12.1 * libnghttp2-14-1.40.0-150200.12.1 * libnghttp2-devel-1.40.0-150200.12.1 * nghttp2-1.40.0-150200.12.1 * nghttp2-debuginfo-1.40.0-150200.12.1 * openSUSE Leap 15.5 (x86_64) * libnghttp2_asio1-32bit-1.40.0-150200.12.1 * libnghttp2-14-32bit-debuginfo-1.40.0-150200.12.1 * libnghttp2_asio1-32bit-debuginfo-1.40.0-150200.12.1 * libnghttp2-14-32bit-1.40.0-150200.12.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libnghttp2-14-1.40.0-150200.12.1 * libnghttp2-14-debuginfo-1.40.0-150200.12.1 * nghttp2-debugsource-1.40.0-150200.12.1 * nghttp2-debuginfo-1.40.0-150200.12.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libnghttp2-14-1.40.0-150200.12.1 * libnghttp2-14-debuginfo-1.40.0-150200.12.1 * nghttp2-debugsource-1.40.0-150200.12.1 * nghttp2-debuginfo-1.40.0-150200.12.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libnghttp2-14-1.40.0-150200.12.1 * libnghttp2-14-debuginfo-1.40.0-150200.12.1 * nghttp2-debugsource-1.40.0-150200.12.1 * nghttp2-debuginfo-1.40.0-150200.12.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libnghttp2-14-1.40.0-150200.12.1 * libnghttp2-14-debuginfo-1.40.0-150200.12.1 * nghttp2-debugsource-1.40.0-150200.12.1 * nghttp2-debuginfo-1.40.0-150200.12.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * libnghttp2-14-1.40.0-150200.12.1 * libnghttp2-14-debuginfo-1.40.0-150200.12.1 * nghttp2-debugsource-1.40.0-150200.12.1 * nghttp2-debuginfo-1.40.0-150200.12.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * nghttp2-debugsource-1.40.0-150200.12.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.12.1 * libnghttp2_asio-devel-1.40.0-150200.12.1 * libnghttp2-14-debuginfo-1.40.0-150200.12.1 * libnghttp2_asio1-1.40.0-150200.12.1 * libnghttp2-14-1.40.0-150200.12.1 * libnghttp2-devel-1.40.0-150200.12.1 * nghttp2-debuginfo-1.40.0-150200.12.1 * Basesystem Module 15-SP4 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.12.1 * libnghttp2-14-32bit-1.40.0-150200.12.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * nghttp2-debugsource-1.40.0-150200.12.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.12.1 * libnghttp2_asio-devel-1.40.0-150200.12.1 * libnghttp2-14-debuginfo-1.40.0-150200.12.1 * libnghttp2_asio1-1.40.0-150200.12.1 * libnghttp2-14-1.40.0-150200.12.1 * libnghttp2-devel-1.40.0-150200.12.1 * nghttp2-debuginfo-1.40.0-150200.12.1 * Basesystem Module 15-SP5 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.12.1 * libnghttp2-14-32bit-1.40.0-150200.12.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * nghttp2-debugsource-1.40.0-150200.12.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.12.1 * libnghttp2_asio-devel-1.40.0-150200.12.1 * libnghttp2-14-debuginfo-1.40.0-150200.12.1 * libnghttp2_asio1-1.40.0-150200.12.1 * libnghttp2-14-1.40.0-150200.12.1 * libnghttp2-devel-1.40.0-150200.12.1 * nghttp2-debuginfo-1.40.0-150200.12.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.12.1 * libnghttp2-14-32bit-1.40.0-150200.12.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * nghttp2-debugsource-1.40.0-150200.12.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.12.1 * libnghttp2_asio-devel-1.40.0-150200.12.1 * libnghttp2-14-debuginfo-1.40.0-150200.12.1 * libnghttp2_asio1-1.40.0-150200.12.1 * libnghttp2-14-1.40.0-150200.12.1 * libnghttp2-devel-1.40.0-150200.12.1 * nghttp2-debuginfo-1.40.0-150200.12.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.12.1 * libnghttp2-14-32bit-1.40.0-150200.12.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * nghttp2-debugsource-1.40.0-150200.12.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.12.1 * libnghttp2_asio-devel-1.40.0-150200.12.1 * libnghttp2-14-debuginfo-1.40.0-150200.12.1 * libnghttp2_asio1-1.40.0-150200.12.1 * libnghttp2-14-1.40.0-150200.12.1 * libnghttp2-devel-1.40.0-150200.12.1 * nghttp2-debuginfo-1.40.0-150200.12.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.12.1 * libnghttp2-14-32bit-1.40.0-150200.12.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * nghttp2-debugsource-1.40.0-150200.12.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.12.1 * libnghttp2_asio-devel-1.40.0-150200.12.1 * libnghttp2-14-debuginfo-1.40.0-150200.12.1 * libnghttp2_asio1-1.40.0-150200.12.1 * libnghttp2-14-1.40.0-150200.12.1 * libnghttp2-devel-1.40.0-150200.12.1 * nghttp2-debuginfo-1.40.0-150200.12.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.12.1 * libnghttp2-14-32bit-1.40.0-150200.12.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * nghttp2-debugsource-1.40.0-150200.12.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.12.1 * libnghttp2_asio-devel-1.40.0-150200.12.1 * libnghttp2-14-debuginfo-1.40.0-150200.12.1 * libnghttp2_asio1-1.40.0-150200.12.1 * libnghttp2-14-1.40.0-150200.12.1 * libnghttp2-devel-1.40.0-150200.12.1 * nghttp2-debuginfo-1.40.0-150200.12.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.12.1 * libnghttp2-14-32bit-1.40.0-150200.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * nghttp2-debugsource-1.40.0-150200.12.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.12.1 * libnghttp2_asio-devel-1.40.0-150200.12.1 * libnghttp2-14-debuginfo-1.40.0-150200.12.1 * libnghttp2_asio1-1.40.0-150200.12.1 * libnghttp2-14-1.40.0-150200.12.1 * libnghttp2-devel-1.40.0-150200.12.1 * nghttp2-debuginfo-1.40.0-150200.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.12.1 * libnghttp2-14-32bit-1.40.0-150200.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * nghttp2-debugsource-1.40.0-150200.12.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.12.1 * libnghttp2_asio-devel-1.40.0-150200.12.1 * libnghttp2-14-debuginfo-1.40.0-150200.12.1 * libnghttp2_asio1-1.40.0-150200.12.1 * libnghttp2-14-1.40.0-150200.12.1 * libnghttp2-devel-1.40.0-150200.12.1 * nghttp2-debuginfo-1.40.0-150200.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.12.1 * libnghttp2-14-32bit-1.40.0-150200.12.1 * SUSE Manager Proxy 4.2 (x86_64) * nghttp2-debugsource-1.40.0-150200.12.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.12.1 * libnghttp2_asio-devel-1.40.0-150200.12.1 * libnghttp2-14-debuginfo-1.40.0-150200.12.1 * libnghttp2-14-32bit-1.40.0-150200.12.1 * libnghttp2_asio1-1.40.0-150200.12.1 * libnghttp2-14-1.40.0-150200.12.1 * libnghttp2-devel-1.40.0-150200.12.1 * libnghttp2-14-32bit-debuginfo-1.40.0-150200.12.1 * nghttp2-debuginfo-1.40.0-150200.12.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * nghttp2-debugsource-1.40.0-150200.12.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.12.1 * libnghttp2_asio-devel-1.40.0-150200.12.1 * libnghttp2-14-debuginfo-1.40.0-150200.12.1 * libnghttp2-14-32bit-1.40.0-150200.12.1 * libnghttp2_asio1-1.40.0-150200.12.1 * libnghttp2-14-1.40.0-150200.12.1 * libnghttp2-devel-1.40.0-150200.12.1 * libnghttp2-14-32bit-debuginfo-1.40.0-150200.12.1 * nghttp2-debuginfo-1.40.0-150200.12.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * nghttp2-debugsource-1.40.0-150200.12.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.12.1 * libnghttp2_asio-devel-1.40.0-150200.12.1 * libnghttp2-14-debuginfo-1.40.0-150200.12.1 * libnghttp2_asio1-1.40.0-150200.12.1 * libnghttp2-14-1.40.0-150200.12.1 * libnghttp2-devel-1.40.0-150200.12.1 * nghttp2-debuginfo-1.40.0-150200.12.1 * SUSE Manager Server 4.2 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.12.1 * libnghttp2-14-32bit-1.40.0-150200.12.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * nghttp2-debugsource-1.40.0-150200.12.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.12.1 * libnghttp2_asio-devel-1.40.0-150200.12.1 * libnghttp2-14-debuginfo-1.40.0-150200.12.1 * libnghttp2_asio1-1.40.0-150200.12.1 * libnghttp2-14-1.40.0-150200.12.1 * libnghttp2-devel-1.40.0-150200.12.1 * nghttp2-debuginfo-1.40.0-150200.12.1 * SUSE Enterprise Storage 7.1 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.12.1 * libnghttp2-14-32bit-1.40.0-150200.12.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libnghttp2-14-1.40.0-150200.12.1 * libnghttp2-14-debuginfo-1.40.0-150200.12.1 * nghttp2-debugsource-1.40.0-150200.12.1 * nghttp2-debuginfo-1.40.0-150200.12.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libnghttp2-14-1.40.0-150200.12.1 * libnghttp2-14-debuginfo-1.40.0-150200.12.1 * nghttp2-debugsource-1.40.0-150200.12.1 * nghttp2-debuginfo-1.40.0-150200.12.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libnghttp2-14-1.40.0-150200.12.1 * libnghttp2-14-debuginfo-1.40.0-150200.12.1 * nghttp2-debugsource-1.40.0-150200.12.1 * nghttp2-debuginfo-1.40.0-150200.12.1 ## References: * https://www.suse.com/security/cve/CVE-2023-44487.html * https://bugzilla.suse.com/show_bug.cgi?id=1216123 * https://bugzilla.suse.com/show_bug.cgi?id=1216174 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 26 08:40:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Oct 2023 08:40:13 -0000 Subject: SUSE-SU-2023:4199-1: important: Security update for nghttp2 Message-ID: <169830961351.4322.14162387458080715577@smelt2.prg2.suse.org> # Security update for nghttp2 Announcement ID: SUSE-SU-2023:4199-1 Rating: important References: * bsc#1216123 * bsc#1216174 Cross-References: * CVE-2023-44487 CVSS scores: * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for nghttp2 fixes the following issues: * CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4199=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4199=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4199=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4199=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libnghttp2-devel-1.39.2-3.13.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * nghttp2-debugsource-1.39.2-3.13.1 * nghttp2-debuginfo-1.39.2-3.13.1 * libnghttp2-14-1.39.2-3.13.1 * libnghttp2-14-debuginfo-1.39.2-3.13.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libnghttp2-14-debuginfo-32bit-1.39.2-3.13.1 * libnghttp2-14-32bit-1.39.2-3.13.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * nghttp2-debugsource-1.39.2-3.13.1 * nghttp2-debuginfo-1.39.2-3.13.1 * libnghttp2-14-1.39.2-3.13.1 * libnghttp2-14-debuginfo-1.39.2-3.13.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libnghttp2-14-debuginfo-32bit-1.39.2-3.13.1 * libnghttp2-14-32bit-1.39.2-3.13.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * nghttp2-debugsource-1.39.2-3.13.1 * nghttp2-debuginfo-1.39.2-3.13.1 * libnghttp2-14-1.39.2-3.13.1 * libnghttp2-14-debuginfo-1.39.2-3.13.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libnghttp2-14-debuginfo-32bit-1.39.2-3.13.1 * libnghttp2-14-32bit-1.39.2-3.13.1 ## References: * https://www.suse.com/security/cve/CVE-2023-44487.html * https://bugzilla.suse.com/show_bug.cgi?id=1216123 * https://bugzilla.suse.com/show_bug.cgi?id=1216174 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 26 08:40:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Oct 2023 08:40:16 -0000 Subject: SUSE-SU-2023:4198-1: important: Security update for java-11-openjdk Message-ID: <169830961622.4322.5313470471024186408@smelt2.prg2.suse.org> # Security update for java-11-openjdk Announcement ID: SUSE-SU-2023:4198-1 Rating: important References: * bsc#1214790 * bsc#1216374 Cross-References: * CVE-2023-22081 CVSS scores: * CVE-2023-22081 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-22081 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for java-11-openjdk fixes the following issues: * Upgraded to JDK 11.0.21+9 (October 2023 CPU): * CVE-2023-22081: Fixed a partial denial of service issue that could be triggered via HTTPS (bsc#1216374). Please visit the Oracle Release Notes page for the full changelog: https://www.oracle.com/java/technologies/javase/11all-relnotes.html ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4198=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4198=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4198=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4198=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4198=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4198=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4198=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4198=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4198=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4198=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4198=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4198=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4198=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4198=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4198=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4198=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4198=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4198=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4198=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4198=1 ## Package List: * SUSE Package Hub 15 15-SP4 (noarch) * java-11-openjdk-javadoc-11.0.21.0-150000.3.107.1 * SUSE Package Hub 15 15-SP5 (noarch) * java-11-openjdk-javadoc-11.0.21.0-150000.3.107.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * java-11-openjdk-headless-11.0.21.0-150000.3.107.1 * java-11-openjdk-debuginfo-11.0.21.0-150000.3.107.1 * java-11-openjdk-11.0.21.0-150000.3.107.1 * java-11-openjdk-debugsource-11.0.21.0-150000.3.107.1 * java-11-openjdk-demo-11.0.21.0-150000.3.107.1 * java-11-openjdk-devel-11.0.21.0-150000.3.107.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * java-11-openjdk-headless-11.0.21.0-150000.3.107.1 * java-11-openjdk-debuginfo-11.0.21.0-150000.3.107.1 * java-11-openjdk-11.0.21.0-150000.3.107.1 * java-11-openjdk-debugsource-11.0.21.0-150000.3.107.1 * java-11-openjdk-demo-11.0.21.0-150000.3.107.1 * java-11-openjdk-devel-11.0.21.0-150000.3.107.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * java-11-openjdk-headless-11.0.21.0-150000.3.107.1 * java-11-openjdk-debuginfo-11.0.21.0-150000.3.107.1 * java-11-openjdk-11.0.21.0-150000.3.107.1 * java-11-openjdk-debugsource-11.0.21.0-150000.3.107.1 * java-11-openjdk-demo-11.0.21.0-150000.3.107.1 * java-11-openjdk-devel-11.0.21.0-150000.3.107.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * java-11-openjdk-headless-11.0.21.0-150000.3.107.1 * java-11-openjdk-debuginfo-11.0.21.0-150000.3.107.1 * java-11-openjdk-11.0.21.0-150000.3.107.1 * java-11-openjdk-debugsource-11.0.21.0-150000.3.107.1 * java-11-openjdk-demo-11.0.21.0-150000.3.107.1 * java-11-openjdk-devel-11.0.21.0-150000.3.107.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-headless-11.0.21.0-150000.3.107.1 * java-11-openjdk-debuginfo-11.0.21.0-150000.3.107.1 * java-11-openjdk-11.0.21.0-150000.3.107.1 * java-11-openjdk-debugsource-11.0.21.0-150000.3.107.1 * java-11-openjdk-demo-11.0.21.0-150000.3.107.1 * java-11-openjdk-devel-11.0.21.0-150000.3.107.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-headless-11.0.21.0-150000.3.107.1 * java-11-openjdk-debuginfo-11.0.21.0-150000.3.107.1 * java-11-openjdk-11.0.21.0-150000.3.107.1 * java-11-openjdk-debugsource-11.0.21.0-150000.3.107.1 * java-11-openjdk-demo-11.0.21.0-150000.3.107.1 * java-11-openjdk-devel-11.0.21.0-150000.3.107.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-headless-11.0.21.0-150000.3.107.1 * java-11-openjdk-debuginfo-11.0.21.0-150000.3.107.1 * java-11-openjdk-11.0.21.0-150000.3.107.1 * java-11-openjdk-debugsource-11.0.21.0-150000.3.107.1 * java-11-openjdk-demo-11.0.21.0-150000.3.107.1 * java-11-openjdk-devel-11.0.21.0-150000.3.107.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * java-11-openjdk-headless-11.0.21.0-150000.3.107.1 * java-11-openjdk-debuginfo-11.0.21.0-150000.3.107.1 * java-11-openjdk-11.0.21.0-150000.3.107.1 * java-11-openjdk-debugsource-11.0.21.0-150000.3.107.1 * java-11-openjdk-demo-11.0.21.0-150000.3.107.1 * java-11-openjdk-devel-11.0.21.0-150000.3.107.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * java-11-openjdk-headless-11.0.21.0-150000.3.107.1 * java-11-openjdk-debuginfo-11.0.21.0-150000.3.107.1 * java-11-openjdk-11.0.21.0-150000.3.107.1 * java-11-openjdk-debugsource-11.0.21.0-150000.3.107.1 * java-11-openjdk-demo-11.0.21.0-150000.3.107.1 * java-11-openjdk-devel-11.0.21.0-150000.3.107.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * java-11-openjdk-headless-11.0.21.0-150000.3.107.1 * java-11-openjdk-debuginfo-11.0.21.0-150000.3.107.1 * java-11-openjdk-11.0.21.0-150000.3.107.1 * java-11-openjdk-debugsource-11.0.21.0-150000.3.107.1 * java-11-openjdk-demo-11.0.21.0-150000.3.107.1 * java-11-openjdk-devel-11.0.21.0-150000.3.107.1 * SUSE Manager Proxy 4.2 (x86_64) * java-11-openjdk-headless-11.0.21.0-150000.3.107.1 * java-11-openjdk-debuginfo-11.0.21.0-150000.3.107.1 * java-11-openjdk-11.0.21.0-150000.3.107.1 * java-11-openjdk-debugsource-11.0.21.0-150000.3.107.1 * java-11-openjdk-demo-11.0.21.0-150000.3.107.1 * java-11-openjdk-devel-11.0.21.0-150000.3.107.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * java-11-openjdk-headless-11.0.21.0-150000.3.107.1 * java-11-openjdk-debuginfo-11.0.21.0-150000.3.107.1 * java-11-openjdk-11.0.21.0-150000.3.107.1 * java-11-openjdk-debugsource-11.0.21.0-150000.3.107.1 * java-11-openjdk-demo-11.0.21.0-150000.3.107.1 * java-11-openjdk-devel-11.0.21.0-150000.3.107.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * java-11-openjdk-headless-11.0.21.0-150000.3.107.1 * java-11-openjdk-debuginfo-11.0.21.0-150000.3.107.1 * java-11-openjdk-11.0.21.0-150000.3.107.1 * java-11-openjdk-debugsource-11.0.21.0-150000.3.107.1 * java-11-openjdk-demo-11.0.21.0-150000.3.107.1 * java-11-openjdk-devel-11.0.21.0-150000.3.107.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * java-11-openjdk-headless-11.0.21.0-150000.3.107.1 * java-11-openjdk-debuginfo-11.0.21.0-150000.3.107.1 * java-11-openjdk-11.0.21.0-150000.3.107.1 * java-11-openjdk-debugsource-11.0.21.0-150000.3.107.1 * java-11-openjdk-demo-11.0.21.0-150000.3.107.1 * java-11-openjdk-devel-11.0.21.0-150000.3.107.1 * SUSE CaaS Platform 4.0 (x86_64) * java-11-openjdk-headless-11.0.21.0-150000.3.107.1 * java-11-openjdk-debuginfo-11.0.21.0-150000.3.107.1 * java-11-openjdk-11.0.21.0-150000.3.107.1 * java-11-openjdk-debugsource-11.0.21.0-150000.3.107.1 * java-11-openjdk-demo-11.0.21.0-150000.3.107.1 * java-11-openjdk-devel-11.0.21.0-150000.3.107.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-headless-11.0.21.0-150000.3.107.1 * java-11-openjdk-debuginfo-11.0.21.0-150000.3.107.1 * java-11-openjdk-11.0.21.0-150000.3.107.1 * java-11-openjdk-debugsource-11.0.21.0-150000.3.107.1 * java-11-openjdk-src-11.0.21.0-150000.3.107.1 * java-11-openjdk-jmods-11.0.21.0-150000.3.107.1 * java-11-openjdk-demo-11.0.21.0-150000.3.107.1 * java-11-openjdk-devel-11.0.21.0-150000.3.107.1 * openSUSE Leap 15.4 (noarch) * java-11-openjdk-javadoc-11.0.21.0-150000.3.107.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-headless-11.0.21.0-150000.3.107.1 * java-11-openjdk-debuginfo-11.0.21.0-150000.3.107.1 * java-11-openjdk-11.0.21.0-150000.3.107.1 * java-11-openjdk-debugsource-11.0.21.0-150000.3.107.1 * java-11-openjdk-src-11.0.21.0-150000.3.107.1 * java-11-openjdk-jmods-11.0.21.0-150000.3.107.1 * java-11-openjdk-demo-11.0.21.0-150000.3.107.1 * java-11-openjdk-devel-11.0.21.0-150000.3.107.1 * openSUSE Leap 15.5 (noarch) * java-11-openjdk-javadoc-11.0.21.0-150000.3.107.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-headless-11.0.21.0-150000.3.107.1 * java-11-openjdk-11.0.21.0-150000.3.107.1 * java-11-openjdk-debugsource-11.0.21.0-150000.3.107.1 * java-11-openjdk-demo-11.0.21.0-150000.3.107.1 * java-11-openjdk-devel-11.0.21.0-150000.3.107.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-11.0.21.0-150000.3.107.1 * java-11-openjdk-headless-11.0.21.0-150000.3.107.1 * java-11-openjdk-demo-11.0.21.0-150000.3.107.1 * java-11-openjdk-devel-11.0.21.0-150000.3.107.1 ## References: * https://www.suse.com/security/cve/CVE-2023-22081.html * https://bugzilla.suse.com/show_bug.cgi?id=1214790 * https://bugzilla.suse.com/show_bug.cgi?id=1216374 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 26 08:40:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Oct 2023 08:40:19 -0000 Subject: SUSE-RU-2023:4197-1: moderate: Recommended update for tracker Message-ID: <169830961948.4322.13422463169168288704@smelt2.prg2.suse.org> # Recommended update for tracker Announcement ID: SUSE-RU-2023:4197-1 Rating: moderate References: * jsc#PED-6193 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for tracker fixes the following issues: * use pkgconfig(icu-i18n) to use the current libicu (jsc#PED-6193) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4197=1 openSUSE-SLE-15.4-2023-4197=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4197=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4197=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4197=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4197=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4197=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-4197=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4197=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * tracker-debugsource-3.2.1-150400.3.3.1 * libtracker-sparql-3_0-0-debuginfo-3.2.1-150400.3.3.1 * tracker-debuginfo-3.2.1-150400.3.3.1 * tracker-data-files-3.2.1-150400.3.3.1 * libtracker-sparql-3_0-0-3.2.1-150400.3.3.1 * tracker-devel-3.2.1-150400.3.3.1 * tracker-3.2.1-150400.3.3.1 * typelib-1_0-Tracker-3_0-3.2.1-150400.3.3.1 * openSUSE Leap 15.4 (noarch) * tracker-lang-3.2.1-150400.3.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * tracker-debugsource-3.2.1-150400.3.3.1 * libtracker-sparql-3_0-0-debuginfo-3.2.1-150400.3.3.1 * tracker-debuginfo-3.2.1-150400.3.3.1 * tracker-data-files-3.2.1-150400.3.3.1 * libtracker-sparql-3_0-0-3.2.1-150400.3.3.1 * tracker-devel-3.2.1-150400.3.3.1 * tracker-3.2.1-150400.3.3.1 * typelib-1_0-Tracker-3_0-3.2.1-150400.3.3.1 * openSUSE Leap 15.5 (noarch) * tracker-lang-3.2.1-150400.3.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * tracker-debugsource-3.2.1-150400.3.3.1 * libtracker-sparql-3_0-0-debuginfo-3.2.1-150400.3.3.1 * tracker-debuginfo-3.2.1-150400.3.3.1 * libtracker-sparql-3_0-0-3.2.1-150400.3.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * tracker-debugsource-3.2.1-150400.3.3.1 * libtracker-sparql-3_0-0-debuginfo-3.2.1-150400.3.3.1 * tracker-debuginfo-3.2.1-150400.3.3.1 * libtracker-sparql-3_0-0-3.2.1-150400.3.3.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * tracker-debugsource-3.2.1-150400.3.3.1 * tracker-debuginfo-3.2.1-150400.3.3.1 * tracker-data-files-3.2.1-150400.3.3.1 * tracker-devel-3.2.1-150400.3.3.1 * typelib-1_0-Tracker-3_0-3.2.1-150400.3.3.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * tracker-debugsource-3.2.1-150400.3.3.1 * tracker-debuginfo-3.2.1-150400.3.3.1 * tracker-data-files-3.2.1-150400.3.3.1 * tracker-devel-3.2.1-150400.3.3.1 * typelib-1_0-Tracker-3_0-3.2.1-150400.3.3.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * tracker-debugsource-3.2.1-150400.3.3.1 * tracker-debuginfo-3.2.1-150400.3.3.1 * tracker-3.2.1-150400.3.3.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (noarch) * tracker-lang-3.2.1-150400.3.3.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * tracker-debugsource-3.2.1-150400.3.3.1 * tracker-debuginfo-3.2.1-150400.3.3.1 * tracker-3.2.1-150400.3.3.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (noarch) * tracker-lang-3.2.1-150400.3.3.1 ## References: * https://jira.suse.com/browse/PED-6193 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 26 08:40:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Oct 2023 08:40:21 -0000 Subject: SUSE-RU-2023:4196-1: moderate: Recommended update for mariadb-connector-c Message-ID: <169830962118.4322.17273819342503126633@smelt2.prg2.suse.org> # Recommended update for mariadb-connector-c Announcement ID: SUSE-RU-2023:4196-1 Rating: moderate References: Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that can now be installed. ## Description: This update for mariadb-connector-c fixes the following issues: * Update to release 3.1.21: * https://mariadb.com/kb/en/mariadb-connector-c-3-1-21-release-notes/ * https://mariadb.com/kb/en/mariadb-connector-c-3-1-20-release-notes/ * https://mariadb.com/kb/en/mariadb-connector-c-3-1-19-release-notes/ * https://mariadb.com/kb/en/mariadb-connectorc-3-1-18-release-notes/ * https://mariadb.com/kb/en/mariadb-connector-c-3117-release-notes/ * https://mariadb.com/kb/en/mariadb-connector-c-3116-release-notes/ * https://mariadb.com/kb/en/mariadb-connector-c-3115-release-notes/ * https://mariadb.com/kb/en/mariadb-connector-c-3114-release-notes/ ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4196=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4196=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4196=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libmariadb_plugins-3.1.21-2.30.5 * libmariadb3-3.1.21-2.30.5 * libmariadb_plugins-debuginfo-3.1.21-2.30.5 * mariadb-connector-c-debugsource-3.1.21-2.30.5 * libmariadb3-debuginfo-3.1.21-2.30.5 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libmariadb_plugins-3.1.21-2.30.5 * libmariadb3-3.1.21-2.30.5 * libmariadb_plugins-debuginfo-3.1.21-2.30.5 * mariadb-connector-c-debugsource-3.1.21-2.30.5 * libmariadb3-debuginfo-3.1.21-2.30.5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libmariadb_plugins-3.1.21-2.30.5 * libmariadb3-3.1.21-2.30.5 * libmariadb_plugins-debuginfo-3.1.21-2.30.5 * mariadb-connector-c-debugsource-3.1.21-2.30.5 * libmariadb3-debuginfo-3.1.21-2.30.5 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 26 08:40:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Oct 2023 08:40:22 -0000 Subject: SUSE-RU-2023:4195-1: moderate: Recommended update for mariadb-connector-c Message-ID: <169830962247.4322.11687885115853745035@smelt2.prg2.suse.org> # Recommended update for mariadb-connector-c Announcement ID: SUSE-RU-2023:4195-1 Rating: moderate References: Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: This update for mariadb-connector-c fixes the following issues: * Update to release 3.1.21: * https://mariadb.com/kb/en/mariadb-connector-c-3-1-21-release-notes/ * https://mariadb.com/kb/en/mariadb-connector-c-3-1-20-release-notes/ * https://mariadb.com/kb/en/mariadb-connector-c-3-1-19-release-notes/ * https://mariadb.com/kb/en/mariadb-connectorc-3-1-18-release-notes/ * https://mariadb.com/kb/en/mariadb-connector-c-3117-release-notes/ * https://mariadb.com/kb/en/mariadb-connector-c-3116-release-notes/ * https://mariadb.com/kb/en/mariadb-connector-c-3115-release-notes/ * https://mariadb.com/kb/en/mariadb-connector-c-3114-release-notes/ ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4195=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4195=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4195=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4195=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4195=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4195=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4195=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4195=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4195=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4195=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4195=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4195=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4195=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4195=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4195=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4195=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4195=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4195=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4195=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4195=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libmariadb3-debuginfo-3.1.21-150000.3.33.3 * libmariadbprivate-debuginfo-3.1.21-150000.3.33.3 * libmariadbprivate-3.1.21-150000.3.33.3 * libmariadb_plugins-debuginfo-3.1.21-150000.3.33.3 * mariadb-connector-c-debugsource-3.1.21-150000.3.33.3 * libmariadb3-3.1.21-150000.3.33.3 * libmariadb-devel-debuginfo-3.1.21-150000.3.33.3 * libmariadb_plugins-3.1.21-150000.3.33.3 * libmariadb-devel-3.1.21-150000.3.33.3 * openSUSE Leap 15.4 (x86_64) * libmariadb3-32bit-3.1.21-150000.3.33.3 * libmariadb3-32bit-debuginfo-3.1.21-150000.3.33.3 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libmariadb3-debuginfo-3.1.21-150000.3.33.3 * libmariadbprivate-debuginfo-3.1.21-150000.3.33.3 * libmariadbprivate-3.1.21-150000.3.33.3 * libmariadb_plugins-debuginfo-3.1.21-150000.3.33.3 * mariadb-connector-c-debugsource-3.1.21-150000.3.33.3 * libmariadb3-3.1.21-150000.3.33.3 * libmariadb-devel-debuginfo-3.1.21-150000.3.33.3 * libmariadb_plugins-3.1.21-150000.3.33.3 * libmariadb-devel-3.1.21-150000.3.33.3 * openSUSE Leap 15.5 (x86_64) * libmariadb3-32bit-3.1.21-150000.3.33.3 * libmariadb3-32bit-debuginfo-3.1.21-150000.3.33.3 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libmariadb3-debuginfo-3.1.21-150000.3.33.3 * libmariadbprivate-debuginfo-3.1.21-150000.3.33.3 * mariadb-connector-c-debugsource-3.1.21-150000.3.33.3 * libmariadbprivate-3.1.21-150000.3.33.3 * libmariadb3-3.1.21-150000.3.33.3 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libmariadb3-debuginfo-3.1.21-150000.3.33.3 * libmariadbprivate-debuginfo-3.1.21-150000.3.33.3 * mariadb-connector-c-debugsource-3.1.21-150000.3.33.3 * libmariadbprivate-3.1.21-150000.3.33.3 * libmariadb3-3.1.21-150000.3.33.3 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * mariadb-connector-c-debugsource-3.1.21-150000.3.33.3 * libmariadb-devel-3.1.21-150000.3.33.3 * libmariadb-devel-debuginfo-3.1.21-150000.3.33.3 * libmariadb_plugins-3.1.21-150000.3.33.3 * libmariadb_plugins-debuginfo-3.1.21-150000.3.33.3 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * mariadb-connector-c-debugsource-3.1.21-150000.3.33.3 * libmariadb-devel-3.1.21-150000.3.33.3 * libmariadb-devel-debuginfo-3.1.21-150000.3.33.3 * libmariadb_plugins-3.1.21-150000.3.33.3 * libmariadb_plugins-debuginfo-3.1.21-150000.3.33.3 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libmariadb3-debuginfo-3.1.21-150000.3.33.3 * libmariadbprivate-debuginfo-3.1.21-150000.3.33.3 * libmariadbprivate-3.1.21-150000.3.33.3 * libmariadb_plugins-debuginfo-3.1.21-150000.3.33.3 * mariadb-connector-c-debugsource-3.1.21-150000.3.33.3 * libmariadb3-3.1.21-150000.3.33.3 * libmariadb-devel-debuginfo-3.1.21-150000.3.33.3 * libmariadb_plugins-3.1.21-150000.3.33.3 * libmariadb-devel-3.1.21-150000.3.33.3 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libmariadb3-debuginfo-3.1.21-150000.3.33.3 * libmariadbprivate-debuginfo-3.1.21-150000.3.33.3 * libmariadbprivate-3.1.21-150000.3.33.3 * libmariadb_plugins-debuginfo-3.1.21-150000.3.33.3 * mariadb-connector-c-debugsource-3.1.21-150000.3.33.3 * libmariadb3-3.1.21-150000.3.33.3 * libmariadb-devel-debuginfo-3.1.21-150000.3.33.3 * libmariadb_plugins-3.1.21-150000.3.33.3 * libmariadb-devel-3.1.21-150000.3.33.3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libmariadb3-debuginfo-3.1.21-150000.3.33.3 * libmariadbprivate-debuginfo-3.1.21-150000.3.33.3 * libmariadbprivate-3.1.21-150000.3.33.3 * libmariadb_plugins-debuginfo-3.1.21-150000.3.33.3 * mariadb-connector-c-debugsource-3.1.21-150000.3.33.3 * libmariadb3-3.1.21-150000.3.33.3 * libmariadb-devel-debuginfo-3.1.21-150000.3.33.3 * libmariadb_plugins-3.1.21-150000.3.33.3 * libmariadb-devel-3.1.21-150000.3.33.3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libmariadb3-debuginfo-3.1.21-150000.3.33.3 * libmariadbprivate-debuginfo-3.1.21-150000.3.33.3 * libmariadbprivate-3.1.21-150000.3.33.3 * libmariadb_plugins-debuginfo-3.1.21-150000.3.33.3 * mariadb-connector-c-debugsource-3.1.21-150000.3.33.3 * libmariadb3-3.1.21-150000.3.33.3 * libmariadb-devel-debuginfo-3.1.21-150000.3.33.3 * libmariadb_plugins-3.1.21-150000.3.33.3 * libmariadb-devel-3.1.21-150000.3.33.3 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libmariadb3-debuginfo-3.1.21-150000.3.33.3 * libmariadbprivate-debuginfo-3.1.21-150000.3.33.3 * libmariadbprivate-3.1.21-150000.3.33.3 * libmariadb_plugins-debuginfo-3.1.21-150000.3.33.3 * mariadb-connector-c-debugsource-3.1.21-150000.3.33.3 * libmariadb3-3.1.21-150000.3.33.3 * libmariadb-devel-debuginfo-3.1.21-150000.3.33.3 * libmariadb_plugins-3.1.21-150000.3.33.3 * libmariadb-devel-3.1.21-150000.3.33.3 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libmariadb3-debuginfo-3.1.21-150000.3.33.3 * libmariadbprivate-debuginfo-3.1.21-150000.3.33.3 * libmariadbprivate-3.1.21-150000.3.33.3 * libmariadb_plugins-debuginfo-3.1.21-150000.3.33.3 * mariadb-connector-c-debugsource-3.1.21-150000.3.33.3 * libmariadb3-3.1.21-150000.3.33.3 * libmariadb-devel-debuginfo-3.1.21-150000.3.33.3 * libmariadb_plugins-3.1.21-150000.3.33.3 * libmariadb-devel-3.1.21-150000.3.33.3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libmariadb3-debuginfo-3.1.21-150000.3.33.3 * libmariadbprivate-debuginfo-3.1.21-150000.3.33.3 * libmariadbprivate-3.1.21-150000.3.33.3 * libmariadb_plugins-debuginfo-3.1.21-150000.3.33.3 * mariadb-connector-c-debugsource-3.1.21-150000.3.33.3 * libmariadb3-3.1.21-150000.3.33.3 * libmariadb-devel-debuginfo-3.1.21-150000.3.33.3 * libmariadb_plugins-3.1.21-150000.3.33.3 * libmariadb-devel-3.1.21-150000.3.33.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libmariadb3-debuginfo-3.1.21-150000.3.33.3 * libmariadbprivate-debuginfo-3.1.21-150000.3.33.3 * libmariadbprivate-3.1.21-150000.3.33.3 * libmariadb_plugins-debuginfo-3.1.21-150000.3.33.3 * mariadb-connector-c-debugsource-3.1.21-150000.3.33.3 * libmariadb3-3.1.21-150000.3.33.3 * libmariadb-devel-debuginfo-3.1.21-150000.3.33.3 * libmariadb_plugins-3.1.21-150000.3.33.3 * libmariadb-devel-3.1.21-150000.3.33.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libmariadb3-debuginfo-3.1.21-150000.3.33.3 * libmariadbprivate-debuginfo-3.1.21-150000.3.33.3 * libmariadbprivate-3.1.21-150000.3.33.3 * libmariadb_plugins-debuginfo-3.1.21-150000.3.33.3 * mariadb-connector-c-debugsource-3.1.21-150000.3.33.3 * libmariadb3-3.1.21-150000.3.33.3 * libmariadb-devel-debuginfo-3.1.21-150000.3.33.3 * libmariadb_plugins-3.1.21-150000.3.33.3 * libmariadb-devel-3.1.21-150000.3.33.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libmariadb3-debuginfo-3.1.21-150000.3.33.3 * libmariadbprivate-debuginfo-3.1.21-150000.3.33.3 * libmariadbprivate-3.1.21-150000.3.33.3 * libmariadb_plugins-debuginfo-3.1.21-150000.3.33.3 * mariadb-connector-c-debugsource-3.1.21-150000.3.33.3 * libmariadb3-3.1.21-150000.3.33.3 * libmariadb-devel-debuginfo-3.1.21-150000.3.33.3 * libmariadb_plugins-3.1.21-150000.3.33.3 * libmariadb-devel-3.1.21-150000.3.33.3 * SUSE Manager Proxy 4.2 (x86_64) * libmariadb3-debuginfo-3.1.21-150000.3.33.3 * libmariadbprivate-debuginfo-3.1.21-150000.3.33.3 * libmariadbprivate-3.1.21-150000.3.33.3 * libmariadb_plugins-debuginfo-3.1.21-150000.3.33.3 * mariadb-connector-c-debugsource-3.1.21-150000.3.33.3 * libmariadb3-3.1.21-150000.3.33.3 * libmariadb-devel-debuginfo-3.1.21-150000.3.33.3 * libmariadb_plugins-3.1.21-150000.3.33.3 * libmariadb-devel-3.1.21-150000.3.33.3 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libmariadb3-debuginfo-3.1.21-150000.3.33.3 * libmariadbprivate-debuginfo-3.1.21-150000.3.33.3 * libmariadbprivate-3.1.21-150000.3.33.3 * libmariadb_plugins-debuginfo-3.1.21-150000.3.33.3 * mariadb-connector-c-debugsource-3.1.21-150000.3.33.3 * libmariadb3-3.1.21-150000.3.33.3 * libmariadb-devel-debuginfo-3.1.21-150000.3.33.3 * libmariadb_plugins-3.1.21-150000.3.33.3 * libmariadb-devel-3.1.21-150000.3.33.3 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libmariadb3-debuginfo-3.1.21-150000.3.33.3 * libmariadbprivate-debuginfo-3.1.21-150000.3.33.3 * libmariadbprivate-3.1.21-150000.3.33.3 * libmariadb_plugins-debuginfo-3.1.21-150000.3.33.3 * mariadb-connector-c-debugsource-3.1.21-150000.3.33.3 * libmariadb3-3.1.21-150000.3.33.3 * libmariadb-devel-debuginfo-3.1.21-150000.3.33.3 * libmariadb_plugins-3.1.21-150000.3.33.3 * libmariadb-devel-3.1.21-150000.3.33.3 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libmariadb3-debuginfo-3.1.21-150000.3.33.3 * libmariadbprivate-debuginfo-3.1.21-150000.3.33.3 * libmariadbprivate-3.1.21-150000.3.33.3 * libmariadb_plugins-debuginfo-3.1.21-150000.3.33.3 * mariadb-connector-c-debugsource-3.1.21-150000.3.33.3 * libmariadb3-3.1.21-150000.3.33.3 * libmariadb-devel-debuginfo-3.1.21-150000.3.33.3 * libmariadb_plugins-3.1.21-150000.3.33.3 * libmariadb-devel-3.1.21-150000.3.33.3 * SUSE CaaS Platform 4.0 (x86_64) * libmariadb3-debuginfo-3.1.21-150000.3.33.3 * libmariadbprivate-debuginfo-3.1.21-150000.3.33.3 * libmariadbprivate-3.1.21-150000.3.33.3 * libmariadb_plugins-debuginfo-3.1.21-150000.3.33.3 * mariadb-connector-c-debugsource-3.1.21-150000.3.33.3 * libmariadb3-3.1.21-150000.3.33.3 * libmariadb-devel-debuginfo-3.1.21-150000.3.33.3 * libmariadb_plugins-3.1.21-150000.3.33.3 * libmariadb-devel-3.1.21-150000.3.33.3 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 26 08:40:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Oct 2023 08:40:26 -0000 Subject: SUSE-FU-2023:4194-1: low: Feature update for python3 Message-ID: <169830962604.4322.5810390747516946230@smelt2.prg2.suse.org> # Feature update for python3 Announcement ID: SUSE-FU-2023:4194-1 Rating: low References: * jsc#PED-68 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Containers Module 15-SP4 * Containers Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * Python 3 Module 15-SP4 * Python 3 Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This feature update for python3 packages adds the following: * First batch of python3.11 modules (jsc#PED-68) * Rename sources of python3-kubernetes, python3-cryptography and python3-cryptography-vectors to accommodate the new 3.11 versions, this 3 packages have no code changes. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4194=1 SUSE-2023-4194=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4194=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4194=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4194=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4194=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4194=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4194=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4194=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4194=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4194=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4194=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-4194=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-4194=1 * Python 3 Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Python3-15-SP4-2023-4194=1 * Python 3 Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Python3-15-SP5-2023-4194=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python311-rfc3986-validator-0.1.1-150400.9.3.9 * python311-ini2toml-0.12-150400.9.3.9 * python311-Twisted-http2-22.10.0-150400.5.10.9 * python311-sortedcontainers-2.4.0-150400.8.3.9 * python311-dpcontracts-0.6.0-150400.9.3.9 * python311-uc-micro-py-1.0.1-150400.9.3.9 * python311-importlib-metadata-6.8.0-150400.10.5.9 * python311-mdurl-0.1.2-150400.9.3.6 * python311-process-tests-2.1.2-150400.11.3.9 * python311-defusedxml-0.7.1-150400.7.3.8 * python311-pyproject-hooks-1.0.0-150400.9.3.9 * python311-more-itertools-9.1.0-150400.3.3.9 * python311-autodocsumm-0.2.11-150400.9.3.8 * python311-fqdn-1.5.1-150400.9.5.9 * python311-pip-22.3.1-150400.17.9.9 * python311-jaraco.classes-3.2.3-150400.9.3.9 * python311-pytest-asyncio-0.21.1-150400.10.3.9 * python311-genty-1.3.2-150400.9.3.9 * python311-jaraco.packaging-9.2.0-150400.9.3.7 * python311-sphinx-version-warning-1.1.2-150400.9.3.9 * python311-trustme-1.0.0-150400.5.3.8 * python311-sh-2.0.4-150400.9.3.9 * python311-pytest-xprocess-0.22.2-150400.9.3.9 * python311-responses-0.23.1-150400.6.3.6 * python311-py-1.11.0-150400.12.3.9 * python311-uri-template-1.2.0-150400.9.3.9 * python311-priority-2.0.0-150400.9.3.9 * python311-six-1.16.0-150400.18.3.9 * python311-flit-core-3.8.0-150400.9.3.9 * python311-chai-1.1.2-150400.5.3.9 * python311-pybind11-devel-2.10.4-150400.9.3.9 * python311-ephemeral-port-reserve-1.1.4-150400.9.3.9 * python311-rfc3987-1.3.8-150400.10.3.9 * python311-flaky-3.7.0-150400.14.3.9 * python311-yapf-0.33.0-150400.3.3.9 * python311-validate_email-1.3-150400.9.3.9 * python311-calver-2022.6.26-150400.9.3.9 * python311-imagesize-1.4.1-150400.12.3.9 * python311-Twisted-tls-22.10.0-150400.5.10.9 * python311-anyio-3.6.2-150400.9.3.6 * python311-beautifulsoup4-4.12.2-150400.7.3.9 * python311-html5lib-1.1-150400.11.3.8 * python311-elasticsearch-7.6.0-150400.11.3.6 * python311-Js2Py-0.74-150400.9.3.9 * python311-dateparser-1.1.8-150400.5.5.8 * python311-watchdog-3.0.0-150400.9.3.9 * python311-graphviz-0.20.1-150400.4.3.9 * python311-dnspython-2.3.0-150400.12.3.9 * python311-async_timeout-4.0.2-150400.10.3.9 * python311-hypothesmith-0.2.3-150400.9.3.9 * python311-parameterized-0.9.0-150400.10.5.9 * python311-service_identity-23.1.0-150400.8.3.8 * python311-Twisted-contextvars-22.10.0-150400.5.10.9 * python311-CairoSVG-2.7.1-150400.9.3.8 * python311-constantly-15.1.0-150400.12.3.9 * python311-pyjsparser-2.7.1-150400.9.3.9 * python311-curio-1.6-150400.9.3.9 * python311-poetry-core-1.6.1-150400.9.3.9 * python311-jsonpointer-2.3-150400.11.3.9 * python311-fastjsonschema-2.16.3-150400.9.3.9 * python311-proxy.py-2.4.3-150400.9.3.9 * python311-pytest-datadir-1.4.1-150400.9.3.9 * python311-typing-inspect-0.8.0-150400.9.3.9 * python311-black-23.9.1-150400.9.5.6 * python311-appdirs-1.4.4-150400.11.3.9 * python311-setuptools-wheel-67.7.2-150400.3.9.9 * python311-Twisted-22.10.0-150400.5.10.9 * python311-cssselect2-0.7.0-150400.9.3.9 * python311-hatchling-1.17.0-150400.9.3.9 * python311-Twisted-conch-22.10.0-150400.5.10.9 * python311-itsdangerous-2.1.2-150400.7.3.9 * python311-cairocffi-pixbuf-1.5.1-150400.7.3.8 * python311-flit-scm-1.7.0-150400.9.3.9 * python311-jsonschema-format-4.17.3-150400.14.3.9 * python311-requests-2.31.0-150400.6.5.7 * python311-sphinxcontrib-websupport-1.2.4-150400.13.3.9 * python311-blinker-1.6.2-150400.12.3.8 * python311-aiodns-3.0.0-150400.9.3.9 * python311-markdown-it-py-2.2.0-150400.9.3.6 * python311-pytest-xdist-3.3.1-150400.3.3.9 * python311-re-assert-1.1.0-150400.9.3.9 * python311-Pygments-2.15.1-150400.7.3.9 * python311-sphinxcontrib-jquery-4.1-150400.9.3.9 * python311-tzlocal-4.3-150400.5.3.9 * python311-jaraco.context-4.3.0-150400.9.3.9 * python311-fields-5.0.0-150400.10.3.9 * python311-pytest-timeout-2.1.0-150400.7.3.9 * python311-h11-0.14.0-150400.9.3.9 * python311-pygal-3.0.0-150400.9.3.6 * python311-pygaljs-1.0.2-150400.9.3.9 * python311-py-cpuinfo-9.0.0-150400.9.3.9 * python311-python-dateutil-2.8.2-150400.5.3.9 * python311-pexpect-4.8.0-150400.15.5.9 * python311-sphinx-issues-3.0.1-150400.9.3.8 * python311-greenlet-devel-2.0.2-150400.12.3.13 * python311-hypothesis-6.75.3-150400.3.3.9 * python311-validators-0.20.0-150400.9.3.9 * python311-lark-1.1.5-150400.9.3.9 * python311-pytest-benchmark-4.0.0-150400.9.3.6 * python311-setuptools-67.7.2-150400.3.9.9 * python311-PySocks-1.7.1-150400.11.3.9 * python311-hyperframe-6.0.1-150400.8.3.9 * python311-pluggy-1.0.0-150400.14.3.9 * python311-inflect-6.0.4-150400.9.3.6 * python311-pretend-1.0.9-150400.11.3.9 * python311-Sphinx-7.0.1-150400.3.3.9 * python311-readthedocs-sphinx-ext-2.2.0-150400.10.3.8 * python311-pyasn1-0.5.0-150400.12.3.9 * python311-aspectlib-2.0.0-150400.9.3.9 * python311-idna-3.4-150400.11.3.9 * python311-smmap-5.0.0-150400.9.3.9 * python311-ini2toml-lite-0.12-150400.9.3.9 * python311-cookies-2.2.1-150400.5.3.9 * python311-backports.entry_points_selectable-1.2.0-150400.9.3.9 * python311-iniconfig-2.0.0-150400.10.3.9 * python311-pygments-pytest-2.3.0-150400.10.3.9 * python311-sphinxcontrib-applehelp-1.0.4-150400.3.3.9 * python311-trove-classifiers-2023.5.2-150400.9.3.9 * python311-urllib3-2.0.6-150400.7.7.1 * python311-flasgger-0.9.7.1-150400.9.3.9 * python311-virtualenv-20.22.0-150400.9.3.9 * python311-jaraco.envs-2.4.0-150400.9.3.9 * python311-railroad-diagrams-3.0.1-150400.9.3.9 * python311-ddt-1.6.0-150400.11.3.7 * python311-decorator-5.1.1-150400.12.3.9 * python311-eventlet-0.33.3-150400.5.3.6 * python311-mock-3.0.5-150400.17.3.9 * python311-pathspec-0.11.1-150400.9.3.9 * python311-autocommand-2.2.2-150400.9.3.9 * python311-elementpath-4.1.5-150400.10.3.8 * python311-requests-toolbelt-1.0.0-150400.7.3.8 * python311-exceptiongroup-1.1.2-150400.9.3.9 * python311-pytest-httpserver-1.0.8-150400.9.3.8 * python311-platformdirs-3.5.1-150400.9.5.9 * python311-WebOb-1.8.7-150400.11.3.9 * python311-alabaster-0.7.13-150400.12.3.9 * python311-soupsieve-2.4.1-150400.7.3.9 * python311-u-msgpack-python-2.7.2-150400.12.3.9 * python311-PyMeeus-0.5.12-150400.5.3.9 * python311-hpack-4.0.0-150400.8.3.9 * python311-roman-3.3-150400.9.3.9 * python311-pycparser-2.21-150400.12.3.9 * python311-certifi-2023.7.22-150400.12.3.19 * python311-pathtools-0.1.2-150400.9.3.9 * python311-pyasn1-modules-0.3.0-150400.12.3.9 * python311-elastic-transport-8.4.0-150400.9.3.6 * python311-aiohttp_cors-0.7.0-150400.9.3.6 * python311-Whoosh-2.7.4-150400.10.3.9 * python311-asgiref-3.6.0-150400.9.3.9 * python311-async_generator-1.10-150400.10.3.9 * python311-sniffio-1.3.0-150400.9.3.9 * python311-objgraph-3.5.0-150400.9.3.9 * python311-pytest-regressions-2.4.2-150400.9.3.7 * python311-build-0.10.0-150400.9.3.9 * python311-tinycss2-1.2.1-150400.9.3.9 * python311-flex-6.14.1-150400.9.3.6 * python311-pyOpenSSL-23.2.0-150400.3.6.9 * python311-pytest-trio-0.8.0-150400.9.3.8 * python311-path-16.6.0-150400.9.3.9 * python311-attrs-23.1.0-150400.8.3.9 * python311-tomli-w-1.0.0-150400.9.3.9 * python311-wheel-0.40.0-150400.13.3.9 * python311-pip-run-8.8.2-150400.9.3.9 * python311-distlib-0.3.7-150400.9.3.9 * python311-Twisted-all_non_platform-22.10.0-150400.5.10.9 * python311-cairocffi-1.5.1-150400.7.3.8 * python311-strict-rfc3339-0.7-150400.10.3.9 * python311-rich-13.3.5-150400.9.3.6 * python311-typing_extensions-4.5.0-150400.3.5.9 * python311-click-8.1.3-150400.7.3.9 * python311-betamax-0.8.1-150400.11.3.9 * python311-iso8601-1.1.0-150400.11.3.9 * python311-incremental-22.10.0-150400.3.3.9 * python311-parso-0.8.3-150400.11.3.9 * python311-ruamel.yaml-0.17.31-150400.5.5.9 * python311-olefile-0.46-150400.11.3.9 * python311-pyfakefs-5.2.2-150400.12.3.9 * python311-sphinxcontrib-htmlhelp-2.0.1-150400.3.3.9 * python311-Pympler-1.0.1-150400.7.3.9 * python311-scripttest-1.3-150400.10.3.9 * python311-cryptography-vectors-41.0.3-150400.7.6.7 * python311-Pallets-Sphinx-Themes-2.1.0-150400.9.3.8 * python311-langdetect-1.0.9-150400.9.3.9 * python311-sphinxcontrib-devhelp-1.0.2-150400.3.3.9 * python311-charset-normalizer-3.1.0-150400.9.3.9 * python311-sphinxcontrib-jsmath-1.0.1-150400.3.3.9 * python311-pytest-freezegun-0.4.2-150400.9.3.9 * python311-text-unidecode-1.3-150400.3.3.9 * python311-toml-0.10.2-150400.5.3.9 * python311-tomli-2.0.1-150400.9.3.9 * python311-zope.event-4.6-150400.11.5.9 * python311-pyquery-2.0.0-150400.11.3.8 * python311-Faker-18.11.1-150400.9.3.9 * python311-Flask-2.3.2-150400.3.6.6 * python311-pyserial-3.5-150400.12.3.9 * python311-GitPython-3.1.34.1693646983.2a2ae77-150400.9.3.7 * python311-astor-0.8.1-150400.9.3.9 * python311-pycountry-22.3.5-150400.9.3.9 * python311-aiosignal-1.3.1-150400.9.3.9 * python311-mistune-2.0.5-150400.11.5.9 * python311-pytest-7.3.1-150400.3.3.9 * python311-jaraco.itertools-6.2.1-150400.9.3.6 * python311-Deprecated-1.2.14-150400.10.3.9 * python311-filelock-3.12.2-150400.10.3.9 * python311-PyHamcrest-2.0.3-150400.8.3.9 * python311-csv23-0.3.4-150400.9.3.9 * python311-pybind11-2.10.4-150400.9.3.9 * python311-pygments-ansi-color-0.2.0-150400.10.3.9 * python311-python-dotenv-1.0.0-150400.9.3.9 * python311-wsproto-1.2.0-150400.9.3.9 * python311-convertdate-2.4.0-150400.5.3.9 * python311-setuptools-rust-1.6.0-150400.9.3.9 * python311-jaraco.functools-3.6.0-150400.9.3.6 * python311-zipp-3.15.0-150400.10.3.9 * python311-Flask-doc-2.3.2-150400.3.6.6 * python311-rfc3339-validator-0.1.4-150400.9.3.9 * python311-UkPostcodeParser-1.1.2-150400.9.3.9 * python311-outcome-1.2.0-150400.9.3.9 * python311-Sphinx-latex-7.0.1-150400.3.3.9 * python311-contextvars-2.4-150400.10.3.9 * python311-pytest-subtests-0.11.0-150400.9.3.9 * python311-webcolors-1.13-150400.10.3.9 * python311-email-validator-2.0.0-150400.9.3.6 * python311-hatch_vcs-0.3.0-150400.9.3.9 * python311-marshmallow-3.19.0-150400.9.3.8 * python311-mypy_extensions-1.0.0-150400.9.3.9 * python311-pytest-rerunfailures-12.0-150400.10.3.9 * python311-editables-0.3-150400.9.3.9 * python311-installer-0.7.0-150400.9.3.9 * python311-ptyprocess-0.7.0-150400.11.3.9 * python311-cssselect-1.2.0-150400.12.3.9 * python311-Twisted-serial-22.10.0-150400.5.10.9 * python311-linkify-it-py-2.0.2-150400.9.3.9 * python311-bottle-0.12.25-150400.12.3.9 * python311-jsonschema-format-nongpl-4.17.3-150400.14.3.9 * python311-jaraco.path-3.5.0-150400.9.3.9 * python311-xcffib-1.3.0-150400.7.3.9 * python311-snowballstemmer-2.2.0-150400.12.3.9 * python311-apipkg-3.0.1-150400.12.3.9 * python311-pytest-cov-4.1.0-150400.12.3.9 * python311-pytz-deprecation-shim-0.1.0.post0-150400.9.3.9 * python311-arrow-1.2.3-150400.5.3.9 * python311-httpbin-0.7.0+git20181107.f8ec666-150400.11.3.6 * python311-factory_boy-3.2.1-150400.9.3.9 * python311-setuptools_scm-7.1.0-150400.5.3.9 * python311-pyparsing-3.0.9-150400.5.3.18 * python311-isoduration-20.11.0-150400.9.3.6 * python311-testpath-0.6.0-150400.5.3.9 * python311-wcag-contrast-ratio-0.9-150400.9.3.9 * python311-pydantic-1.10.8-150400.9.3.6 * python311-validate-pyproject-0.13-150400.9.3.7 * python311-chardet-5.1.0-150400.13.3.9 * python311-sphinxcontrib-qthelp-1.0.3-150400.3.3.9 * python311-sphinx_rtd_theme-1.2.0-150400.12.3.9 * python311-pytest-expect-1.1.0-150400.12.3.9 * python311-semantic_version-2.10.0-150400.9.3.9 * python311-flit-3.8.0-150400.9.3.6 * python311-sphinxcontrib-serializinghtml-1.1.5-150400.3.3.9 * python311-pytz-2023.3-150400.6.3.9 * python311-trio-0.22.0-150400.9.5.8 * python311-h2-4.1.0-150400.8.3.9 * python311-packaging-23.1-150400.8.3.9 * python311-webencodings-0.5.1-150400.12.3.9 * python3-cryptography-vectors-3.3.2-150400.11.3 * python311-execnet-1.9.0-150400.12.3.9 * python311-Werkzeug-2.3.6-150400.6.3.9 * python311-docutils-0.19-150400.11.3.9 * python311-pytest-mock-3.11.1-150400.13.3.9 * python311-versioneer-0.26-150400.9.3.9 * python311-isodate-0.6.1-150400.12.3.9 * python311-rst.linker-2.4.0-150400.9.5.9 * python311-Automat-22.10.0-150400.3.3.9 * python311-pytest-env-0.8.2-150400.9.3.9 * python311-Babel-2.12.1-150400.8.3.9 * python311-freezegun-1.2.2-150400.7.3.9 * python311-hatch-fancy-pypi-readme-23.1.0-150400.9.3.10 * python311-zope.testing-5.0.1-150400.7.3.9 * python311-Twisted-conch_nacl-22.10.0-150400.5.10.9 * python3-kubernetes-26.1.0-150400.16.2 * python311-random2-1.0.1-150400.9.3.9 * python311-httpcore-0.17.0-150400.9.3.9 * python311-asn1crypto-1.5.1-150400.12.3.9 * python311-httpx-0.24.0-150400.9.5.6 * python311-gunicorn-20.1.0-150400.12.3.9 * python311-pytest-httpbin-1.0.2-150400.12.3.6 * python311-jsonschema-4.17.3-150400.14.3.9 * python311-hyperlink-21.0.0-150400.12.3.9 * python311-xmlschema-2.3.0-150400.10.3.8 * python311-nose2-0.12.0-150400.10.3.9 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * python311-Brotli-debuginfo-1.1.0-150400.7.5.10 * python-aiohttp-debugsource-3.8.5-150400.10.5.9 * python311-coverage-7.2.5-150400.12.3.12 * python-websockets-debugsource-11.0.3-150400.10.3.11 * python311-simplejson-3.19.1-150400.6.3.10 * python311-wrapt-1.15.0-150400.12.3.11 * python311-regex-debuginfo-2023.5.5-150400.5.3.11 * python311-MarkupSafe-debuginfo-2.1.3-150400.11.3.12 * python311-gitdb-4.0.10-150400.9.3.9 * python-cryptography-debugsource-41.0.3-150400.16.9.12 * python-Pillow-debugsource-9.5.0-150400.5.3.11 * python311-aiohttp-debuginfo-3.8.5-150400.10.5.9 * python311-SQLAlchemy-2.0.19-150400.6.5.12 * python311-immutables-0.19-150400.10.3.11 * python311-zope.interface-debuginfo-6.0-150400.12.3.10 * python311-Cython0-0.29.36-150400.9.3.12 * python-PyNaCl-debugsource-1.5.0-150400.12.3.18 * python311-cryptography-41.0.3-150400.16.9.12 * python311-frozenlist-1.3.3-150400.9.3.10 * python-psutil-debugsource-5.9.5-150400.6.5.10 * python-pyrsistent-debugsource-0.19.3-150400.10.3.11 * python-Pillow-debuginfo-9.5.0-150400.5.3.11 * python311-libcst-debuginfo-0.4.9-150400.9.3.13 * python-MarkupSafe-debugsource-2.1.3-150400.11.3.12 * python-ruamel.yaml.clib-debugsource-0.2.7-150400.5.3.11 * python-numpy-debugsource-1.24.2-150400.23.12.8 * python311-numpy-devel-1.24.2-150400.23.12.8 * python-tornado6-debugsource-6.3.2-150400.9.3.12 * python-wrapt-debugsource-1.15.0-150400.12.3.11 * python-pycares-debugsource-4.3.0-150400.9.3.11 * python-Brotli-debugsource-1.1.0-150400.7.5.10 * python311-httptools-0.5.0-150400.9.5.8 * python311-websockets-debuginfo-11.0.3-150400.10.3.11 * python311-lxml-debuginfo-4.9.3-150400.8.5.8 * python-multidict-debugsource-6.0.4-150400.7.3.10 * python311-multidict-debuginfo-6.0.4-150400.7.3.10 * python311-ruamel.yaml.clib-debuginfo-0.2.7-150400.5.3.11 * python311-websockets-11.0.3-150400.10.3.11 * python311-Pillow-9.5.0-150400.5.3.11 * python311-tornado6-debuginfo-6.3.2-150400.9.3.12 * python311-fasttext-debuginfo-0.9.2-150400.9.3.12 * python311-yarl-1.9.2-150400.8.3.12 * python-Cython-debugsource-3.0.2-150400.108.5.12 * python-simplejson-debugsource-3.19.1-150400.6.3.10 * python-frozenlist-debugsource-1.3.3-150400.9.3.10 * python311-tornado6-6.3.2-150400.9.3.12 * python-Cython0-debugsource-0.29.36-150400.9.3.12 * python311-MarkupSafe-2.1.3-150400.11.3.12 * python311-Pillow-debuginfo-9.5.0-150400.5.3.11 * python3-cryptography-debuginfo-3.3.2-150400.20.3 * python311-multidict-6.0.4-150400.7.3.10 * python311-wrapt-debuginfo-1.15.0-150400.12.3.11 * python-coverage-debugsource-7.2.5-150400.12.3.12 * python311-Genshi-0.7.7-150400.11.3.10 * python311-PyNaCl-1.5.0-150400.12.3.18 * python311-PyYAML-6.0.1-150400.5.5.7 * python311-gevent-debuginfo-23.9.0-150400.13.6.1 * python311-gevent-23.9.0-150400.13.6.1 * python-httptools-debugsource-0.5.0-150400.9.5.8 * python311-pyrsistent-0.19.3-150400.10.3.11 * python-SQLAlchemy-debugsource-2.0.19-150400.6.5.12 * python311-greenlet-2.0.2-150400.12.3.13 * python311-pycurl-debuginfo-7.45.2-150400.13.3.12 * python311-pycares-debuginfo-4.3.0-150400.9.3.11 * python311-frozenlist-debuginfo-1.3.3-150400.9.3.10 * python311-Jinja2-3.1.2-150400.12.3.9 * python311-aiohttp-3.8.5-150400.10.5.9 * python311-cffi-1.15.1-150400.8.3.12 * python311-coverage-debuginfo-7.2.5-150400.12.3.12 * python311-Cython0-debuginfo-0.29.36-150400.9.3.12 * python311-immutables-debuginfo-0.19-150400.10.3.11 * python311-bcrypt-debuginfo-4.0.1-150400.5.3.14 * python-zope.interface-debugsource-6.0-150400.12.3.10 * python311-Genshi-debuginfo-0.7.7-150400.11.3.10 * python311-Pillow-tk-debuginfo-9.5.0-150400.5.3.11 * python311-PyYAML-debuginfo-6.0.1-150400.5.5.7 * python-greenlet-debugsource-2.0.2-150400.12.3.13 * python311-pyrsistent-debuginfo-0.19.3-150400.10.3.11 * python-cffi-debugsource-1.15.1-150400.8.3.12 * python311-numpy-debuginfo-1.24.2-150400.23.12.8 * python311-Brotli-1.1.0-150400.7.5.10 * python-yarl-debugsource-1.9.2-150400.8.3.12 * python-lxml-debugsource-4.9.3-150400.8.5.8 * python311-libcst-0.4.9-150400.9.3.13 * python311-cffi-debuginfo-1.15.1-150400.8.3.12 * python311-lxml-devel-4.9.3-150400.8.5.8 * python311-PyNaCl-debuginfo-1.5.0-150400.12.3.18 * python311-ruamel.yaml.clib-0.2.7-150400.5.3.11 * python311-psutil-debuginfo-5.9.5-150400.6.5.10 * python-pycurl-debugsource-7.45.2-150400.13.3.12 * python-fasttext-debugsource-0.9.2-150400.9.3.12 * python311-yarl-debuginfo-1.9.2-150400.8.3.12 * python-gevent-debugsource-23.9.0-150400.13.6.1 * python-regex-debugsource-2023.5.5-150400.5.3.11 * python3-cryptography-3.3.2-150400.20.3 * python311-fasttext-0.9.2-150400.9.3.12 * python311-cryptography-debuginfo-41.0.3-150400.16.9.12 * python-pycurl-test-debugsource-7.45.2-150400.13.3.9 * python311-pycurl-7.45.2-150400.13.3.12 * python311-greenlet-debuginfo-2.0.2-150400.12.3.13 * python3-cryptography-debugsource-3.3.2-150400.20.3 * python311-lxml-4.9.3-150400.8.5.8 * python-immutables-debugsource-0.19-150400.10.3.11 * python311-simplejson-debuginfo-3.19.1-150400.6.3.10 * python311-pycares-4.3.0-150400.9.3.11 * python-PyYAML-debugsource-6.0.1-150400.5.5.7 * python311-zope.interface-6.0-150400.12.3.10 * python311-bcrypt-4.0.1-150400.5.3.14 * python-Genshi-debugsource-0.7.7-150400.11.3.10 * python311-Pillow-tk-9.5.0-150400.5.3.11 * python311-psutil-5.9.5-150400.6.5.10 * python311-httptools-debuginfo-0.5.0-150400.9.5.8 * python311-regex-2023.5.5-150400.5.3.11 * python311-SQLAlchemy-debuginfo-2.0.19-150400.6.5.12 * python311-Cython-debuginfo-3.0.2-150400.108.5.12 * python311-numpy-1.24.2-150400.23.12.8 * python311-Cython-3.0.2-150400.108.5.12 * openSUSE Leap 15.4 (aarch64 ppc64le x86_64 i586) * python311-numpy_1_24_2-gnu-hpc-devel-1.24.2-150400.23.12.7 * python-numpy_1_24_2-gnu-hpc-debugsource-1.24.2-150400.23.12.7 * python311-numpy-gnu-hpc-1.24.2-150400.23.12.7 * python311-numpy-gnu-hpc-devel-1.24.2-150400.23.12.7 * python311-numpy_1_24_2-gnu-hpc-debuginfo-1.24.2-150400.23.12.7 * python311-numpy_1_24_2-gnu-hpc-1.24.2-150400.23.12.7 * openSUSE Leap Micro 5.3 (aarch64 ppc64le s390x x86_64) * python3-cryptography-debugsource-3.3.2-150400.20.3 * python3-cryptography-debuginfo-3.3.2-150400.20.3 * python3-cryptography-3.3.2-150400.20.3 * openSUSE Leap Micro 5.4 (aarch64 ppc64le s390x x86_64) * python3-cryptography-debugsource-3.3.2-150400.20.3 * python3-cryptography-debuginfo-3.3.2-150400.20.3 * python3-cryptography-3.3.2-150400.20.3 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * python311-Brotli-debuginfo-1.1.0-150400.7.5.10 * python-aiohttp-debugsource-3.8.5-150400.10.5.9 * python311-coverage-7.2.5-150400.12.3.12 * python-websockets-debugsource-11.0.3-150400.10.3.11 * python311-simplejson-3.19.1-150400.6.3.10 * python311-wrapt-1.15.0-150400.12.3.11 * python311-regex-debuginfo-2023.5.5-150400.5.3.11 * python311-MarkupSafe-debuginfo-2.1.3-150400.11.3.12 * python311-gitdb-4.0.10-150400.9.3.9 * python-cryptography-debugsource-41.0.3-150400.16.9.12 * python-Pillow-debugsource-9.5.0-150400.5.3.11 * python311-aiohttp-debuginfo-3.8.5-150400.10.5.9 * python311-SQLAlchemy-2.0.19-150400.6.5.12 * python311-immutables-0.19-150400.10.3.11 * python311-zope.interface-debuginfo-6.0-150400.12.3.10 * python-PyNaCl-debugsource-1.5.0-150400.12.3.18 * python-psutil-debugsource-5.9.5-150400.6.5.10 * python311-cryptography-41.0.3-150400.16.9.12 * python311-frozenlist-1.3.3-150400.9.3.10 * python-pyrsistent-debugsource-0.19.3-150400.10.3.11 * python-Pillow-debuginfo-9.5.0-150400.5.3.11 * python311-libcst-debuginfo-0.4.9-150400.9.3.13 * python-MarkupSafe-debugsource-2.1.3-150400.11.3.12 * python-ruamel.yaml.clib-debugsource-0.2.7-150400.5.3.11 * python-numpy-debugsource-1.24.2-150400.23.12.8 * python-tornado6-debugsource-6.3.2-150400.9.3.12 * python-wrapt-debugsource-1.15.0-150400.12.3.11 * python-pycares-debugsource-4.3.0-150400.9.3.11 * python-Brotli-debugsource-1.1.0-150400.7.5.10 * python311-httptools-0.5.0-150400.9.5.8 * python311-websockets-debuginfo-11.0.3-150400.10.3.11 * python311-lxml-debuginfo-4.9.3-150400.8.5.8 * python-multidict-debugsource-6.0.4-150400.7.3.10 * python311-multidict-debuginfo-6.0.4-150400.7.3.10 * python311-ruamel.yaml.clib-debuginfo-0.2.7-150400.5.3.11 * python311-websockets-11.0.3-150400.10.3.11 * python311-Pillow-9.5.0-150400.5.3.11 * python311-tornado6-debuginfo-6.3.2-150400.9.3.12 * python311-fasttext-debuginfo-0.9.2-150400.9.3.12 * python311-yarl-1.9.2-150400.8.3.12 * python-Cython-debugsource-3.0.2-150400.108.5.12 * python-simplejson-debugsource-3.19.1-150400.6.3.10 * python-frozenlist-debugsource-1.3.3-150400.9.3.10 * python311-tornado6-6.3.2-150400.9.3.12 * python311-MarkupSafe-2.1.3-150400.11.3.12 * python311-Pillow-debuginfo-9.5.0-150400.5.3.11 * python3-cryptography-debuginfo-3.3.2-150400.20.3 * python311-multidict-6.0.4-150400.7.3.10 * python311-wrapt-debuginfo-1.15.0-150400.12.3.11 * python-coverage-debugsource-7.2.5-150400.12.3.12 * python311-PyNaCl-1.5.0-150400.12.3.18 * python311-PyYAML-6.0.1-150400.5.5.7 * python311-gevent-debuginfo-23.9.0-150400.13.6.1 * python311-gevent-23.9.0-150400.13.6.1 * python-httptools-debugsource-0.5.0-150400.9.5.8 * python311-pyrsistent-0.19.3-150400.10.3.11 * python-SQLAlchemy-debugsource-2.0.19-150400.6.5.12 * python311-greenlet-2.0.2-150400.12.3.13 * python311-pycurl-debuginfo-7.45.2-150400.13.3.12 * python311-pycares-debuginfo-4.3.0-150400.9.3.11 * python311-frozenlist-debuginfo-1.3.3-150400.9.3.10 * python311-Jinja2-3.1.2-150400.12.3.9 * python311-aiohttp-3.8.5-150400.10.5.9 * python311-cffi-1.15.1-150400.8.3.12 * python311-coverage-debuginfo-7.2.5-150400.12.3.12 * python311-immutables-debuginfo-0.19-150400.10.3.11 * python-zope.interface-debugsource-6.0-150400.12.3.10 * python311-bcrypt-debuginfo-4.0.1-150400.5.3.14 * python311-Genshi-debuginfo-0.7.7-150400.11.3.10 * python311-Pillow-tk-debuginfo-9.5.0-150400.5.3.11 * python311-PyYAML-debuginfo-6.0.1-150400.5.5.7 * python-greenlet-debugsource-2.0.2-150400.12.3.13 * python311-pyrsistent-debuginfo-0.19.3-150400.10.3.11 * python-cffi-debugsource-1.15.1-150400.8.3.12 * python311-numpy-debuginfo-1.24.2-150400.23.12.8 * python311-Brotli-1.1.0-150400.7.5.10 * python-yarl-debugsource-1.9.2-150400.8.3.12 * python-lxml-debugsource-4.9.3-150400.8.5.8 * python311-libcst-0.4.9-150400.9.3.13 * python311-cffi-debuginfo-1.15.1-150400.8.3.12 * python311-PyNaCl-debuginfo-1.5.0-150400.12.3.18 * python311-psutil-debuginfo-5.9.5-150400.6.5.10 * python-pycurl-debugsource-7.45.2-150400.13.3.12 * python-fasttext-debugsource-0.9.2-150400.9.3.12 * python311-yarl-debuginfo-1.9.2-150400.8.3.12 * python-gevent-debugsource-23.9.0-150400.13.6.1 * python-regex-debugsource-2023.5.5-150400.5.3.11 * python3-cryptography-3.3.2-150400.20.3 * python311-cryptography-debuginfo-41.0.3-150400.16.9.12 * python-pycurl-test-debugsource-7.45.2-150400.13.3.9 * python311-pycurl-7.45.2-150400.13.3.12 * python311-greenlet-debuginfo-2.0.2-150400.12.3.13 * python3-cryptography-debugsource-3.3.2-150400.20.3 * python311-lxml-4.9.3-150400.8.5.8 * python-immutables-debugsource-0.19-150400.10.3.11 * python311-simplejson-debuginfo-3.19.1-150400.6.3.10 * python311-pycares-4.3.0-150400.9.3.11 * python-PyYAML-debugsource-6.0.1-150400.5.5.7 * python311-zope.interface-6.0-150400.12.3.10 * python311-bcrypt-4.0.1-150400.5.3.14 * python-Genshi-debugsource-0.7.7-150400.11.3.10 * python311-Pillow-tk-9.5.0-150400.5.3.11 * python311-psutil-5.9.5-150400.6.5.10 * python311-httptools-debuginfo-0.5.0-150400.9.5.8 * python311-regex-2023.5.5-150400.5.3.11 * python311-SQLAlchemy-debuginfo-2.0.19-150400.6.5.12 * python311-Cython-debuginfo-3.0.2-150400.108.5.12 * python311-numpy-1.24.2-150400.23.12.8 * python311-Cython-3.0.2-150400.108.5.12 * openSUSE Leap 15.5 (aarch64 ppc64le x86_64) * python311-numpy_1_24_2-gnu-hpc-debuginfo-1.24.2-150400.23.12.7 * python311-numpy_1_24_2-gnu-hpc-1.24.2-150400.23.12.7 * python-numpy_1_24_2-gnu-hpc-debugsource-1.24.2-150400.23.12.7 * python311-numpy-gnu-hpc-1.24.2-150400.23.12.7 * openSUSE Leap 15.5 (noarch) * python311-rfc3986-validator-0.1.1-150400.9.3.9 * python311-sortedcontainers-2.4.0-150400.8.3.9 * python311-Twisted-http2-22.10.0-150400.5.10.9 * python311-dpcontracts-0.6.0-150400.9.3.9 * python311-uc-micro-py-1.0.1-150400.9.3.9 * python311-importlib-metadata-6.8.0-150400.10.5.9 * python311-mdurl-0.1.2-150400.9.3.6 * python311-defusedxml-0.7.1-150400.7.3.8 * python311-pyproject-hooks-1.0.0-150400.9.3.9 * python311-more-itertools-9.1.0-150400.3.3.9 * python311-pip-22.3.1-150400.17.9.9 * python311-fqdn-1.5.1-150400.9.5.9 * python311-jaraco.classes-3.2.3-150400.9.3.9 * python311-pytest-asyncio-0.21.1-150400.10.3.9 * python311-jaraco.packaging-9.2.0-150400.9.3.7 * python311-sphinx-version-warning-1.1.2-150400.9.3.9 * python311-trustme-1.0.0-150400.5.3.8 * python311-sh-2.0.4-150400.9.3.9 * python311-pytest-xprocess-0.22.2-150400.9.3.9 * python311-responses-0.23.1-150400.6.3.6 * python311-py-1.11.0-150400.12.3.9 * python311-priority-2.0.0-150400.9.3.9 * python311-six-1.16.0-150400.18.3.9 * python311-flit-core-3.8.0-150400.9.3.9 * python311-rfc3987-1.3.8-150400.10.3.9 * python311-validate_email-1.3-150400.9.3.9 * python311-calver-2022.6.26-150400.9.3.9 * python311-imagesize-1.4.1-150400.12.3.9 * python311-Twisted-tls-22.10.0-150400.5.10.9 * python311-anyio-3.6.2-150400.9.3.6 * python311-beautifulsoup4-4.12.2-150400.7.3.9 * python311-html5lib-1.1-150400.11.3.8 * python311-elasticsearch-7.6.0-150400.11.3.6 * python311-watchdog-3.0.0-150400.9.3.9 * python311-graphviz-0.20.1-150400.4.3.9 * python311-dnspython-2.3.0-150400.12.3.9 * python311-async_timeout-4.0.2-150400.10.3.9 * python311-parameterized-0.9.0-150400.10.5.9 * python311-service_identity-23.1.0-150400.8.3.8 * python311-Twisted-contextvars-22.10.0-150400.5.10.9 * python311-CairoSVG-2.7.1-150400.9.3.8 * python311-constantly-15.1.0-150400.12.3.9 * python311-pyjsparser-2.7.1-150400.9.3.9 * python311-poetry-core-1.6.1-150400.9.3.9 * python311-jsonpointer-2.3-150400.11.3.9 * python311-fastjsonschema-2.16.3-150400.9.3.9 * python311-proxy.py-2.4.3-150400.9.3.9 * python311-pytest-datadir-1.4.1-150400.9.3.9 * python311-typing-inspect-0.8.0-150400.9.3.9 * python311-appdirs-1.4.4-150400.11.3.9 * python311-Twisted-22.10.0-150400.5.10.9 * python311-cssselect2-0.7.0-150400.9.3.9 * python311-hatchling-1.17.0-150400.9.3.9 * python311-Twisted-conch-22.10.0-150400.5.10.9 * python311-itsdangerous-2.1.2-150400.7.3.9 * python311-cairocffi-pixbuf-1.5.1-150400.7.3.8 * python311-flit-scm-1.7.0-150400.9.3.9 * python311-jsonschema-format-4.17.3-150400.14.3.9 * python311-requests-2.31.0-150400.6.5.7 * python311-sphinxcontrib-websupport-1.2.4-150400.13.3.9 * python311-blinker-1.6.2-150400.12.3.8 * python311-markdown-it-py-2.2.0-150400.9.3.6 * python311-pytest-xdist-3.3.1-150400.3.3.9 * python311-re-assert-1.1.0-150400.9.3.9 * python311-Pygments-2.15.1-150400.7.3.9 * python311-sphinxcontrib-jquery-4.1-150400.9.3.9 * python311-tzlocal-4.3-150400.5.3.9 * python311-jaraco.context-4.3.0-150400.9.3.9 * python311-fields-5.0.0-150400.10.3.9 * python311-pytest-timeout-2.1.0-150400.7.3.9 * python311-h11-0.14.0-150400.9.3.9 * python311-py-cpuinfo-9.0.0-150400.9.3.9 * python311-python-dateutil-2.8.2-150400.5.3.9 * python311-pexpect-4.8.0-150400.15.5.9 * python311-sphinx-issues-3.0.1-150400.9.3.8 * python311-hypothesis-6.75.3-150400.3.3.9 * python311-validators-0.20.0-150400.9.3.9 * python311-lark-1.1.5-150400.9.3.9 * python311-pytest-benchmark-4.0.0-150400.9.3.6 * python311-setuptools-67.7.2-150400.3.9.9 * python311-PySocks-1.7.1-150400.11.3.9 * python311-hyperframe-6.0.1-150400.8.3.9 * python311-pluggy-1.0.0-150400.14.3.9 * python311-inflect-6.0.4-150400.9.3.6 * python311-Sphinx-7.0.1-150400.3.3.9 * python311-pyasn1-0.5.0-150400.12.3.9 * python311-smmap-5.0.0-150400.9.3.9 * python311-idna-3.4-150400.11.3.9 * python311-backports.entry_points_selectable-1.2.0-150400.9.3.9 * python311-iniconfig-2.0.0-150400.10.3.9 * python311-sphinxcontrib-applehelp-1.0.4-150400.3.3.9 * python311-trove-classifiers-2023.5.2-150400.9.3.9 * python311-urllib3-2.0.6-150400.7.7.1 * python311-flasgger-0.9.7.1-150400.9.3.9 * python311-virtualenv-20.22.0-150400.9.3.9 * python311-uri-template-1.2.0-150400.9.3.9 * python311-ddt-1.6.0-150400.11.3.7 * python311-decorator-5.1.1-150400.12.3.9 * python311-mock-3.0.5-150400.17.3.9 * python311-requests-toolbelt-1.0.0-150400.7.3.8 * python311-pathspec-0.11.1-150400.9.3.9 * python311-autocommand-2.2.2-150400.9.3.9 * python311-elementpath-4.1.5-150400.10.3.8 * python311-exceptiongroup-1.1.2-150400.9.3.9 * python311-pytest-httpserver-1.0.8-150400.9.3.8 * python311-platformdirs-3.5.1-150400.9.5.9 * python311-alabaster-0.7.13-150400.12.3.9 * python311-soupsieve-2.4.1-150400.7.3.9 * python311-u-msgpack-python-2.7.2-150400.12.3.9 * python311-PyMeeus-0.5.12-150400.5.3.9 * python311-hpack-4.0.0-150400.8.3.9 * python311-roman-3.3-150400.9.3.9 * python311-pycparser-2.21-150400.12.3.9 * python311-certifi-2023.7.22-150400.12.3.19 * python311-pathtools-0.1.2-150400.9.3.9 * python311-pyasn1-modules-0.3.0-150400.12.3.9 * python311-elastic-transport-8.4.0-150400.9.3.6 * python311-aiohttp_cors-0.7.0-150400.9.3.6 * python311-async_generator-1.10-150400.10.3.9 * python311-Whoosh-2.7.4-150400.10.3.9 * python311-pytest-regressions-2.4.2-150400.9.3.7 * python311-build-0.10.0-150400.9.3.9 * python311-tinycss2-1.2.1-150400.9.3.9 * python311-pyOpenSSL-23.2.0-150400.3.6.9 * python311-pytest-trio-0.8.0-150400.9.3.8 * python311-path-16.6.0-150400.9.3.9 * python311-attrs-23.1.0-150400.8.3.9 * python311-tomli-w-1.0.0-150400.9.3.9 * python311-wheel-0.40.0-150400.13.3.9 * python311-distlib-0.3.7-150400.9.3.9 * python311-Twisted-all_non_platform-22.10.0-150400.5.10.9 * python311-cairocffi-1.5.1-150400.7.3.8 * python311-strict-rfc3339-0.7-150400.10.3.9 * python311-rich-13.3.5-150400.9.3.6 * python311-typing_extensions-4.5.0-150400.3.5.9 * python311-click-8.1.3-150400.7.3.9 * python311-incremental-22.10.0-150400.3.3.9 * python311-parso-0.8.3-150400.11.3.9 * python311-olefile-0.46-150400.11.3.9 * python311-sphinxcontrib-htmlhelp-2.0.1-150400.3.3.9 * python311-cryptography-vectors-41.0.3-150400.7.6.7 * python311-Pallets-Sphinx-Themes-2.1.0-150400.9.3.8 * python311-sphinxcontrib-devhelp-1.0.2-150400.3.3.9 * python311-charset-normalizer-3.1.0-150400.9.3.9 * python311-sphinxcontrib-jsmath-1.0.1-150400.3.3.9 * python311-pytest-freezegun-0.4.2-150400.9.3.9 * python311-text-unidecode-1.3-150400.3.3.9 * python311-toml-0.10.2-150400.5.3.9 * python311-tomli-2.0.1-150400.9.3.9 * python311-zope.event-4.6-150400.11.5.9 * python311-Faker-18.11.1-150400.9.3.9 * python311-Flask-2.3.2-150400.3.6.6 * python311-pyserial-3.5-150400.12.3.9 * python311-GitPython-3.1.34.1693646983.2a2ae77-150400.9.3.7 * python311-aiosignal-1.3.1-150400.9.3.9 * python311-mistune-2.0.5-150400.11.5.9 * python311-pytest-7.3.1-150400.3.3.9 * python311-Deprecated-1.2.14-150400.10.3.9 * python311-filelock-3.12.2-150400.10.3.9 * python311-PyHamcrest-2.0.3-150400.8.3.9 * python311-pybind11-2.10.4-150400.9.3.9 * python311-wsproto-1.2.0-150400.9.3.9 * python311-python-dotenv-1.0.0-150400.9.3.9 * python311-convertdate-2.4.0-150400.5.3.9 * python311-setuptools-rust-1.6.0-150400.9.3.9 * python311-jaraco.functools-3.6.0-150400.9.3.6 * python311-zipp-3.15.0-150400.10.3.9 * python311-rfc3339-validator-0.1.4-150400.9.3.9 * python311-outcome-1.2.0-150400.9.3.9 * python311-contextvars-2.4-150400.10.3.9 * python311-pytest-subtests-0.11.0-150400.9.3.9 * python311-webcolors-1.13-150400.10.3.9 * python311-email-validator-2.0.0-150400.9.3.6 * python311-mypy_extensions-1.0.0-150400.9.3.9 * python311-pytest-rerunfailures-12.0-150400.10.3.9 * python311-editables-0.3-150400.9.3.9 * python311-installer-0.7.0-150400.9.3.9 * python311-ptyprocess-0.7.0-150400.11.3.9 * python311-cssselect-1.2.0-150400.12.3.9 * python311-Twisted-serial-22.10.0-150400.5.10.9 * python311-xcffib-1.3.0-150400.7.3.9 * python311-jsonschema-format-nongpl-4.17.3-150400.14.3.9 * python311-snowballstemmer-2.2.0-150400.12.3.9 * python311-apipkg-3.0.1-150400.12.3.9 * python311-pytest-cov-4.1.0-150400.12.3.9 * python311-pytz-deprecation-shim-0.1.0.post0-150400.9.3.9 * python311-arrow-1.2.3-150400.5.3.9 * python311-httpbin-0.7.0+git20181107.f8ec666-150400.11.3.6 * python311-setuptools_scm-7.1.0-150400.5.3.9 * python311-pyparsing-3.0.9-150400.5.3.18 * python311-isoduration-20.11.0-150400.9.3.6 * python311-testpath-0.6.0-150400.5.3.9 * python311-pydantic-1.10.8-150400.9.3.6 * python311-chardet-5.1.0-150400.13.3.9 * python311-sphinxcontrib-qthelp-1.0.3-150400.3.3.9 * python311-sphinx_rtd_theme-1.2.0-150400.12.3.9 * python311-pytest-expect-1.1.0-150400.12.3.9 * python311-semantic_version-2.10.0-150400.9.3.9 * python311-flit-3.8.0-150400.9.3.6 * python311-sphinxcontrib-serializinghtml-1.1.5-150400.3.3.9 * python311-pytz-2023.3-150400.6.3.9 * python311-trio-0.22.0-150400.9.5.8 * python311-h2-4.1.0-150400.8.3.9 * python311-packaging-23.1-150400.8.3.9 * python3-cryptography-vectors-3.3.2-150400.11.3 * python311-webencodings-0.5.1-150400.12.3.9 * python311-execnet-1.9.0-150400.12.3.9 * python311-Werkzeug-2.3.6-150400.6.3.9 * python311-docutils-0.19-150400.11.3.9 * python311-pytest-mock-3.11.1-150400.13.3.9 * python311-isodate-0.6.1-150400.12.3.9 * python311-Automat-22.10.0-150400.3.3.9 * python311-pytest-env-0.8.2-150400.9.3.9 * python311-Babel-2.12.1-150400.8.3.9 * python311-freezegun-1.2.2-150400.7.3.9 * python311-zope.testing-5.0.1-150400.7.3.9 * python311-Twisted-conch_nacl-22.10.0-150400.5.10.9 * python3-kubernetes-26.1.0-150400.16.2 * python311-httpcore-0.17.0-150400.9.3.9 * python311-asn1crypto-1.5.1-150400.12.3.9 * python311-httpx-0.24.0-150400.9.5.6 * python311-gunicorn-20.1.0-150400.12.3.9 * python311-pytest-httpbin-1.0.2-150400.12.3.6 * python311-jsonschema-4.17.3-150400.14.3.9 * python311-hyperlink-21.0.0-150400.12.3.9 * python311-xmlschema-2.3.0-150400.10.3.8 * python311-sniffio-1.3.0-150400.9.3.9 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * python3-cryptography-debugsource-3.3.2-150400.20.3 * python3-cryptography-debuginfo-3.3.2-150400.20.3 * python3-cryptography-3.3.2-150400.20.3 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * python3-cryptography-debugsource-3.3.2-150400.20.3 * python3-cryptography-debuginfo-3.3.2-150400.20.3 * python3-cryptography-3.3.2-150400.20.3 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * python3-cryptography-debugsource-3.3.2-150400.20.3 * python3-cryptography-debuginfo-3.3.2-150400.20.3 * python3-cryptography-3.3.2-150400.20.3 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * python3-cryptography-debugsource-3.3.2-150400.20.3 * python3-cryptography-debuginfo-3.3.2-150400.20.3 * python3-cryptography-3.3.2-150400.20.3 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * python3-cryptography-debugsource-3.3.2-150400.20.3 * python3-cryptography-debuginfo-3.3.2-150400.20.3 * python3-cryptography-3.3.2-150400.20.3 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python3-cryptography-debugsource-3.3.2-150400.20.3 * python3-cryptography-debuginfo-3.3.2-150400.20.3 * python3-cryptography-3.3.2-150400.20.3 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * python3-cryptography-debugsource-3.3.2-150400.20.3 * python3-cryptography-debuginfo-3.3.2-150400.20.3 * python3-cryptography-3.3.2-150400.20.3 * Containers Module 15-SP4 (noarch) * python3-kubernetes-26.1.0-150400.16.2 * Containers Module 15-SP5 (noarch) * python3-kubernetes-26.1.0-150400.16.2 * Python 3 Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python311-Brotli-debuginfo-1.1.0-150400.7.5.10 * python-aiohttp-debugsource-3.8.5-150400.10.5.9 * python311-coverage-7.2.5-150400.12.3.12 * python-websockets-debugsource-11.0.3-150400.10.3.11 * python311-simplejson-3.19.1-150400.6.3.10 * python311-wrapt-1.15.0-150400.12.3.11 * python311-regex-debuginfo-2023.5.5-150400.5.3.11 * python311-MarkupSafe-debuginfo-2.1.3-150400.11.3.12 * python311-gitdb-4.0.10-150400.9.3.9 * python-cryptography-debugsource-41.0.3-150400.16.9.12 * python-Pillow-debugsource-9.5.0-150400.5.3.11 * python311-aiohttp-debuginfo-3.8.5-150400.10.5.9 * python311-SQLAlchemy-2.0.19-150400.6.5.12 * python311-immutables-0.19-150400.10.3.11 * python311-zope.interface-debuginfo-6.0-150400.12.3.10 * python-PyNaCl-debugsource-1.5.0-150400.12.3.18 * python-psutil-debugsource-5.9.5-150400.6.5.10 * python311-cryptography-41.0.3-150400.16.9.12 * python311-frozenlist-1.3.3-150400.9.3.10 * python-pyrsistent-debugsource-0.19.3-150400.10.3.11 * python-Pillow-debuginfo-9.5.0-150400.5.3.11 * python311-libcst-debuginfo-0.4.9-150400.9.3.13 * python-MarkupSafe-debugsource-2.1.3-150400.11.3.12 * python-ruamel.yaml.clib-debugsource-0.2.7-150400.5.3.11 * python-numpy-debugsource-1.24.2-150400.23.12.8 * python-tornado6-debugsource-6.3.2-150400.9.3.12 * python-wrapt-debugsource-1.15.0-150400.12.3.11 * python-pycares-debugsource-4.3.0-150400.9.3.11 * python-Brotli-debugsource-1.1.0-150400.7.5.10 * python311-httptools-0.5.0-150400.9.5.8 * python311-websockets-debuginfo-11.0.3-150400.10.3.11 * python311-lxml-debuginfo-4.9.3-150400.8.5.8 * python-multidict-debugsource-6.0.4-150400.7.3.10 * python311-multidict-debuginfo-6.0.4-150400.7.3.10 * python311-ruamel.yaml.clib-debuginfo-0.2.7-150400.5.3.11 * python311-websockets-11.0.3-150400.10.3.11 * python311-Pillow-9.5.0-150400.5.3.11 * python311-tornado6-debuginfo-6.3.2-150400.9.3.12 * python311-fasttext-debuginfo-0.9.2-150400.9.3.12 * python311-yarl-1.9.2-150400.8.3.12 * python-Cython-debugsource-3.0.2-150400.108.5.12 * python-simplejson-debugsource-3.19.1-150400.6.3.10 * python-frozenlist-debugsource-1.3.3-150400.9.3.10 * python311-tornado6-6.3.2-150400.9.3.12 * python311-MarkupSafe-2.1.3-150400.11.3.12 * python311-Pillow-debuginfo-9.5.0-150400.5.3.11 * python311-multidict-6.0.4-150400.7.3.10 * python311-wrapt-debuginfo-1.15.0-150400.12.3.11 * python-coverage-debugsource-7.2.5-150400.12.3.12 * python311-PyNaCl-1.5.0-150400.12.3.18 * python311-PyYAML-6.0.1-150400.5.5.7 * python311-gevent-debuginfo-23.9.0-150400.13.6.1 * python311-gevent-23.9.0-150400.13.6.1 * python-httptools-debugsource-0.5.0-150400.9.5.8 * python311-pyrsistent-0.19.3-150400.10.3.11 * python-SQLAlchemy-debugsource-2.0.19-150400.6.5.12 * python311-greenlet-2.0.2-150400.12.3.13 * python311-pycurl-debuginfo-7.45.2-150400.13.3.12 * python311-pycares-debuginfo-4.3.0-150400.9.3.11 * python311-frozenlist-debuginfo-1.3.3-150400.9.3.10 * python311-Jinja2-3.1.2-150400.12.3.9 * python311-aiohttp-3.8.5-150400.10.5.9 * python311-cffi-1.15.1-150400.8.3.12 * python311-coverage-debuginfo-7.2.5-150400.12.3.12 * python311-immutables-debuginfo-0.19-150400.10.3.11 * python-zope.interface-debugsource-6.0-150400.12.3.10 * python311-bcrypt-debuginfo-4.0.1-150400.5.3.14 * python311-Genshi-debuginfo-0.7.7-150400.11.3.10 * python311-Pillow-tk-debuginfo-9.5.0-150400.5.3.11 * python311-PyYAML-debuginfo-6.0.1-150400.5.5.7 * python-greenlet-debugsource-2.0.2-150400.12.3.13 * python311-pyrsistent-debuginfo-0.19.3-150400.10.3.11 * python-cffi-debugsource-1.15.1-150400.8.3.12 * python311-numpy-debuginfo-1.24.2-150400.23.12.8 * python311-Brotli-1.1.0-150400.7.5.10 * python-yarl-debugsource-1.9.2-150400.8.3.12 * python-lxml-debugsource-4.9.3-150400.8.5.8 * python311-libcst-0.4.9-150400.9.3.13 * python311-cffi-debuginfo-1.15.1-150400.8.3.12 * python311-PyNaCl-debuginfo-1.5.0-150400.12.3.18 * python311-psutil-debuginfo-5.9.5-150400.6.5.10 * python-pycurl-debugsource-7.45.2-150400.13.3.12 * python-fasttext-debugsource-0.9.2-150400.9.3.12 * python311-yarl-debuginfo-1.9.2-150400.8.3.12 * python-gevent-debugsource-23.9.0-150400.13.6.1 * python-regex-debugsource-2023.5.5-150400.5.3.11 * python311-cryptography-debuginfo-41.0.3-150400.16.9.12 * python-pycurl-test-debugsource-7.45.2-150400.13.3.9 * python311-pycurl-7.45.2-150400.13.3.12 * python311-greenlet-debuginfo-2.0.2-150400.12.3.13 * python311-lxml-4.9.3-150400.8.5.8 * python-immutables-debugsource-0.19-150400.10.3.11 * python311-simplejson-debuginfo-3.19.1-150400.6.3.10 * python311-pycares-4.3.0-150400.9.3.11 * python-PyYAML-debugsource-6.0.1-150400.5.5.7 * python311-zope.interface-6.0-150400.12.3.10 * python311-bcrypt-4.0.1-150400.5.3.14 * python-Genshi-debugsource-0.7.7-150400.11.3.10 * python311-Pillow-tk-9.5.0-150400.5.3.11 * python311-psutil-5.9.5-150400.6.5.10 * python311-httptools-debuginfo-0.5.0-150400.9.5.8 * python311-regex-2023.5.5-150400.5.3.11 * python311-SQLAlchemy-debuginfo-2.0.19-150400.6.5.12 * python311-Cython-debuginfo-3.0.2-150400.108.5.12 * python311-numpy-1.24.2-150400.23.12.8 * python311-Cython-3.0.2-150400.108.5.12 * Python 3 Module 15-SP4 (aarch64 ppc64le x86_64) * python311-numpy_1_24_2-gnu-hpc-debuginfo-1.24.2-150400.23.12.7 * python311-numpy_1_24_2-gnu-hpc-1.24.2-150400.23.12.7 * python-numpy_1_24_2-gnu-hpc-debugsource-1.24.2-150400.23.12.7 * python311-numpy-gnu-hpc-1.24.2-150400.23.12.7 * Python 3 Module 15-SP4 (noarch) * python311-rfc3986-validator-0.1.1-150400.9.3.9 * python311-sortedcontainers-2.4.0-150400.8.3.9 * python311-Twisted-http2-22.10.0-150400.5.10.9 * python311-dpcontracts-0.6.0-150400.9.3.9 * python311-uc-micro-py-1.0.1-150400.9.3.9 * python311-importlib-metadata-6.8.0-150400.10.5.9 * python311-mdurl-0.1.2-150400.9.3.6 * python311-defusedxml-0.7.1-150400.7.3.8 * python311-pyproject-hooks-1.0.0-150400.9.3.9 * python311-more-itertools-9.1.0-150400.3.3.9 * python311-pip-22.3.1-150400.17.9.9 * python311-fqdn-1.5.1-150400.9.5.9 * python311-jaraco.classes-3.2.3-150400.9.3.9 * python311-pytest-asyncio-0.21.1-150400.10.3.9 * python311-jaraco.packaging-9.2.0-150400.9.3.7 * python311-sphinx-version-warning-1.1.2-150400.9.3.9 * python311-trustme-1.0.0-150400.5.3.8 * python311-sh-2.0.4-150400.9.3.9 * python311-pytest-xprocess-0.22.2-150400.9.3.9 * python311-responses-0.23.1-150400.6.3.6 * python311-py-1.11.0-150400.12.3.9 * python311-priority-2.0.0-150400.9.3.9 * python311-six-1.16.0-150400.18.3.9 * python311-flit-core-3.8.0-150400.9.3.9 * python311-rfc3987-1.3.8-150400.10.3.9 * python311-validate_email-1.3-150400.9.3.9 * python311-calver-2022.6.26-150400.9.3.9 * python311-imagesize-1.4.1-150400.12.3.9 * python311-Twisted-tls-22.10.0-150400.5.10.9 * python311-anyio-3.6.2-150400.9.3.6 * python311-beautifulsoup4-4.12.2-150400.7.3.9 * python311-html5lib-1.1-150400.11.3.8 * python311-elasticsearch-7.6.0-150400.11.3.6 * python311-watchdog-3.0.0-150400.9.3.9 * python311-graphviz-0.20.1-150400.4.3.9 * python311-dnspython-2.3.0-150400.12.3.9 * python311-async_timeout-4.0.2-150400.10.3.9 * python311-parameterized-0.9.0-150400.10.5.9 * python311-service_identity-23.1.0-150400.8.3.8 * python311-Twisted-contextvars-22.10.0-150400.5.10.9 * python311-CairoSVG-2.7.1-150400.9.3.8 * python311-constantly-15.1.0-150400.12.3.9 * python311-pyjsparser-2.7.1-150400.9.3.9 * python311-poetry-core-1.6.1-150400.9.3.9 * python311-jsonpointer-2.3-150400.11.3.9 * python311-fastjsonschema-2.16.3-150400.9.3.9 * python311-proxy.py-2.4.3-150400.9.3.9 * python311-pytest-datadir-1.4.1-150400.9.3.9 * python311-typing-inspect-0.8.0-150400.9.3.9 * python311-appdirs-1.4.4-150400.11.3.9 * python311-Twisted-22.10.0-150400.5.10.9 * python311-cssselect2-0.7.0-150400.9.3.9 * python311-hatchling-1.17.0-150400.9.3.9 * python311-Twisted-conch-22.10.0-150400.5.10.9 * python311-itsdangerous-2.1.2-150400.7.3.9 * python311-cairocffi-pixbuf-1.5.1-150400.7.3.8 * python311-flit-scm-1.7.0-150400.9.3.9 * python311-jsonschema-format-4.17.3-150400.14.3.9 * python311-requests-2.31.0-150400.6.5.7 * python311-sphinxcontrib-websupport-1.2.4-150400.13.3.9 * python311-blinker-1.6.2-150400.12.3.8 * python311-markdown-it-py-2.2.0-150400.9.3.6 * python311-pytest-xdist-3.3.1-150400.3.3.9 * python311-re-assert-1.1.0-150400.9.3.9 * python311-Pygments-2.15.1-150400.7.3.9 * python311-sphinxcontrib-jquery-4.1-150400.9.3.9 * python311-tzlocal-4.3-150400.5.3.9 * python311-jaraco.context-4.3.0-150400.9.3.9 * python311-fields-5.0.0-150400.10.3.9 * python311-pytest-timeout-2.1.0-150400.7.3.9 * python311-h11-0.14.0-150400.9.3.9 * python311-py-cpuinfo-9.0.0-150400.9.3.9 * python311-python-dateutil-2.8.2-150400.5.3.9 * python311-pexpect-4.8.0-150400.15.5.9 * python311-sphinx-issues-3.0.1-150400.9.3.8 * python311-hypothesis-6.75.3-150400.3.3.9 * python311-validators-0.20.0-150400.9.3.9 * python311-lark-1.1.5-150400.9.3.9 * python311-pytest-benchmark-4.0.0-150400.9.3.6 * python311-setuptools-67.7.2-150400.3.9.9 * python311-PySocks-1.7.1-150400.11.3.9 * python311-hyperframe-6.0.1-150400.8.3.9 * python311-pluggy-1.0.0-150400.14.3.9 * python311-inflect-6.0.4-150400.9.3.6 * python311-Sphinx-7.0.1-150400.3.3.9 * python311-pyasn1-0.5.0-150400.12.3.9 * python311-smmap-5.0.0-150400.9.3.9 * python311-idna-3.4-150400.11.3.9 * python311-backports.entry_points_selectable-1.2.0-150400.9.3.9 * python311-iniconfig-2.0.0-150400.10.3.9 * python311-sphinxcontrib-applehelp-1.0.4-150400.3.3.9 * python311-trove-classifiers-2023.5.2-150400.9.3.9 * python311-urllib3-2.0.6-150400.7.7.1 * python311-flasgger-0.9.7.1-150400.9.3.9 * python311-virtualenv-20.22.0-150400.9.3.9 * python311-uri-template-1.2.0-150400.9.3.9 * python311-ddt-1.6.0-150400.11.3.7 * python311-decorator-5.1.1-150400.12.3.9 * python311-mock-3.0.5-150400.17.3.9 * python311-requests-toolbelt-1.0.0-150400.7.3.8 * python311-pathspec-0.11.1-150400.9.3.9 * python311-autocommand-2.2.2-150400.9.3.9 * python311-elementpath-4.1.5-150400.10.3.8 * python311-exceptiongroup-1.1.2-150400.9.3.9 * python311-pytest-httpserver-1.0.8-150400.9.3.8 * python311-platformdirs-3.5.1-150400.9.5.9 * python311-alabaster-0.7.13-150400.12.3.9 * python311-soupsieve-2.4.1-150400.7.3.9 * python311-u-msgpack-python-2.7.2-150400.12.3.9 * python311-PyMeeus-0.5.12-150400.5.3.9 * python311-hpack-4.0.0-150400.8.3.9 * python311-roman-3.3-150400.9.3.9 * python311-pycparser-2.21-150400.12.3.9 * python311-certifi-2023.7.22-150400.12.3.19 * python311-pathtools-0.1.2-150400.9.3.9 * python311-pyasn1-modules-0.3.0-150400.12.3.9 * python311-elastic-transport-8.4.0-150400.9.3.6 * python311-aiohttp_cors-0.7.0-150400.9.3.6 * python311-async_generator-1.10-150400.10.3.9 * python311-Whoosh-2.7.4-150400.10.3.9 * python311-pytest-regressions-2.4.2-150400.9.3.7 * python311-build-0.10.0-150400.9.3.9 * python311-tinycss2-1.2.1-150400.9.3.9 * python311-pyOpenSSL-23.2.0-150400.3.6.9 * python311-pytest-trio-0.8.0-150400.9.3.8 * python311-path-16.6.0-150400.9.3.9 * python311-attrs-23.1.0-150400.8.3.9 * python311-tomli-w-1.0.0-150400.9.3.9 * python311-wheel-0.40.0-150400.13.3.9 * python311-distlib-0.3.7-150400.9.3.9 * python311-Twisted-all_non_platform-22.10.0-150400.5.10.9 * python311-cairocffi-1.5.1-150400.7.3.8 * python311-strict-rfc3339-0.7-150400.10.3.9 * python311-rich-13.3.5-150400.9.3.6 * python311-typing_extensions-4.5.0-150400.3.5.9 * python311-click-8.1.3-150400.7.3.9 * python311-incremental-22.10.0-150400.3.3.9 * python311-parso-0.8.3-150400.11.3.9 * python311-olefile-0.46-150400.11.3.9 * python311-sphinxcontrib-htmlhelp-2.0.1-150400.3.3.9 * python311-cryptography-vectors-41.0.3-150400.7.6.7 * python311-Pallets-Sphinx-Themes-2.1.0-150400.9.3.8 * python311-sphinxcontrib-devhelp-1.0.2-150400.3.3.9 * python311-charset-normalizer-3.1.0-150400.9.3.9 * python311-sphinxcontrib-jsmath-1.0.1-150400.3.3.9 * python311-pytest-freezegun-0.4.2-150400.9.3.9 * python311-text-unidecode-1.3-150400.3.3.9 * python311-toml-0.10.2-150400.5.3.9 * python311-tomli-2.0.1-150400.9.3.9 * python311-zope.event-4.6-150400.11.5.9 * python311-Faker-18.11.1-150400.9.3.9 * python311-Flask-2.3.2-150400.3.6.6 * python311-pyserial-3.5-150400.12.3.9 * python311-GitPython-3.1.34.1693646983.2a2ae77-150400.9.3.7 * python311-aiosignal-1.3.1-150400.9.3.9 * python311-mistune-2.0.5-150400.11.5.9 * python311-pytest-7.3.1-150400.3.3.9 * python311-Deprecated-1.2.14-150400.10.3.9 * python311-filelock-3.12.2-150400.10.3.9 * python311-PyHamcrest-2.0.3-150400.8.3.9 * python311-pybind11-2.10.4-150400.9.3.9 * python311-wsproto-1.2.0-150400.9.3.9 * python311-python-dotenv-1.0.0-150400.9.3.9 * python311-convertdate-2.4.0-150400.5.3.9 * python311-setuptools-rust-1.6.0-150400.9.3.9 * python311-jaraco.functools-3.6.0-150400.9.3.6 * python311-zipp-3.15.0-150400.10.3.9 * python311-rfc3339-validator-0.1.4-150400.9.3.9 * python311-outcome-1.2.0-150400.9.3.9 * python311-contextvars-2.4-150400.10.3.9 * python311-pytest-subtests-0.11.0-150400.9.3.9 * python311-webcolors-1.13-150400.10.3.9 * python311-email-validator-2.0.0-150400.9.3.6 * python311-mypy_extensions-1.0.0-150400.9.3.9 * python311-pytest-rerunfailures-12.0-150400.10.3.9 * python311-editables-0.3-150400.9.3.9 * python311-installer-0.7.0-150400.9.3.9 * python311-ptyprocess-0.7.0-150400.11.3.9 * python311-cssselect-1.2.0-150400.12.3.9 * python311-Twisted-serial-22.10.0-150400.5.10.9 * python311-xcffib-1.3.0-150400.7.3.9 * python311-jsonschema-format-nongpl-4.17.3-150400.14.3.9 * python311-snowballstemmer-2.2.0-150400.12.3.9 * python311-apipkg-3.0.1-150400.12.3.9 * python311-pytest-cov-4.1.0-150400.12.3.9 * python311-pytz-deprecation-shim-0.1.0.post0-150400.9.3.9 * python311-arrow-1.2.3-150400.5.3.9 * python311-httpbin-0.7.0+git20181107.f8ec666-150400.11.3.6 * python311-setuptools_scm-7.1.0-150400.5.3.9 * python311-pyparsing-3.0.9-150400.5.3.18 * python311-isoduration-20.11.0-150400.9.3.6 * python311-testpath-0.6.0-150400.5.3.9 * python311-pydantic-1.10.8-150400.9.3.6 * python311-chardet-5.1.0-150400.13.3.9 * python311-sphinxcontrib-qthelp-1.0.3-150400.3.3.9 * python311-sphinx_rtd_theme-1.2.0-150400.12.3.9 * python311-pytest-expect-1.1.0-150400.12.3.9 * python311-semantic_version-2.10.0-150400.9.3.9 * python311-flit-3.8.0-150400.9.3.6 * python311-sphinxcontrib-serializinghtml-1.1.5-150400.3.3.9 * python311-pytz-2023.3-150400.6.3.9 * python311-trio-0.22.0-150400.9.5.8 * python311-h2-4.1.0-150400.8.3.9 * python311-packaging-23.1-150400.8.3.9 * python311-webencodings-0.5.1-150400.12.3.9 * python311-execnet-1.9.0-150400.12.3.9 * python311-Werkzeug-2.3.6-150400.6.3.9 * python311-docutils-0.19-150400.11.3.9 * python311-pytest-mock-3.11.1-150400.13.3.9 * python311-isodate-0.6.1-150400.12.3.9 * python311-Automat-22.10.0-150400.3.3.9 * python311-pytest-env-0.8.2-150400.9.3.9 * python311-Babel-2.12.1-150400.8.3.9 * python311-freezegun-1.2.2-150400.7.3.9 * python311-zope.testing-5.0.1-150400.7.3.9 * python311-Twisted-conch_nacl-22.10.0-150400.5.10.9 * python311-httpcore-0.17.0-150400.9.3.9 * python311-asn1crypto-1.5.1-150400.12.3.9 * python311-httpx-0.24.0-150400.9.5.6 * python311-gunicorn-20.1.0-150400.12.3.9 * python311-pytest-httpbin-1.0.2-150400.12.3.6 * python311-jsonschema-4.17.3-150400.14.3.9 * python311-hyperlink-21.0.0-150400.12.3.9 * python311-xmlschema-2.3.0-150400.10.3.8 * python311-sniffio-1.3.0-150400.9.3.9 * Python 3 Module 15-SP5 (aarch64 ppc64le s390x x86_64) * python311-Brotli-debuginfo-1.1.0-150400.7.5.10 * python-aiohttp-debugsource-3.8.5-150400.10.5.9 * python311-coverage-7.2.5-150400.12.3.12 * python-websockets-debugsource-11.0.3-150400.10.3.11 * python311-simplejson-3.19.1-150400.6.3.10 * python311-wrapt-1.15.0-150400.12.3.11 * python311-regex-debuginfo-2023.5.5-150400.5.3.11 * python311-MarkupSafe-debuginfo-2.1.3-150400.11.3.12 * python311-gitdb-4.0.10-150400.9.3.9 * python-cryptography-debugsource-41.0.3-150400.16.9.12 * python-Pillow-debugsource-9.5.0-150400.5.3.11 * python311-aiohttp-debuginfo-3.8.5-150400.10.5.9 * python311-SQLAlchemy-2.0.19-150400.6.5.12 * python311-immutables-0.19-150400.10.3.11 * python311-zope.interface-debuginfo-6.0-150400.12.3.10 * python-PyNaCl-debugsource-1.5.0-150400.12.3.18 * python-psutil-debugsource-5.9.5-150400.6.5.10 * python311-cryptography-41.0.3-150400.16.9.12 * python311-frozenlist-1.3.3-150400.9.3.10 * python-pyrsistent-debugsource-0.19.3-150400.10.3.11 * python-Pillow-debuginfo-9.5.0-150400.5.3.11 * python311-libcst-debuginfo-0.4.9-150400.9.3.13 * python-MarkupSafe-debugsource-2.1.3-150400.11.3.12 * python-ruamel.yaml.clib-debugsource-0.2.7-150400.5.3.11 * python-numpy-debugsource-1.24.2-150400.23.12.8 * python-tornado6-debugsource-6.3.2-150400.9.3.12 * python-wrapt-debugsource-1.15.0-150400.12.3.11 * python-pycares-debugsource-4.3.0-150400.9.3.11 * python-Brotli-debugsource-1.1.0-150400.7.5.10 * python311-httptools-0.5.0-150400.9.5.8 * python311-websockets-debuginfo-11.0.3-150400.10.3.11 * python311-lxml-debuginfo-4.9.3-150400.8.5.8 * python-multidict-debugsource-6.0.4-150400.7.3.10 * python311-multidict-debuginfo-6.0.4-150400.7.3.10 * python311-ruamel.yaml.clib-debuginfo-0.2.7-150400.5.3.11 * python311-websockets-11.0.3-150400.10.3.11 * python311-Pillow-9.5.0-150400.5.3.11 * python311-tornado6-debuginfo-6.3.2-150400.9.3.12 * python311-fasttext-debuginfo-0.9.2-150400.9.3.12 * python311-yarl-1.9.2-150400.8.3.12 * python-Cython-debugsource-3.0.2-150400.108.5.12 * python-simplejson-debugsource-3.19.1-150400.6.3.10 * python-frozenlist-debugsource-1.3.3-150400.9.3.10 * python311-tornado6-6.3.2-150400.9.3.12 * python311-MarkupSafe-2.1.3-150400.11.3.12 * python311-Pillow-debuginfo-9.5.0-150400.5.3.11 * python311-multidict-6.0.4-150400.7.3.10 * python311-wrapt-debuginfo-1.15.0-150400.12.3.11 * python-coverage-debugsource-7.2.5-150400.12.3.12 * python311-PyNaCl-1.5.0-150400.12.3.18 * python311-PyYAML-6.0.1-150400.5.5.7 * python311-gevent-debuginfo-23.9.0-150400.13.6.1 * python311-gevent-23.9.0-150400.13.6.1 * python-httptools-debugsource-0.5.0-150400.9.5.8 * python311-pyrsistent-0.19.3-150400.10.3.11 * python-SQLAlchemy-debugsource-2.0.19-150400.6.5.12 * python311-greenlet-2.0.2-150400.12.3.13 * python311-pycurl-debuginfo-7.45.2-150400.13.3.12 * python311-pycares-debuginfo-4.3.0-150400.9.3.11 * python311-frozenlist-debuginfo-1.3.3-150400.9.3.10 * python311-Jinja2-3.1.2-150400.12.3.9 * python311-aiohttp-3.8.5-150400.10.5.9 * python311-cffi-1.15.1-150400.8.3.12 * python311-coverage-debuginfo-7.2.5-150400.12.3.12 * python311-immutables-debuginfo-0.19-150400.10.3.11 * python-zope.interface-debugsource-6.0-150400.12.3.10 * python311-bcrypt-debuginfo-4.0.1-150400.5.3.14 * python311-Genshi-debuginfo-0.7.7-150400.11.3.10 * python311-Pillow-tk-debuginfo-9.5.0-150400.5.3.11 * python311-PyYAML-debuginfo-6.0.1-150400.5.5.7 * python-greenlet-debugsource-2.0.2-150400.12.3.13 * python311-pyrsistent-debuginfo-0.19.3-150400.10.3.11 * python-cffi-debugsource-1.15.1-150400.8.3.12 * python311-numpy-debuginfo-1.24.2-150400.23.12.8 * python311-Brotli-1.1.0-150400.7.5.10 * python-yarl-debugsource-1.9.2-150400.8.3.12 * python-lxml-debugsource-4.9.3-150400.8.5.8 * python311-libcst-0.4.9-150400.9.3.13 * python311-cffi-debuginfo-1.15.1-150400.8.3.12 * python311-PyNaCl-debuginfo-1.5.0-150400.12.3.18 * python311-psutil-debuginfo-5.9.5-150400.6.5.10 * python-pycurl-debugsource-7.45.2-150400.13.3.12 * python-fasttext-debugsource-0.9.2-150400.9.3.12 * python311-yarl-debuginfo-1.9.2-150400.8.3.12 * python-gevent-debugsource-23.9.0-150400.13.6.1 * python-regex-debugsource-2023.5.5-150400.5.3.11 * python311-cryptography-debuginfo-41.0.3-150400.16.9.12 * python-pycurl-test-debugsource-7.45.2-150400.13.3.9 * python311-pycurl-7.45.2-150400.13.3.12 * python311-greenlet-debuginfo-2.0.2-150400.12.3.13 * python311-lxml-4.9.3-150400.8.5.8 * python-immutables-debugsource-0.19-150400.10.3.11 * python311-simplejson-debuginfo-3.19.1-150400.6.3.10 * python311-pycares-4.3.0-150400.9.3.11 * python-PyYAML-debugsource-6.0.1-150400.5.5.7 * python311-zope.interface-6.0-150400.12.3.10 * python311-bcrypt-4.0.1-150400.5.3.14 * python-Genshi-debugsource-0.7.7-150400.11.3.10 * python311-Pillow-tk-9.5.0-150400.5.3.11 * python311-psutil-5.9.5-150400.6.5.10 * python311-httptools-debuginfo-0.5.0-150400.9.5.8 * python311-regex-2023.5.5-150400.5.3.11 * python311-SQLAlchemy-debuginfo-2.0.19-150400.6.5.12 * python311-Cython-debuginfo-3.0.2-150400.108.5.12 * python311-numpy-1.24.2-150400.23.12.8 * python311-Cython-3.0.2-150400.108.5.12 * Python 3 Module 15-SP5 (aarch64 ppc64le x86_64) * python311-numpy_1_24_2-gnu-hpc-debuginfo-1.24.2-150400.23.12.7 * python311-numpy_1_24_2-gnu-hpc-1.24.2-150400.23.12.7 * python-numpy_1_24_2-gnu-hpc-debugsource-1.24.2-150400.23.12.7 * python311-numpy-gnu-hpc-1.24.2-150400.23.12.7 * Python 3 Module 15-SP5 (noarch) * python311-rfc3986-validator-0.1.1-150400.9.3.9 * python311-sortedcontainers-2.4.0-150400.8.3.9 * python311-Twisted-http2-22.10.0-150400.5.10.9 * python311-dpcontracts-0.6.0-150400.9.3.9 * python311-uc-micro-py-1.0.1-150400.9.3.9 * python311-importlib-metadata-6.8.0-150400.10.5.9 * python311-mdurl-0.1.2-150400.9.3.6 * python311-defusedxml-0.7.1-150400.7.3.8 * python311-pyproject-hooks-1.0.0-150400.9.3.9 * python311-more-itertools-9.1.0-150400.3.3.9 * python311-pip-22.3.1-150400.17.9.9 * python311-fqdn-1.5.1-150400.9.5.9 * python311-jaraco.classes-3.2.3-150400.9.3.9 * python311-pytest-asyncio-0.21.1-150400.10.3.9 * python311-jaraco.packaging-9.2.0-150400.9.3.7 * python311-sphinx-version-warning-1.1.2-150400.9.3.9 * python311-trustme-1.0.0-150400.5.3.8 * python311-sh-2.0.4-150400.9.3.9 * python311-pytest-xprocess-0.22.2-150400.9.3.9 * python311-responses-0.23.1-150400.6.3.6 * python311-py-1.11.0-150400.12.3.9 * python311-priority-2.0.0-150400.9.3.9 * python311-six-1.16.0-150400.18.3.9 * python311-flit-core-3.8.0-150400.9.3.9 * python311-rfc3987-1.3.8-150400.10.3.9 * python311-validate_email-1.3-150400.9.3.9 * python311-calver-2022.6.26-150400.9.3.9 * python311-imagesize-1.4.1-150400.12.3.9 * python311-Twisted-tls-22.10.0-150400.5.10.9 * python311-anyio-3.6.2-150400.9.3.6 * python311-beautifulsoup4-4.12.2-150400.7.3.9 * python311-html5lib-1.1-150400.11.3.8 * python311-elasticsearch-7.6.0-150400.11.3.6 * python311-watchdog-3.0.0-150400.9.3.9 * python311-graphviz-0.20.1-150400.4.3.9 * python311-dnspython-2.3.0-150400.12.3.9 * python311-async_timeout-4.0.2-150400.10.3.9 * python311-parameterized-0.9.0-150400.10.5.9 * python311-service_identity-23.1.0-150400.8.3.8 * python311-Twisted-contextvars-22.10.0-150400.5.10.9 * python311-CairoSVG-2.7.1-150400.9.3.8 * python311-constantly-15.1.0-150400.12.3.9 * python311-pyjsparser-2.7.1-150400.9.3.9 * python311-poetry-core-1.6.1-150400.9.3.9 * python311-jsonpointer-2.3-150400.11.3.9 * python311-fastjsonschema-2.16.3-150400.9.3.9 * python311-proxy.py-2.4.3-150400.9.3.9 * python311-pytest-datadir-1.4.1-150400.9.3.9 * python311-typing-inspect-0.8.0-150400.9.3.9 * python311-appdirs-1.4.4-150400.11.3.9 * python311-Twisted-22.10.0-150400.5.10.9 * python311-cssselect2-0.7.0-150400.9.3.9 * python311-hatchling-1.17.0-150400.9.3.9 * python311-Twisted-conch-22.10.0-150400.5.10.9 * python311-itsdangerous-2.1.2-150400.7.3.9 * python311-cairocffi-pixbuf-1.5.1-150400.7.3.8 * python311-flit-scm-1.7.0-150400.9.3.9 * python311-jsonschema-format-4.17.3-150400.14.3.9 * python311-requests-2.31.0-150400.6.5.7 * python311-sphinxcontrib-websupport-1.2.4-150400.13.3.9 * python311-blinker-1.6.2-150400.12.3.8 * python311-markdown-it-py-2.2.0-150400.9.3.6 * python311-pytest-xdist-3.3.1-150400.3.3.9 * python311-re-assert-1.1.0-150400.9.3.9 * python311-Pygments-2.15.1-150400.7.3.9 * python311-sphinxcontrib-jquery-4.1-150400.9.3.9 * python311-tzlocal-4.3-150400.5.3.9 * python311-jaraco.context-4.3.0-150400.9.3.9 * python311-fields-5.0.0-150400.10.3.9 * python311-pytest-timeout-2.1.0-150400.7.3.9 * python311-h11-0.14.0-150400.9.3.9 * python311-py-cpuinfo-9.0.0-150400.9.3.9 * python311-python-dateutil-2.8.2-150400.5.3.9 * python311-pexpect-4.8.0-150400.15.5.9 * python311-sphinx-issues-3.0.1-150400.9.3.8 * python311-hypothesis-6.75.3-150400.3.3.9 * python311-validators-0.20.0-150400.9.3.9 * python311-lark-1.1.5-150400.9.3.9 * python311-pytest-benchmark-4.0.0-150400.9.3.6 * python311-setuptools-67.7.2-150400.3.9.9 * python311-PySocks-1.7.1-150400.11.3.9 * python311-hyperframe-6.0.1-150400.8.3.9 * python311-pluggy-1.0.0-150400.14.3.9 * python311-inflect-6.0.4-150400.9.3.6 * python311-Sphinx-7.0.1-150400.3.3.9 * python311-pyasn1-0.5.0-150400.12.3.9 * python311-smmap-5.0.0-150400.9.3.9 * python311-idna-3.4-150400.11.3.9 * python311-backports.entry_points_selectable-1.2.0-150400.9.3.9 * python311-iniconfig-2.0.0-150400.10.3.9 * python311-sphinxcontrib-applehelp-1.0.4-150400.3.3.9 * python311-trove-classifiers-2023.5.2-150400.9.3.9 * python311-urllib3-2.0.6-150400.7.7.1 * python311-flasgger-0.9.7.1-150400.9.3.9 * python311-virtualenv-20.22.0-150400.9.3.9 * python311-uri-template-1.2.0-150400.9.3.9 * python311-ddt-1.6.0-150400.11.3.7 * python311-decorator-5.1.1-150400.12.3.9 * python311-mock-3.0.5-150400.17.3.9 * python311-requests-toolbelt-1.0.0-150400.7.3.8 * python311-pathspec-0.11.1-150400.9.3.9 * python311-autocommand-2.2.2-150400.9.3.9 * python311-elementpath-4.1.5-150400.10.3.8 * python311-exceptiongroup-1.1.2-150400.9.3.9 * python311-pytest-httpserver-1.0.8-150400.9.3.8 * python311-platformdirs-3.5.1-150400.9.5.9 * python311-alabaster-0.7.13-150400.12.3.9 * python311-soupsieve-2.4.1-150400.7.3.9 * python311-u-msgpack-python-2.7.2-150400.12.3.9 * python311-PyMeeus-0.5.12-150400.5.3.9 * python311-hpack-4.0.0-150400.8.3.9 * python311-roman-3.3-150400.9.3.9 * python311-pycparser-2.21-150400.12.3.9 * python311-certifi-2023.7.22-150400.12.3.19 * python311-pathtools-0.1.2-150400.9.3.9 * python311-pyasn1-modules-0.3.0-150400.12.3.9 * python311-elastic-transport-8.4.0-150400.9.3.6 * python311-aiohttp_cors-0.7.0-150400.9.3.6 * python311-async_generator-1.10-150400.10.3.9 * python311-Whoosh-2.7.4-150400.10.3.9 * python311-pytest-regressions-2.4.2-150400.9.3.7 * python311-build-0.10.0-150400.9.3.9 * python311-tinycss2-1.2.1-150400.9.3.9 * python311-pyOpenSSL-23.2.0-150400.3.6.9 * python311-pytest-trio-0.8.0-150400.9.3.8 * python311-path-16.6.0-150400.9.3.9 * python311-attrs-23.1.0-150400.8.3.9 * python311-tomli-w-1.0.0-150400.9.3.9 * python311-wheel-0.40.0-150400.13.3.9 * python311-distlib-0.3.7-150400.9.3.9 * python311-Twisted-all_non_platform-22.10.0-150400.5.10.9 * python311-cairocffi-1.5.1-150400.7.3.8 * python311-strict-rfc3339-0.7-150400.10.3.9 * python311-rich-13.3.5-150400.9.3.6 * python311-typing_extensions-4.5.0-150400.3.5.9 * python311-click-8.1.3-150400.7.3.9 * python311-incremental-22.10.0-150400.3.3.9 * python311-parso-0.8.3-150400.11.3.9 * python311-olefile-0.46-150400.11.3.9 * python311-sphinxcontrib-htmlhelp-2.0.1-150400.3.3.9 * python311-cryptography-vectors-41.0.3-150400.7.6.7 * python311-Pallets-Sphinx-Themes-2.1.0-150400.9.3.8 * python311-sphinxcontrib-devhelp-1.0.2-150400.3.3.9 * python311-charset-normalizer-3.1.0-150400.9.3.9 * python311-sphinxcontrib-jsmath-1.0.1-150400.3.3.9 * python311-pytest-freezegun-0.4.2-150400.9.3.9 * python311-text-unidecode-1.3-150400.3.3.9 * python311-toml-0.10.2-150400.5.3.9 * python311-tomli-2.0.1-150400.9.3.9 * python311-zope.event-4.6-150400.11.5.9 * python311-Faker-18.11.1-150400.9.3.9 * python311-Flask-2.3.2-150400.3.6.6 * python311-pyserial-3.5-150400.12.3.9 * python311-GitPython-3.1.34.1693646983.2a2ae77-150400.9.3.7 * python311-aiosignal-1.3.1-150400.9.3.9 * python311-mistune-2.0.5-150400.11.5.9 * python311-pytest-7.3.1-150400.3.3.9 * python311-Deprecated-1.2.14-150400.10.3.9 * python311-filelock-3.12.2-150400.10.3.9 * python311-PyHamcrest-2.0.3-150400.8.3.9 * python311-pybind11-2.10.4-150400.9.3.9 * python311-wsproto-1.2.0-150400.9.3.9 * python311-python-dotenv-1.0.0-150400.9.3.9 * python311-convertdate-2.4.0-150400.5.3.9 * python311-setuptools-rust-1.6.0-150400.9.3.9 * python311-jaraco.functools-3.6.0-150400.9.3.6 * python311-zipp-3.15.0-150400.10.3.9 * python311-rfc3339-validator-0.1.4-150400.9.3.9 * python311-outcome-1.2.0-150400.9.3.9 * python311-contextvars-2.4-150400.10.3.9 * python311-pytest-subtests-0.11.0-150400.9.3.9 * python311-webcolors-1.13-150400.10.3.9 * python311-email-validator-2.0.0-150400.9.3.6 * python311-mypy_extensions-1.0.0-150400.9.3.9 * python311-pytest-rerunfailures-12.0-150400.10.3.9 * python311-editables-0.3-150400.9.3.9 * python311-installer-0.7.0-150400.9.3.9 * python311-ptyprocess-0.7.0-150400.11.3.9 * python311-cssselect-1.2.0-150400.12.3.9 * python311-Twisted-serial-22.10.0-150400.5.10.9 * python311-xcffib-1.3.0-150400.7.3.9 * python311-jsonschema-format-nongpl-4.17.3-150400.14.3.9 * python311-snowballstemmer-2.2.0-150400.12.3.9 * python311-apipkg-3.0.1-150400.12.3.9 * python311-pytest-cov-4.1.0-150400.12.3.9 * python311-pytz-deprecation-shim-0.1.0.post0-150400.9.3.9 * python311-arrow-1.2.3-150400.5.3.9 * python311-httpbin-0.7.0+git20181107.f8ec666-150400.11.3.6 * python311-setuptools_scm-7.1.0-150400.5.3.9 * python311-pyparsing-3.0.9-150400.5.3.18 * python311-isoduration-20.11.0-150400.9.3.6 * python311-testpath-0.6.0-150400.5.3.9 * python311-pydantic-1.10.8-150400.9.3.6 * python311-chardet-5.1.0-150400.13.3.9 * python311-sphinxcontrib-qthelp-1.0.3-150400.3.3.9 * python311-sphinx_rtd_theme-1.2.0-150400.12.3.9 * python311-pytest-expect-1.1.0-150400.12.3.9 * python311-semantic_version-2.10.0-150400.9.3.9 * python311-flit-3.8.0-150400.9.3.6 * python311-sphinxcontrib-serializinghtml-1.1.5-150400.3.3.9 * python311-pytz-2023.3-150400.6.3.9 * python311-trio-0.22.0-150400.9.5.8 * python311-h2-4.1.0-150400.8.3.9 * python311-packaging-23.1-150400.8.3.9 * python311-webencodings-0.5.1-150400.12.3.9 * python311-execnet-1.9.0-150400.12.3.9 * python311-Werkzeug-2.3.6-150400.6.3.9 * python311-docutils-0.19-150400.11.3.9 * python311-pytest-mock-3.11.1-150400.13.3.9 * python311-isodate-0.6.1-150400.12.3.9 * python311-Automat-22.10.0-150400.3.3.9 * python311-pytest-env-0.8.2-150400.9.3.9 * python311-Babel-2.12.1-150400.8.3.9 * python311-freezegun-1.2.2-150400.7.3.9 * python311-zope.testing-5.0.1-150400.7.3.9 * python311-Twisted-conch_nacl-22.10.0-150400.5.10.9 * python311-httpcore-0.17.0-150400.9.3.9 * python311-asn1crypto-1.5.1-150400.12.3.9 * python311-httpx-0.24.0-150400.9.5.6 * python311-gunicorn-20.1.0-150400.12.3.9 * python311-pytest-httpbin-1.0.2-150400.12.3.6 * python311-jsonschema-4.17.3-150400.14.3.9 * python311-hyperlink-21.0.0-150400.12.3.9 * python311-xmlschema-2.3.0-150400.10.3.8 * python311-sniffio-1.3.0-150400.9.3.9 ## References: * https://jira.suse.com/browse/PED-68 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 26 08:40:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Oct 2023 08:40:27 -0000 Subject: SUSE-RU-2023:4193-1: moderate: Recommended update for lifecycle-data-sle-module-development-tools Message-ID: <169830962774.4322.9990378562205553676@smelt2.prg2.suse.org> # Recommended update for lifecycle-data-sle-module-development-tools Announcement ID: SUSE-RU-2023:4193-1 Rating: moderate References: Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: This update for lifecycle-data-sle-module-development-tools fixes the following issues: * added EOL dates for previous go1.xx compiler packages (go1.15 to go1.19) * added EOL dates for previous rust compiler versions (1.43 up to 1.70) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4193=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4193=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4193=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4193=1 ## Package List: * openSUSE Leap 15.4 (noarch) * lifecycle-data-sle-module-development-tools-1-150200.3.21.1 * openSUSE Leap 15.5 (noarch) * lifecycle-data-sle-module-development-tools-1-150200.3.21.1 * Development Tools Module 15-SP4 (noarch) * lifecycle-data-sle-module-development-tools-1-150200.3.21.1 * Development Tools Module 15-SP5 (noarch) * lifecycle-data-sle-module-development-tools-1-150200.3.21.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 26 08:40:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Oct 2023 08:40:29 -0000 Subject: SUSE-RU-2023:4192-1: moderate: Recommended update for libssh2_org Message-ID: <169830962960.4322.2569248003062750564@smelt2.prg2.suse.org> # Recommended update for libssh2_org Announcement ID: SUSE-RU-2023:4192-1 Rating: moderate References: * jsc#PED-7040 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for libssh2_org fixes the following issues: * Upgrade to version 1.11.0 in SLE-15: [jsc#PED-7040] Update to 1.11.0: * Enhancements and bugfixes * Adds support for encrypt-then-mac (ETM) MACs * Adds support for AES-GCM crypto protocols * Adds support for sk-ecdsa-sha2-nistp256 and sk-ssh-ed25519 keys * Adds support for RSA certificate authentication * Adds FIDO support with *_sk() functions * Adds RSA-SHA2 key upgrading to OpenSSL, WinCNG, mbedTLS, OS400 backends * Adds Agent Forwarding and libssh2_agent_sign() * Adds support for Channel Signal message libssh2_channel_signal_ex() * Adds support to get the user auth banner message libssh2_userauth_banner() * Adds LIBSSH2_NO_{MD5, HMAC_RIPEMD, DSA, RSA, RSA_SHA1, ECDSA, ED25519, AES_CBC, AES_CTR, BLOWFISH, RC4, CAST, 3DES} options * Adds direct stream UNIX sockets with libssh2_channel_direct_streamlocal_ex() * Adds wolfSSL support to CMake file * Adds mbedTLS 3.x support * Adds LibreSSL 3.5 support * Adds support for CMake "unity" builds * Adds CMake support for building shared and static libs in a single pass * Adds symbol hiding support to CMake * Adds support for libssh2.rc for all build tools * Adds .zip, .tar.xz and .tar.bz2 release tarballs * Enables ed25519 key support for LibreSSL 3.7.0 or higher * Improves OpenSSL 1.1 and 3 compatibility * Now requires OpenSSL 1.0.2 or newer * Now requires CMake 3.1 or newer * SFTP: Adds libssh2_sftp_open_ex_r() and libssh2_sftp_open_r() extended APIs * SFTP: No longer has a packet limit when reading a directory * SFTP: now parses attribute extensions if they exist * SFTP: no longer will busy loop if SFTP fails to initialize * SFTP: now clear various errors as expected * SFTP: no longer skips files if the line buffer is too small * SCP: add option to not quote paths * SCP: Enables 64-bit offset support unconditionally * Now skips leading \r and \n characters in banner_receive() * Enables secure memory zeroing with all build tools on all platforms * No longer logs SSH_MSG_REQUEST_FAILURE packets from keepalive * Speed up base64 encoding by 7x * Assert if there is an attempt to write a value that is too large * WinCNG: fix memory leak in _libssh2_dh_secret() * Added protection against possible null pointer dereferences * Agent now handles overly large comment lengths * Now ensure KEX replies don't include extra bytes * Fixed possible buffer overflow when receiving SSH_MSG_USERAUTH_BANNER * Fixed possible buffer overflow in keyboard interactive code path * Fixed overlapping memcpy() * Fixed Windows UWP builds * Fixed DLL import name * Renamed local RANDOM_PADDING macro to avoid unexpected define on Windows * Support for building with gcc versions older than 8 * Improvements to CMake, Makefile, NMakefile, GNUmakefile, autoreconf files * Restores ANSI C89 compliance * Enabled new compiler warnings and fixed/silenced them * Improved error messages * Now uses CIFuzz * Numerous minor code improvements * Improvements to CI builds * Improvements to unit tests * Improvements to doc files * Improvements to example files * Removed "old gex" build option * Removed no-encryption/no-mac builds * Removed support for NetWare and Watcom wmake build files * Bump to version 1.10.0 * Enhancements and bugfixes: * support ECDSA certificate authentication * fix detailed _libssh2_error being overwritten by generic errors * unified error handling * fix _libssh2_random() silently discarding errors * don't error if using keys without RSA * avoid OpenSSL latent error in FIPS mode * fix EVP_Cipher interface change in openssl 3 * fix potential overwrite of buffer when reading stdout of command * use string_buf in ecdh_sha2_nistp() to avoid attempting to parse malformed data * correct a typo which may lead to stack overflow * fix random big number generation to match openssl * added key exchange group16-sha512 and group18-sha512. * add support for an OSS Fuzzer fuzzing target * adds support for ECDSA for both key exchange and host key algorithms * clean up curve25519 code * update the min, preferred and max DH group values based on RFC 8270. * changed type of LIBSSH2_FX_* constants to unsigned long * added diffie-hellman-group14-sha256 kex * fix for use of uninitialized aes_ctr_cipher.key_len when using HAVE_OPAQUE_STRUCTS, regression * fixes memory leaks and use after free AES EVP_CIPHER contexts when using OpenSSL 1.0.x. * fixes crash with delayed compression option using Bitvise server. * adds support for PKIX key reading * use new API to parse data in packet_x11_open() for better bounds checking. * double the static buffer size when reading and writing known hosts * improved bounds checking in packet_queue_listener * improve message parsing (CVE-2019-17498) * improve bounds checking in kex_agree_methods() * adding SSH agent forwarding. * fix agent forwarding message, updated example. * added integration test code and cmake target. Added example to cmake list. * don't call `libssh2_crypto_exit()` until `_libssh2_initialized` count is down to zero. * add an EWOULDBLOCK check for better portability * fix off by one error when loading public keys with no id * fix use-after-free crash on reinitialization of openssl backend * preserve error info from agent_list_identities() * make sure the error code is set in _libssh2_channel_open() * fixed misspellings * fix potential typecast error for `_libssh2_ecdsa_key_get_curve_type` * rename _libssh2_ecdsa_key_get_curve_type to _libssh2_ecdsa_get_curve_type ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4192=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4192=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4192=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4192=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4192=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4192=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4192=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4192=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4192=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4192=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4192=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4192=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4192=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4192=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4192=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4192=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4192=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4192=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4192=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4192=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4192=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4192=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4192=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4192=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4192=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4192=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4192=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4192=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libssh2_org-debugsource-1.11.0-150000.4.19.1 * libssh2-1-1.11.0-150000.4.19.1 * libssh2-1-debuginfo-1.11.0-150000.4.19.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libssh2_org-debugsource-1.11.0-150000.4.19.1 * libssh2-1-1.11.0-150000.4.19.1 * libssh2-1-debuginfo-1.11.0-150000.4.19.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libssh2_org-debugsource-1.11.0-150000.4.19.1 * libssh2-1-1.11.0-150000.4.19.1 * libssh2-devel-1.11.0-150000.4.19.1 * libssh2-1-debuginfo-1.11.0-150000.4.19.1 * openSUSE Leap 15.4 (x86_64) * libssh2-1-32bit-1.11.0-150000.4.19.1 * libssh2-1-32bit-debuginfo-1.11.0-150000.4.19.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libssh2_org-debugsource-1.11.0-150000.4.19.1 * libssh2-1-1.11.0-150000.4.19.1 * libssh2-devel-1.11.0-150000.4.19.1 * libssh2-1-debuginfo-1.11.0-150000.4.19.1 * openSUSE Leap 15.5 (x86_64) * libssh2-1-32bit-1.11.0-150000.4.19.1 * libssh2-1-32bit-debuginfo-1.11.0-150000.4.19.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libssh2_org-debugsource-1.11.0-150000.4.19.1 * libssh2-1-1.11.0-150000.4.19.1 * libssh2-1-debuginfo-1.11.0-150000.4.19.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libssh2_org-debugsource-1.11.0-150000.4.19.1 * libssh2-1-1.11.0-150000.4.19.1 * libssh2-1-debuginfo-1.11.0-150000.4.19.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libssh2_org-debugsource-1.11.0-150000.4.19.1 * libssh2-1-1.11.0-150000.4.19.1 * libssh2-1-debuginfo-1.11.0-150000.4.19.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libssh2_org-debugsource-1.11.0-150000.4.19.1 * libssh2-1-1.11.0-150000.4.19.1 * libssh2-1-debuginfo-1.11.0-150000.4.19.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * libssh2_org-debugsource-1.11.0-150000.4.19.1 * libssh2-1-1.11.0-150000.4.19.1 * libssh2-1-debuginfo-1.11.0-150000.4.19.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libssh2_org-debugsource-1.11.0-150000.4.19.1 * libssh2-1-1.11.0-150000.4.19.1 * libssh2-devel-1.11.0-150000.4.19.1 * libssh2-1-debuginfo-1.11.0-150000.4.19.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libssh2_org-debugsource-1.11.0-150000.4.19.1 * libssh2-1-1.11.0-150000.4.19.1 * libssh2-devel-1.11.0-150000.4.19.1 * libssh2-1-debuginfo-1.11.0-150000.4.19.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libssh2_org-debugsource-1.11.0-150000.4.19.1 * libssh2-1-1.11.0-150000.4.19.1 * libssh2-devel-1.11.0-150000.4.19.1 * libssh2-1-debuginfo-1.11.0-150000.4.19.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libssh2-1-32bit-1.11.0-150000.4.19.1 * libssh2-1-32bit-debuginfo-1.11.0-150000.4.19.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libssh2_org-debugsource-1.11.0-150000.4.19.1 * libssh2-1-1.11.0-150000.4.19.1 * libssh2-devel-1.11.0-150000.4.19.1 * libssh2-1-debuginfo-1.11.0-150000.4.19.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libssh2-1-32bit-1.11.0-150000.4.19.1 * libssh2-1-32bit-debuginfo-1.11.0-150000.4.19.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libssh2_org-debugsource-1.11.0-150000.4.19.1 * libssh2-1-1.11.0-150000.4.19.1 * libssh2-devel-1.11.0-150000.4.19.1 * libssh2-1-debuginfo-1.11.0-150000.4.19.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libssh2_org-debugsource-1.11.0-150000.4.19.1 * libssh2-1-1.11.0-150000.4.19.1 * libssh2-devel-1.11.0-150000.4.19.1 * libssh2-1-debuginfo-1.11.0-150000.4.19.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libssh2_org-debugsource-1.11.0-150000.4.19.1 * libssh2-1-1.11.0-150000.4.19.1 * libssh2-devel-1.11.0-150000.4.19.1 * libssh2-1-debuginfo-1.11.0-150000.4.19.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libssh2-1-32bit-1.11.0-150000.4.19.1 * libssh2-1-32bit-debuginfo-1.11.0-150000.4.19.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libssh2_org-debugsource-1.11.0-150000.4.19.1 * libssh2-1-1.11.0-150000.4.19.1 * libssh2-devel-1.11.0-150000.4.19.1 * libssh2-1-debuginfo-1.11.0-150000.4.19.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libssh2-1-32bit-1.11.0-150000.4.19.1 * libssh2-1-32bit-debuginfo-1.11.0-150000.4.19.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libssh2_org-debugsource-1.11.0-150000.4.19.1 * libssh2-1-1.11.0-150000.4.19.1 * libssh2-devel-1.11.0-150000.4.19.1 * libssh2-1-debuginfo-1.11.0-150000.4.19.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libssh2_org-debugsource-1.11.0-150000.4.19.1 * libssh2-1-1.11.0-150000.4.19.1 * libssh2-devel-1.11.0-150000.4.19.1 * libssh2-1-debuginfo-1.11.0-150000.4.19.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libssh2-1-32bit-1.11.0-150000.4.19.1 * libssh2-1-32bit-debuginfo-1.11.0-150000.4.19.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libssh2_org-debugsource-1.11.0-150000.4.19.1 * libssh2-1-1.11.0-150000.4.19.1 * libssh2-devel-1.11.0-150000.4.19.1 * libssh2-1-debuginfo-1.11.0-150000.4.19.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libssh2-1-32bit-1.11.0-150000.4.19.1 * libssh2-1-32bit-debuginfo-1.11.0-150000.4.19.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libssh2_org-debugsource-1.11.0-150000.4.19.1 * libssh2-1-1.11.0-150000.4.19.1 * libssh2-devel-1.11.0-150000.4.19.1 * libssh2-1-debuginfo-1.11.0-150000.4.19.1 * SUSE Manager Proxy 4.2 (x86_64) * libssh2_org-debugsource-1.11.0-150000.4.19.1 * libssh2-1-1.11.0-150000.4.19.1 * libssh2-devel-1.11.0-150000.4.19.1 * libssh2-1-debuginfo-1.11.0-150000.4.19.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libssh2_org-debugsource-1.11.0-150000.4.19.1 * libssh2-1-1.11.0-150000.4.19.1 * libssh2-devel-1.11.0-150000.4.19.1 * libssh2-1-debuginfo-1.11.0-150000.4.19.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libssh2_org-debugsource-1.11.0-150000.4.19.1 * libssh2-1-1.11.0-150000.4.19.1 * libssh2-devel-1.11.0-150000.4.19.1 * libssh2-1-debuginfo-1.11.0-150000.4.19.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libssh2_org-debugsource-1.11.0-150000.4.19.1 * libssh2-1-1.11.0-150000.4.19.1 * libssh2-devel-1.11.0-150000.4.19.1 * libssh2-1-debuginfo-1.11.0-150000.4.19.1 * SUSE CaaS Platform 4.0 (x86_64) * libssh2-1-debuginfo-1.11.0-150000.4.19.1 * libssh2_org-debugsource-1.11.0-150000.4.19.1 * libssh2-1-1.11.0-150000.4.19.1 * libssh2-devel-1.11.0-150000.4.19.1 * libssh2-1-32bit-1.11.0-150000.4.19.1 * libssh2-1-32bit-debuginfo-1.11.0-150000.4.19.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libssh2_org-debugsource-1.11.0-150000.4.19.1 * libssh2-1-1.11.0-150000.4.19.1 * libssh2-1-debuginfo-1.11.0-150000.4.19.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libssh2_org-debugsource-1.11.0-150000.4.19.1 * libssh2-1-1.11.0-150000.4.19.1 * libssh2-1-debuginfo-1.11.0-150000.4.19.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libssh2_org-debugsource-1.11.0-150000.4.19.1 * libssh2-1-1.11.0-150000.4.19.1 * libssh2-1-debuginfo-1.11.0-150000.4.19.1 ## References: * https://jira.suse.com/browse/PED-7040 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 26 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Oct 2023 12:30:02 -0000 Subject: SUSE-SU-2023:4208-1: important: Security update for the Linux Kernel (Live Patch 44 for SLE 12 SP5) Message-ID: <169832340231.20045.18206831791443691658@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 44 for SLE 12 SP5) Announcement ID: SUSE-SU-2023:4208-1 Rating: important References: * bsc#1215440 Cross-References: * CVE-2023-4623 CVSS scores: * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_162 fixes one issue. The following security issue was fixed: * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215440). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-4208=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_162-default-5-2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-4623.html * https://bugzilla.suse.com/show_bug.cgi?id=1215440 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 26 12:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Oct 2023 12:30:05 -0000 Subject: SUSE-SU-2023:4217-1: moderate: Security update for zlib Message-ID: <169832340577.20045.17841848144909080981@smelt2.prg2.suse.org> # Security update for zlib Announcement ID: SUSE-SU-2023:4217-1 Rating: moderate References: * bsc#1216378 Cross-References: * CVE-2023-45853 CVSS scores: * CVE-2023-45853 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2023-45853 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for zlib fixes the following issues: * CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4217=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4217=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4217=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4217=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4217=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4217=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4217=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4217=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4217=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4217=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4217=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4217=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4217=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4217=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4217=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libz1-1.2.11-150000.3.48.1 * zlib-devel-1.2.11-150000.3.48.1 * zlib-debugsource-1.2.11-150000.3.48.1 * libz1-debuginfo-1.2.11-150000.3.48.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libz1-1.2.11-150000.3.48.1 * zlib-devel-1.2.11-150000.3.48.1 * zlib-debugsource-1.2.11-150000.3.48.1 * libz1-debuginfo-1.2.11-150000.3.48.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libminizip1-1.2.11-150000.3.48.1 * minizip-devel-1.2.11-150000.3.48.1 * zlib-devel-static-1.2.11-150000.3.48.1 * zlib-devel-1.2.11-150000.3.48.1 * libz1-debuginfo-1.2.11-150000.3.48.1 * libz1-1.2.11-150000.3.48.1 * zlib-debugsource-1.2.11-150000.3.48.1 * libminizip1-debuginfo-1.2.11-150000.3.48.1 * openSUSE Leap 15.4 (x86_64) * libz1-32bit-debuginfo-1.2.11-150000.3.48.1 * zlib-devel-32bit-1.2.11-150000.3.48.1 * libminizip1-32bit-1.2.11-150000.3.48.1 * zlib-devel-static-32bit-1.2.11-150000.3.48.1 * libz1-32bit-1.2.11-150000.3.48.1 * libminizip1-32bit-debuginfo-1.2.11-150000.3.48.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libz1-1.2.11-150000.3.48.1 * zlib-devel-1.2.11-150000.3.48.1 * zlib-debugsource-1.2.11-150000.3.48.1 * libz1-debuginfo-1.2.11-150000.3.48.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libz1-1.2.11-150000.3.48.1 * zlib-devel-1.2.11-150000.3.48.1 * zlib-debugsource-1.2.11-150000.3.48.1 * libz1-debuginfo-1.2.11-150000.3.48.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libz1-1.2.11-150000.3.48.1 * zlib-devel-1.2.11-150000.3.48.1 * zlib-debugsource-1.2.11-150000.3.48.1 * libz1-debuginfo-1.2.11-150000.3.48.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libz1-1.2.11-150000.3.48.1 * zlib-devel-1.2.11-150000.3.48.1 * zlib-debugsource-1.2.11-150000.3.48.1 * libz1-debuginfo-1.2.11-150000.3.48.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libminizip1-1.2.11-150000.3.48.1 * minizip-devel-1.2.11-150000.3.48.1 * zlib-devel-static-1.2.11-150000.3.48.1 * zlib-devel-1.2.11-150000.3.48.1 * libz1-debuginfo-1.2.11-150000.3.48.1 * libz1-1.2.11-150000.3.48.1 * zlib-debugsource-1.2.11-150000.3.48.1 * libminizip1-debuginfo-1.2.11-150000.3.48.1 * Basesystem Module 15-SP4 (x86_64) * libz1-32bit-1.2.11-150000.3.48.1 * libz1-32bit-debuginfo-1.2.11-150000.3.48.1 * Development Tools Module 15-SP4 (x86_64) * zlib-debugsource-1.2.11-150000.3.48.1 * zlib-devel-32bit-1.2.11-150000.3.48.1 * SUSE Manager Proxy 4.2 (x86_64) * libz1-32bit-debuginfo-1.2.11-150000.3.48.1 * libminizip1-1.2.11-150000.3.48.1 * minizip-devel-1.2.11-150000.3.48.1 * zlib-devel-static-1.2.11-150000.3.48.1 * zlib-devel-1.2.11-150000.3.48.1 * libz1-debuginfo-1.2.11-150000.3.48.1 * libz1-1.2.11-150000.3.48.1 * zlib-debugsource-1.2.11-150000.3.48.1 * libz1-32bit-1.2.11-150000.3.48.1 * libminizip1-debuginfo-1.2.11-150000.3.48.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libz1-32bit-debuginfo-1.2.11-150000.3.48.1 * libminizip1-1.2.11-150000.3.48.1 * minizip-devel-1.2.11-150000.3.48.1 * zlib-devel-static-1.2.11-150000.3.48.1 * zlib-devel-1.2.11-150000.3.48.1 * libz1-debuginfo-1.2.11-150000.3.48.1 * libz1-1.2.11-150000.3.48.1 * zlib-debugsource-1.2.11-150000.3.48.1 * libz1-32bit-1.2.11-150000.3.48.1 * libminizip1-debuginfo-1.2.11-150000.3.48.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libminizip1-1.2.11-150000.3.48.1 * minizip-devel-1.2.11-150000.3.48.1 * zlib-devel-static-1.2.11-150000.3.48.1 * zlib-devel-1.2.11-150000.3.48.1 * libz1-debuginfo-1.2.11-150000.3.48.1 * libz1-1.2.11-150000.3.48.1 * zlib-debugsource-1.2.11-150000.3.48.1 * libminizip1-debuginfo-1.2.11-150000.3.48.1 * SUSE Manager Server 4.2 (x86_64) * libz1-32bit-1.2.11-150000.3.48.1 * libz1-32bit-debuginfo-1.2.11-150000.3.48.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libz1-1.2.11-150000.3.48.1 * zlib-devel-1.2.11-150000.3.48.1 * zlib-debugsource-1.2.11-150000.3.48.1 * libz1-debuginfo-1.2.11-150000.3.48.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libz1-1.2.11-150000.3.48.1 * zlib-debugsource-1.2.11-150000.3.48.1 * libz1-debuginfo-1.2.11-150000.3.48.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libz1-1.2.11-150000.3.48.1 * zlib-debugsource-1.2.11-150000.3.48.1 * libz1-debuginfo-1.2.11-150000.3.48.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45853.html * https://bugzilla.suse.com/show_bug.cgi?id=1216378 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 26 12:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Oct 2023 12:30:08 -0000 Subject: SUSE-SU-2023:4216-1: moderate: Security update for zlib Message-ID: <169832340881.20045.1711058280437693524@smelt2.prg2.suse.org> # Security update for zlib Announcement ID: SUSE-SU-2023:4216-1 Rating: moderate References: * bsc#1216378 Cross-References: * CVE-2023-45853 CVSS scores: * CVE-2023-45853 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2023-45853 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for zlib fixes the following issues: * CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4216=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4216=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4216=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4216=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * zlib-devel-static-1.2.11-11.37.1 * zlib-debugsource-1.2.11-11.37.1 * zlib-devel-1.2.11-11.37.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (s390x x86_64) * zlib-devel-32bit-1.2.11-11.37.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * zlib-devel-1.2.11-11.37.1 * libz1-1.2.11-11.37.1 * libz1-debuginfo-1.2.11-11.37.1 * zlib-debugsource-1.2.11-11.37.1 * zlib-devel-static-1.2.11-11.37.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libz1-debuginfo-32bit-1.2.11-11.37.1 * libz1-32bit-1.2.11-11.37.1 * zlib-devel-32bit-1.2.11-11.37.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * zlib-devel-1.2.11-11.37.1 * libz1-1.2.11-11.37.1 * libz1-debuginfo-1.2.11-11.37.1 * zlib-debugsource-1.2.11-11.37.1 * zlib-devel-static-1.2.11-11.37.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * zlib-devel-32bit-1.2.11-11.37.1 * libz1-32bit-1.2.11-11.37.1 * libz1-debuginfo-32bit-1.2.11-11.37.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * zlib-devel-1.2.11-11.37.1 * libz1-1.2.11-11.37.1 * libz1-debuginfo-1.2.11-11.37.1 * zlib-debugsource-1.2.11-11.37.1 * zlib-devel-static-1.2.11-11.37.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libz1-debuginfo-32bit-1.2.11-11.37.1 * libz1-32bit-1.2.11-11.37.1 * zlib-devel-32bit-1.2.11-11.37.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45853.html * https://bugzilla.suse.com/show_bug.cgi?id=1216378 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 26 12:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Oct 2023 12:30:11 -0000 Subject: SUSE-SU-2023:4215-1: moderate: Security update for zlib Message-ID: <169832341106.20045.1842446690708720237@smelt2.prg2.suse.org> # Security update for zlib Announcement ID: SUSE-SU-2023:4215-1 Rating: moderate References: * bsc#1216378 Cross-References: * CVE-2023-45853 CVSS scores: * CVE-2023-45853 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2023-45853 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP5 * Development Tools Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for zlib fixes the following issues: * CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4215=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4215=1 openSUSE-SLE-15.5-2023-4215=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4215=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4215=1 ## Package List: * Development Tools Module 15-SP5 (x86_64) * zlib-devel-32bit-1.2.13-150500.4.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libminizip1-1.2.13-150500.4.3.1 * libz1-debuginfo-1.2.13-150500.4.3.1 * zlib-devel-static-1.2.13-150500.4.3.1 * libz1-1.2.13-150500.4.3.1 * zlib-devel-1.2.13-150500.4.3.1 * zlib-testsuite-debuginfo-1.2.13-150500.4.3.1 * minizip-devel-1.2.13-150500.4.3.1 * zlib-testsuite-1.2.13-150500.4.3.1 * libminizip1-debuginfo-1.2.13-150500.4.3.1 * zlib-debugsource-1.2.13-150500.4.3.1 * openSUSE Leap 15.5 (x86_64) * libminizip1-32bit-debuginfo-1.2.13-150500.4.3.1 * libz1-32bit-debuginfo-1.2.13-150500.4.3.1 * zlib-devel-32bit-1.2.13-150500.4.3.1 * zlib-devel-static-32bit-1.2.13-150500.4.3.1 * libminizip1-32bit-1.2.13-150500.4.3.1 * libz1-32bit-1.2.13-150500.4.3.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libz1-64bit-debuginfo-1.2.13-150500.4.3.1 * zlib-devel-64bit-1.2.13-150500.4.3.1 * libminizip1-64bit-1.2.13-150500.4.3.1 * libminizip1-64bit-debuginfo-1.2.13-150500.4.3.1 * zlib-devel-static-64bit-1.2.13-150500.4.3.1 * libz1-64bit-1.2.13-150500.4.3.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * zlib-devel-1.2.13-150500.4.3.1 * libz1-debuginfo-1.2.13-150500.4.3.1 * libz1-1.2.13-150500.4.3.1 * zlib-debugsource-1.2.13-150500.4.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libminizip1-1.2.13-150500.4.3.1 * libz1-debuginfo-1.2.13-150500.4.3.1 * zlib-devel-static-1.2.13-150500.4.3.1 * libz1-1.2.13-150500.4.3.1 * zlib-devel-1.2.13-150500.4.3.1 * minizip-devel-1.2.13-150500.4.3.1 * libminizip1-debuginfo-1.2.13-150500.4.3.1 * zlib-debugsource-1.2.13-150500.4.3.1 * Basesystem Module 15-SP5 (x86_64) * libz1-32bit-1.2.13-150500.4.3.1 * libz1-32bit-debuginfo-1.2.13-150500.4.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45853.html * https://bugzilla.suse.com/show_bug.cgi?id=1216378 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 26 12:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Oct 2023 12:30:14 -0000 Subject: SUSE-SU-2023:4214-1: important: Security update for MozillaFirefox Message-ID: <169832341437.20045.5478205297771355569@smelt2.prg2.suse.org> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2023:4214-1 Rating: important References: * bsc#1216338 Cross-References: * CVE-2023-5721 * CVE-2023-5722 * CVE-2023-5723 * CVE-2023-5724 * CVE-2023-5725 * CVE-2023-5726 * CVE-2023-5727 * CVE-2023-5728 * CVE-2023-5729 * CVE-2023-5730 * CVE-2023-5731 CVSS scores: * CVE-2023-5721 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-5724 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5725 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5726 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5727 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5728 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5730 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves 11 vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: * Updated to version 115.4.0 ESR (bsc#1216338): * CVE-2023-5721: Fixed a potential clickjack via queued up rendering. * CVE-2023-5722: Fixed a cross-Origin size and header leakage. * CVE-2023-5723: Fixed unexpected errors when handling invalid cookie characters. * CVE-2023-5724: Fixed a crash due to a large WebGL draw. * CVE-2023-5725: Fixed an issue where WebExtensions could open arbitrary URLs. * CVE-2023-5726: Fixed an issue where fullscreen notifications would be obscured by file the open dialog on macOS. * CVE-2023-5727: Fixed a download protection bypass on on Windows. * CVE-2023-5728: Fixed a crash caused by improper object tracking during GC in the JavaScript engine. * CVE-2023-5729: Fixed an issue where fullscreen notifications would be obscured by WebAuthn prompts. * CVE-2023-5730: Fixed multiple memory safety issues. * CVE-2023-5731: Fixed multiple memory safety issues. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4214=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4214=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4214=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4214=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4214=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4214=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4214=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4214=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4214=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4214=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4214=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4214=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-115.4.0-150200.152.114.1 * MozillaFirefox-115.4.0-150200.152.114.1 * MozillaFirefox-translations-common-115.4.0-150200.152.114.1 * MozillaFirefox-branding-upstream-115.4.0-150200.152.114.1 * MozillaFirefox-translations-other-115.4.0-150200.152.114.1 * MozillaFirefox-debugsource-115.4.0-150200.152.114.1 * openSUSE Leap 15.4 (noarch) * MozillaFirefox-devel-115.4.0-150200.152.114.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-115.4.0-150200.152.114.1 * MozillaFirefox-115.4.0-150200.152.114.1 * MozillaFirefox-translations-common-115.4.0-150200.152.114.1 * MozillaFirefox-branding-upstream-115.4.0-150200.152.114.1 * MozillaFirefox-translations-other-115.4.0-150200.152.114.1 * MozillaFirefox-debugsource-115.4.0-150200.152.114.1 * openSUSE Leap 15.5 (noarch) * MozillaFirefox-devel-115.4.0-150200.152.114.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-115.4.0-150200.152.114.1 * MozillaFirefox-115.4.0-150200.152.114.1 * MozillaFirefox-translations-common-115.4.0-150200.152.114.1 * MozillaFirefox-translations-other-115.4.0-150200.152.114.1 * MozillaFirefox-debugsource-115.4.0-150200.152.114.1 * Desktop Applications Module 15-SP4 (noarch) * MozillaFirefox-devel-115.4.0-150200.152.114.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-115.4.0-150200.152.114.1 * MozillaFirefox-115.4.0-150200.152.114.1 * MozillaFirefox-translations-common-115.4.0-150200.152.114.1 * MozillaFirefox-translations-other-115.4.0-150200.152.114.1 * MozillaFirefox-debugsource-115.4.0-150200.152.114.1 * Desktop Applications Module 15-SP5 (noarch) * MozillaFirefox-devel-115.4.0-150200.152.114.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * MozillaFirefox-debuginfo-115.4.0-150200.152.114.1 * MozillaFirefox-115.4.0-150200.152.114.1 * MozillaFirefox-translations-common-115.4.0-150200.152.114.1 * MozillaFirefox-translations-other-115.4.0-150200.152.114.1 * MozillaFirefox-debugsource-115.4.0-150200.152.114.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * MozillaFirefox-devel-115.4.0-150200.152.114.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * MozillaFirefox-debuginfo-115.4.0-150200.152.114.1 * MozillaFirefox-115.4.0-150200.152.114.1 * MozillaFirefox-translations-common-115.4.0-150200.152.114.1 * MozillaFirefox-translations-other-115.4.0-150200.152.114.1 * MozillaFirefox-debugsource-115.4.0-150200.152.114.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * MozillaFirefox-devel-115.4.0-150200.152.114.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * MozillaFirefox-debuginfo-115.4.0-150200.152.114.1 * MozillaFirefox-115.4.0-150200.152.114.1 * MozillaFirefox-translations-common-115.4.0-150200.152.114.1 * MozillaFirefox-translations-other-115.4.0-150200.152.114.1 * MozillaFirefox-debugsource-115.4.0-150200.152.114.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * MozillaFirefox-devel-115.4.0-150200.152.114.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-115.4.0-150200.152.114.1 * MozillaFirefox-115.4.0-150200.152.114.1 * MozillaFirefox-translations-common-115.4.0-150200.152.114.1 * MozillaFirefox-translations-other-115.4.0-150200.152.114.1 * MozillaFirefox-debugsource-115.4.0-150200.152.114.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * MozillaFirefox-devel-115.4.0-150200.152.114.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-115.4.0-150200.152.114.1 * MozillaFirefox-115.4.0-150200.152.114.1 * MozillaFirefox-translations-common-115.4.0-150200.152.114.1 * MozillaFirefox-translations-other-115.4.0-150200.152.114.1 * MozillaFirefox-debugsource-115.4.0-150200.152.114.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * MozillaFirefox-devel-115.4.0-150200.152.114.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * MozillaFirefox-debuginfo-115.4.0-150200.152.114.1 * MozillaFirefox-115.4.0-150200.152.114.1 * MozillaFirefox-translations-common-115.4.0-150200.152.114.1 * MozillaFirefox-translations-other-115.4.0-150200.152.114.1 * MozillaFirefox-debugsource-115.4.0-150200.152.114.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * MozillaFirefox-devel-115.4.0-150200.152.114.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * MozillaFirefox-debuginfo-115.4.0-150200.152.114.1 * MozillaFirefox-115.4.0-150200.152.114.1 * MozillaFirefox-translations-common-115.4.0-150200.152.114.1 * MozillaFirefox-translations-other-115.4.0-150200.152.114.1 * MozillaFirefox-debugsource-115.4.0-150200.152.114.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * MozillaFirefox-devel-115.4.0-150200.152.114.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * MozillaFirefox-debuginfo-115.4.0-150200.152.114.1 * MozillaFirefox-115.4.0-150200.152.114.1 * MozillaFirefox-translations-common-115.4.0-150200.152.114.1 * MozillaFirefox-translations-other-115.4.0-150200.152.114.1 * MozillaFirefox-debugsource-115.4.0-150200.152.114.1 * SUSE Enterprise Storage 7.1 (noarch) * MozillaFirefox-devel-115.4.0-150200.152.114.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5721.html * https://www.suse.com/security/cve/CVE-2023-5722.html * https://www.suse.com/security/cve/CVE-2023-5723.html * https://www.suse.com/security/cve/CVE-2023-5724.html * https://www.suse.com/security/cve/CVE-2023-5725.html * https://www.suse.com/security/cve/CVE-2023-5726.html * https://www.suse.com/security/cve/CVE-2023-5727.html * https://www.suse.com/security/cve/CVE-2023-5728.html * https://www.suse.com/security/cve/CVE-2023-5729.html * https://www.suse.com/security/cve/CVE-2023-5730.html * https://www.suse.com/security/cve/CVE-2023-5731.html * https://bugzilla.suse.com/show_bug.cgi?id=1216338 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 26 12:30:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Oct 2023 12:30:17 -0000 Subject: SUSE-SU-2023:4213-1: important: Security update for MozillaFirefox Message-ID: <169832341734.20045.13383285560215636587@smelt2.prg2.suse.org> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2023:4213-1 Rating: important References: * bsc#1216338 Cross-References: * CVE-2023-5721 * CVE-2023-5722 * CVE-2023-5723 * CVE-2023-5724 * CVE-2023-5725 * CVE-2023-5726 * CVE-2023-5727 * CVE-2023-5728 * CVE-2023-5729 * CVE-2023-5730 * CVE-2023-5731 CVSS scores: * CVE-2023-5721 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-5724 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5725 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5726 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5727 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5728 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5730 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves 11 vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: * Updated to version 115.4.0 ESR (bsc#1216338). * CVE-2023-5721: Fixed a potential clickjack via queued up rendering. * CVE-2023-5722: Fixed a cross-Origin size and header leakage. * CVE-2023-5723: Fixed unexpected errors when handling invalid cookie characters. * CVE-2023-5724: Fixed a crash due to a large WebGL draw. * CVE-2023-5725: Fixed an issue where WebExtensions could open arbitrary URLs. * CVE-2023-5726: Fixed an issue where fullscreen notifications would be obscured by file the open dialog on macOS. * CVE-2023-5727: Fixed a download protection bypass on on Windows. * CVE-2023-5728: Fixed a crash caused by improper object tracking during GC in the JavaScript engine. * CVE-2023-5729: Fixed an issue where fullscreen notifications would be obscured by WebAuthn prompts. * CVE-2023-5730: Fixed multiple memory safety issues. * CVE-2023-5731: Fixed multiple memory safety issues. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4213=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4213=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4213=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * MozillaFirefox-translations-common-115.4.0-150000.150.113.1 * MozillaFirefox-translations-other-115.4.0-150000.150.113.1 * MozillaFirefox-debuginfo-115.4.0-150000.150.113.1 * MozillaFirefox-115.4.0-150000.150.113.1 * MozillaFirefox-debugsource-115.4.0-150000.150.113.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * MozillaFirefox-devel-115.4.0-150000.150.113.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-common-115.4.0-150000.150.113.1 * MozillaFirefox-translations-other-115.4.0-150000.150.113.1 * MozillaFirefox-debuginfo-115.4.0-150000.150.113.1 * MozillaFirefox-115.4.0-150000.150.113.1 * MozillaFirefox-debugsource-115.4.0-150000.150.113.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * MozillaFirefox-devel-115.4.0-150000.150.113.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * MozillaFirefox-translations-common-115.4.0-150000.150.113.1 * MozillaFirefox-translations-other-115.4.0-150000.150.113.1 * MozillaFirefox-debuginfo-115.4.0-150000.150.113.1 * MozillaFirefox-115.4.0-150000.150.113.1 * MozillaFirefox-debugsource-115.4.0-150000.150.113.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * MozillaFirefox-devel-115.4.0-150000.150.113.1 * SUSE CaaS Platform 4.0 (x86_64) * MozillaFirefox-translations-common-115.4.0-150000.150.113.1 * MozillaFirefox-translations-other-115.4.0-150000.150.113.1 * MozillaFirefox-debuginfo-115.4.0-150000.150.113.1 * MozillaFirefox-115.4.0-150000.150.113.1 * MozillaFirefox-debugsource-115.4.0-150000.150.113.1 * SUSE CaaS Platform 4.0 (noarch) * MozillaFirefox-devel-115.4.0-150000.150.113.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5721.html * https://www.suse.com/security/cve/CVE-2023-5722.html * https://www.suse.com/security/cve/CVE-2023-5723.html * https://www.suse.com/security/cve/CVE-2023-5724.html * https://www.suse.com/security/cve/CVE-2023-5725.html * https://www.suse.com/security/cve/CVE-2023-5726.html * https://www.suse.com/security/cve/CVE-2023-5727.html * https://www.suse.com/security/cve/CVE-2023-5728.html * https://www.suse.com/security/cve/CVE-2023-5729.html * https://www.suse.com/security/cve/CVE-2023-5730.html * https://www.suse.com/security/cve/CVE-2023-5731.html * https://bugzilla.suse.com/show_bug.cgi?id=1216338 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 26 12:30:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Oct 2023 12:30:19 -0000 Subject: SUSE-SU-2023:4212-1: important: Security update for MozillaFirefox Message-ID: <169832341976.20045.17576999507462340609@smelt2.prg2.suse.org> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2023:4212-1 Rating: important References: * bsc#1216338 Cross-References: * CVE-2023-5721 * CVE-2023-5722 * CVE-2023-5723 * CVE-2023-5724 * CVE-2023-5725 * CVE-2023-5726 * CVE-2023-5727 * CVE-2023-5728 * CVE-2023-5729 * CVE-2023-5730 * CVE-2023-5731 CVSS scores: * CVE-2023-5721 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-5724 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5725 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5726 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5727 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5728 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5730 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves 11 vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: * Updated to version 115.4.0 ESR (bsc#1216338). * CVE-2023-5721: Fixed a potential clickjack via queued up rendering. * CVE-2023-5722: Fixed a cross-Origin size and header leakage. * CVE-2023-5723: Fixed unexpected errors when handling invalid cookie characters. * CVE-2023-5724: Fixed a crash due to a large WebGL draw. * CVE-2023-5725: Fixed an issue where WebExtensions could open arbitrary URLs. * CVE-2023-5726: Fixed an issue where fullscreen notifications would be obscured by file the open dialog on macOS. * CVE-2023-5727: Fixed a download protection bypass on on Windows. * CVE-2023-5728: Fixed a crash caused by improper object tracking during GC in the JavaScript engine. * CVE-2023-5729: Fixed an issue where fullscreen notifications would be obscured by WebAuthn prompts. * CVE-2023-5730: Fixed multiple memory safety issues. * CVE-2023-5731: Fixed multiple memory safety issues. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4212=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4212=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4212=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4212=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-115.4.0-112.188.1 * MozillaFirefox-debugsource-115.4.0-112.188.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch) * MozillaFirefox-devel-115.4.0-112.188.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * MozillaFirefox-debuginfo-115.4.0-112.188.1 * MozillaFirefox-debugsource-115.4.0-112.188.1 * MozillaFirefox-115.4.0-112.188.1 * MozillaFirefox-translations-common-115.4.0-112.188.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * MozillaFirefox-devel-115.4.0-112.188.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-115.4.0-112.188.1 * MozillaFirefox-debugsource-115.4.0-112.188.1 * MozillaFirefox-115.4.0-112.188.1 * MozillaFirefox-translations-common-115.4.0-112.188.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * MozillaFirefox-devel-115.4.0-112.188.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * MozillaFirefox-debuginfo-115.4.0-112.188.1 * MozillaFirefox-debugsource-115.4.0-112.188.1 * MozillaFirefox-115.4.0-112.188.1 * MozillaFirefox-translations-common-115.4.0-112.188.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * MozillaFirefox-devel-115.4.0-112.188.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5721.html * https://www.suse.com/security/cve/CVE-2023-5722.html * https://www.suse.com/security/cve/CVE-2023-5723.html * https://www.suse.com/security/cve/CVE-2023-5724.html * https://www.suse.com/security/cve/CVE-2023-5725.html * https://www.suse.com/security/cve/CVE-2023-5726.html * https://www.suse.com/security/cve/CVE-2023-5727.html * https://www.suse.com/security/cve/CVE-2023-5728.html * https://www.suse.com/security/cve/CVE-2023-5729.html * https://www.suse.com/security/cve/CVE-2023-5730.html * https://www.suse.com/security/cve/CVE-2023-5731.html * https://bugzilla.suse.com/show_bug.cgi?id=1216338 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 26 12:30:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Oct 2023 12:30:23 -0000 Subject: SUSE-SU-2023:4211-1: important: Security update for webkit2gtk3 Message-ID: <169832342354.20045.16587394361545217308@smelt2.prg2.suse.org> # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2023:4211-1 Rating: important References: * bsc#1213379 * bsc#1213581 * bsc#1213905 * bsc#1215072 * bsc#1215661 * bsc#1215866 * bsc#1215867 * bsc#1215868 * bsc#1215869 * bsc#1215870 * bsc#1216483 Cross-References: * CVE-2023-32393 * CVE-2023-35074 * CVE-2023-37450 * CVE-2023-39434 * CVE-2023-39928 * CVE-2023-40451 * CVE-2023-41074 * CVE-2023-41993 CVSS scores: * CVE-2023-32393 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-32393 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-35074 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-35074 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-37450 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-37450 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-39434 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-39434 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-39928 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-39928 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-40451 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-40451 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-41074 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-41074 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-41993 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L * CVE-2023-41993 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves eight vulnerabilities and has three security fixes can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: * CVE-2023-41993: Fixed an issue where processing malicious web content could have lead to arbitrary code execution (bsc#1215661). * CVE-2023-39928: Fixed a use-after-free that could be exploited to execute arbitrary code when visiting a malicious webpage (bsc#1215868). * CVE-2023-41074: Fixed an issue where processing malicious web content could have lead to arbitrary code execution (bsc#1215870). Non-security fixes: * Fixed missing package dependencies (bsc#1215072). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4211=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4211=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4211=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * typelib-1_0-JavaScriptCore-4_0-2.42.1-150000.3.153.1 * webkit2gtk-4_0-injected-bundles-2.42.1-150000.3.153.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.1-150000.3.153.1 * libjavascriptcoregtk-4_0-18-2.42.1-150000.3.153.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150000.3.153.1 * webkit2gtk3-debugsource-2.42.1-150000.3.153.1 * typelib-1_0-WebKit2-4_0-2.42.1-150000.3.153.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.1-150000.3.153.1 * libwebkit2gtk-4_0-37-2.42.1-150000.3.153.1 * webkit2gtk3-devel-2.42.1-150000.3.153.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.1-150000.3.153.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * libwebkit2gtk3-lang-2.42.1-150000.3.153.1 * SUSE CaaS Platform 4.0 (x86_64) * typelib-1_0-JavaScriptCore-4_0-2.42.1-150000.3.153.1 * webkit2gtk-4_0-injected-bundles-2.42.1-150000.3.153.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.1-150000.3.153.1 * libjavascriptcoregtk-4_0-18-2.42.1-150000.3.153.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150000.3.153.1 * webkit2gtk3-debugsource-2.42.1-150000.3.153.1 * typelib-1_0-WebKit2-4_0-2.42.1-150000.3.153.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.1-150000.3.153.1 * libwebkit2gtk-4_0-37-2.42.1-150000.3.153.1 * webkit2gtk3-devel-2.42.1-150000.3.153.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.1-150000.3.153.1 * SUSE CaaS Platform 4.0 (noarch) * libwebkit2gtk3-lang-2.42.1-150000.3.153.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * typelib-1_0-JavaScriptCore-4_0-2.42.1-150000.3.153.1 * webkit2gtk-4_0-injected-bundles-2.42.1-150000.3.153.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.1-150000.3.153.1 * libjavascriptcoregtk-4_0-18-2.42.1-150000.3.153.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150000.3.153.1 * webkit2gtk3-debugsource-2.42.1-150000.3.153.1 * typelib-1_0-WebKit2-4_0-2.42.1-150000.3.153.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.1-150000.3.153.1 * libwebkit2gtk-4_0-37-2.42.1-150000.3.153.1 * webkit2gtk3-devel-2.42.1-150000.3.153.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.1-150000.3.153.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * libwebkit2gtk3-lang-2.42.1-150000.3.153.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * typelib-1_0-JavaScriptCore-4_0-2.42.1-150000.3.153.1 * webkit2gtk-4_0-injected-bundles-2.42.1-150000.3.153.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.1-150000.3.153.1 * libjavascriptcoregtk-4_0-18-2.42.1-150000.3.153.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150000.3.153.1 * webkit2gtk3-debugsource-2.42.1-150000.3.153.1 * typelib-1_0-WebKit2-4_0-2.42.1-150000.3.153.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.1-150000.3.153.1 * libwebkit2gtk-4_0-37-2.42.1-150000.3.153.1 * webkit2gtk3-devel-2.42.1-150000.3.153.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.1-150000.3.153.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * libwebkit2gtk3-lang-2.42.1-150000.3.153.1 ## References: * https://www.suse.com/security/cve/CVE-2023-32393.html * https://www.suse.com/security/cve/CVE-2023-35074.html * https://www.suse.com/security/cve/CVE-2023-37450.html * https://www.suse.com/security/cve/CVE-2023-39434.html * https://www.suse.com/security/cve/CVE-2023-39928.html * https://www.suse.com/security/cve/CVE-2023-40451.html * https://www.suse.com/security/cve/CVE-2023-41074.html * https://www.suse.com/security/cve/CVE-2023-41993.html * https://bugzilla.suse.com/show_bug.cgi?id=1213379 * https://bugzilla.suse.com/show_bug.cgi?id=1213581 * https://bugzilla.suse.com/show_bug.cgi?id=1213905 * https://bugzilla.suse.com/show_bug.cgi?id=1215072 * https://bugzilla.suse.com/show_bug.cgi?id=1215661 * https://bugzilla.suse.com/show_bug.cgi?id=1215866 * https://bugzilla.suse.com/show_bug.cgi?id=1215867 * https://bugzilla.suse.com/show_bug.cgi?id=1215868 * https://bugzilla.suse.com/show_bug.cgi?id=1215869 * https://bugzilla.suse.com/show_bug.cgi?id=1215870 * https://bugzilla.suse.com/show_bug.cgi?id=1216483 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 26 12:30:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Oct 2023 12:30:26 -0000 Subject: SUSE-SU-2023:4210-1: important: Security update for jetty-minimal Message-ID: <169832342688.20045.2249028452759722377@smelt2.prg2.suse.org> # Security update for jetty-minimal Announcement ID: SUSE-SU-2023:4210-1 Rating: important References: * bsc#1215415 * bsc#1215416 * bsc#1215417 * bsc#1216162 * bsc#1216169 Cross-References: * CVE-2023-36478 * CVE-2023-36479 * CVE-2023-40167 * CVE-2023-41900 * CVE-2023-44487 CVSS scores: * CVE-2023-36478 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-36478 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-36479 ( SUSE ): 3.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N * CVE-2023-36479 ( NVD ): 3.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N * CVE-2023-40167 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-40167 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-41900 ( SUSE ): 3.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N * CVE-2023-41900 ( NVD ): 3.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves five vulnerabilities can now be installed. ## Description: This update for jetty-minimal fixes the following issues: * Updated to version 9.4.53.v20231009: * CVE-2023-44487: Fixed a potential denial of service scenario via RST frame floods (bsc#1216169). * CVE-2023-36478: Fixed an integer overflow in the HTTP/2 HPACK decoder (bsc#1216162). * CVE-2023-40167: Fixed a permissive HTTP header parsing issue that could potentially lead to HTTP smuggling attacks (bsc#1215417). * CVE-2023-36479: Fixed an incorrect command execution when sending requests with certain characters in requested filenames (bsc#1215415). * CVE-2023-41900: Fixed an issue where an invalidated session would be allowed to perform a single request (bsc#1215416). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4210=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4210=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4210=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4210=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4210=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4210=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4210=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4210=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4210=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4210=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4210=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4210=1 ## Package List: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * jetty-server-9.4.53-150200.3.22.1 * jetty-util-9.4.53-150200.3.22.1 * jetty-http-9.4.53-150200.3.22.1 * jetty-servlet-9.4.53-150200.3.22.1 * jetty-security-9.4.53-150200.3.22.1 * jetty-io-9.4.53-150200.3.22.1 * jetty-util-ajax-9.4.53-150200.3.22.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * jetty-server-9.4.53-150200.3.22.1 * jetty-util-9.4.53-150200.3.22.1 * jetty-http-9.4.53-150200.3.22.1 * jetty-servlet-9.4.53-150200.3.22.1 * jetty-security-9.4.53-150200.3.22.1 * jetty-io-9.4.53-150200.3.22.1 * jetty-util-ajax-9.4.53-150200.3.22.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * jetty-server-9.4.53-150200.3.22.1 * jetty-util-9.4.53-150200.3.22.1 * jetty-http-9.4.53-150200.3.22.1 * jetty-servlet-9.4.53-150200.3.22.1 * jetty-security-9.4.53-150200.3.22.1 * jetty-io-9.4.53-150200.3.22.1 * jetty-util-ajax-9.4.53-150200.3.22.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * jetty-server-9.4.53-150200.3.22.1 * jetty-util-9.4.53-150200.3.22.1 * jetty-http-9.4.53-150200.3.22.1 * jetty-servlet-9.4.53-150200.3.22.1 * jetty-security-9.4.53-150200.3.22.1 * jetty-io-9.4.53-150200.3.22.1 * jetty-util-ajax-9.4.53-150200.3.22.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * jetty-server-9.4.53-150200.3.22.1 * jetty-util-9.4.53-150200.3.22.1 * jetty-http-9.4.53-150200.3.22.1 * jetty-servlet-9.4.53-150200.3.22.1 * jetty-security-9.4.53-150200.3.22.1 * jetty-io-9.4.53-150200.3.22.1 * jetty-util-ajax-9.4.53-150200.3.22.1 * SUSE Enterprise Storage 7.1 (noarch) * jetty-server-9.4.53-150200.3.22.1 * jetty-util-9.4.53-150200.3.22.1 * jetty-http-9.4.53-150200.3.22.1 * jetty-servlet-9.4.53-150200.3.22.1 * jetty-security-9.4.53-150200.3.22.1 * jetty-io-9.4.53-150200.3.22.1 * jetty-util-ajax-9.4.53-150200.3.22.1 * openSUSE Leap 15.4 (noarch) * jetty-cdi-9.4.53-150200.3.22.1 * jetty-servlets-9.4.53-150200.3.22.1 * jetty-util-9.4.53-150200.3.22.1 * jetty-rewrite-9.4.53-150200.3.22.1 * jetty-ant-9.4.53-150200.3.22.1 * jetty-openid-9.4.53-150200.3.22.1 * jetty-start-9.4.53-150200.3.22.1 * jetty-io-9.4.53-150200.3.22.1 * jetty-fcgi-9.4.53-150200.3.22.1 * jetty-util-ajax-9.4.53-150200.3.22.1 * jetty-webapp-9.4.53-150200.3.22.1 * jetty-proxy-9.4.53-150200.3.22.1 * jetty-continuation-9.4.53-150200.3.22.1 * jetty-server-9.4.53-150200.3.22.1 * jetty-quickstart-9.4.53-150200.3.22.1 * jetty-annotations-9.4.53-150200.3.22.1 * jetty-servlet-9.4.53-150200.3.22.1 * jetty-jndi-9.4.53-150200.3.22.1 * jetty-minimal-javadoc-9.4.53-150200.3.22.1 * jetty-plus-9.4.53-150200.3.22.1 * jetty-http-spi-9.4.53-150200.3.22.1 * jetty-xml-9.4.53-150200.3.22.1 * jetty-jmx-9.4.53-150200.3.22.1 * jetty-http-9.4.53-150200.3.22.1 * jetty-jsp-9.4.53-150200.3.22.1 * jetty-deploy-9.4.53-150200.3.22.1 * jetty-client-9.4.53-150200.3.22.1 * jetty-security-9.4.53-150200.3.22.1 * jetty-jaas-9.4.53-150200.3.22.1 * openSUSE Leap 15.5 (noarch) * jetty-cdi-9.4.53-150200.3.22.1 * jetty-servlets-9.4.53-150200.3.22.1 * jetty-util-9.4.53-150200.3.22.1 * jetty-rewrite-9.4.53-150200.3.22.1 * jetty-ant-9.4.53-150200.3.22.1 * jetty-openid-9.4.53-150200.3.22.1 * jetty-start-9.4.53-150200.3.22.1 * jetty-io-9.4.53-150200.3.22.1 * jetty-fcgi-9.4.53-150200.3.22.1 * jetty-util-ajax-9.4.53-150200.3.22.1 * jetty-webapp-9.4.53-150200.3.22.1 * jetty-proxy-9.4.53-150200.3.22.1 * jetty-continuation-9.4.53-150200.3.22.1 * jetty-server-9.4.53-150200.3.22.1 * jetty-quickstart-9.4.53-150200.3.22.1 * jetty-annotations-9.4.53-150200.3.22.1 * jetty-servlet-9.4.53-150200.3.22.1 * jetty-jndi-9.4.53-150200.3.22.1 * jetty-minimal-javadoc-9.4.53-150200.3.22.1 * jetty-plus-9.4.53-150200.3.22.1 * jetty-http-spi-9.4.53-150200.3.22.1 * jetty-xml-9.4.53-150200.3.22.1 * jetty-jmx-9.4.53-150200.3.22.1 * jetty-http-9.4.53-150200.3.22.1 * jetty-jsp-9.4.53-150200.3.22.1 * jetty-deploy-9.4.53-150200.3.22.1 * jetty-client-9.4.53-150200.3.22.1 * jetty-security-9.4.53-150200.3.22.1 * jetty-jaas-9.4.53-150200.3.22.1 * Development Tools Module 15-SP4 (noarch) * jetty-server-9.4.53-150200.3.22.1 * jetty-util-9.4.53-150200.3.22.1 * jetty-http-9.4.53-150200.3.22.1 * jetty-servlet-9.4.53-150200.3.22.1 * jetty-security-9.4.53-150200.3.22.1 * jetty-io-9.4.53-150200.3.22.1 * jetty-util-ajax-9.4.53-150200.3.22.1 * Development Tools Module 15-SP5 (noarch) * jetty-server-9.4.53-150200.3.22.1 * jetty-util-9.4.53-150200.3.22.1 * jetty-http-9.4.53-150200.3.22.1 * jetty-servlet-9.4.53-150200.3.22.1 * jetty-security-9.4.53-150200.3.22.1 * jetty-io-9.4.53-150200.3.22.1 * jetty-util-ajax-9.4.53-150200.3.22.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * jetty-server-9.4.53-150200.3.22.1 * jetty-util-9.4.53-150200.3.22.1 * jetty-http-9.4.53-150200.3.22.1 * jetty-servlet-9.4.53-150200.3.22.1 * jetty-security-9.4.53-150200.3.22.1 * jetty-io-9.4.53-150200.3.22.1 * jetty-util-ajax-9.4.53-150200.3.22.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * jetty-server-9.4.53-150200.3.22.1 * jetty-util-9.4.53-150200.3.22.1 * jetty-http-9.4.53-150200.3.22.1 * jetty-servlet-9.4.53-150200.3.22.1 * jetty-security-9.4.53-150200.3.22.1 * jetty-io-9.4.53-150200.3.22.1 * jetty-util-ajax-9.4.53-150200.3.22.1 ## References: * https://www.suse.com/security/cve/CVE-2023-36478.html * https://www.suse.com/security/cve/CVE-2023-36479.html * https://www.suse.com/security/cve/CVE-2023-40167.html * https://www.suse.com/security/cve/CVE-2023-41900.html * https://www.suse.com/security/cve/CVE-2023-44487.html * https://bugzilla.suse.com/show_bug.cgi?id=1215415 * https://bugzilla.suse.com/show_bug.cgi?id=1215416 * https://bugzilla.suse.com/show_bug.cgi?id=1215417 * https://bugzilla.suse.com/show_bug.cgi?id=1216162 * https://bugzilla.suse.com/show_bug.cgi?id=1216169 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 26 12:30:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Oct 2023 12:30:30 -0000 Subject: SUSE-SU-2023:4209-1: important: Security update for webkit2gtk3 Message-ID: <169832343094.20045.1120872454088202866@smelt2.prg2.suse.org> # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2023:4209-1 Rating: important References: * bsc#1213379 * bsc#1213581 * bsc#1213905 * bsc#1215072 * bsc#1215661 * bsc#1215866 * bsc#1215867 * bsc#1215868 * bsc#1215869 * bsc#1215870 * bsc#1216483 Cross-References: * CVE-2023-32393 * CVE-2023-35074 * CVE-2023-37450 * CVE-2023-39434 * CVE-2023-39928 * CVE-2023-40451 * CVE-2023-41074 * CVE-2023-41993 CVSS scores: * CVE-2023-32393 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-32393 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-35074 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-35074 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-37450 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-37450 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-39434 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-39434 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-39928 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-39928 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-40451 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-40451 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-41074 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-41074 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-41993 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L * CVE-2023-41993 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves eight vulnerabilities and has three security fixes can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: * CVE-2023-41993: Fixed an issue where processing malicious web content could have lead to arbitrary code execution (bsc#1215661). * CVE-2023-39928: Fixed a use-after-free that could be exploited to execute arbitrary code when visiting a malicious webpage (bsc#1215868). * CVE-2023-41074: Fixed an issue where processing malicious web content could have lead to arbitrary code execution (bsc#1215870). Non-security fixes: * Fixed missing package dependencies (bsc#1215072). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4209=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4209=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4209=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-4209=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4209=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * typelib-1_0-JavaScriptCore-4_0-2.42.1-2.155.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.1-2.155.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.1-2.155.1 * webkit2gtk-4_0-injected-bundles-2.42.1-2.155.1 * libjavascriptcoregtk-4_0-18-2.42.1-2.155.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.1-2.155.1 * libwebkit2gtk-4_0-37-2.42.1-2.155.1 * typelib-1_0-WebKit2-4_0-2.42.1-2.155.1 * webkit2gtk3-debugsource-2.42.1-2.155.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.1-2.155.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * libwebkit2gtk3-lang-2.42.1-2.155.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * typelib-1_0-JavaScriptCore-4_0-2.42.1-2.155.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.1-2.155.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.1-2.155.1 * webkit2gtk-4_0-injected-bundles-2.42.1-2.155.1 * libjavascriptcoregtk-4_0-18-2.42.1-2.155.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.1-2.155.1 * libwebkit2gtk-4_0-37-2.42.1-2.155.1 * typelib-1_0-WebKit2-4_0-2.42.1-2.155.1 * webkit2gtk3-debugsource-2.42.1-2.155.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.1-2.155.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * libwebkit2gtk3-lang-2.42.1-2.155.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * typelib-1_0-JavaScriptCore-4_0-2.42.1-2.155.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.1-2.155.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.1-2.155.1 * webkit2gtk-4_0-injected-bundles-2.42.1-2.155.1 * libjavascriptcoregtk-4_0-18-2.42.1-2.155.1 * libwebkit2gtk-4_0-37-debuginfo-2.42.1-2.155.1 * libwebkit2gtk-4_0-37-2.42.1-2.155.1 * typelib-1_0-WebKit2-4_0-2.42.1-2.155.1 * webkit2gtk3-debugsource-2.42.1-2.155.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.1-2.155.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * libwebkit2gtk3-lang-2.42.1-2.155.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * libjavascriptcoregtk-4_0-18-32bit-2.42.1-2.155.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * webkit2gtk3-devel-2.42.1-2.155.1 * webkit2gtk3-debugsource-2.42.1-2.155.1 * typelib-1_0-WebKit2WebExtension-4_0-2.42.1-2.155.1 ## References: * https://www.suse.com/security/cve/CVE-2023-32393.html * https://www.suse.com/security/cve/CVE-2023-35074.html * https://www.suse.com/security/cve/CVE-2023-37450.html * https://www.suse.com/security/cve/CVE-2023-39434.html * https://www.suse.com/security/cve/CVE-2023-39928.html * https://www.suse.com/security/cve/CVE-2023-40451.html * https://www.suse.com/security/cve/CVE-2023-41074.html * https://www.suse.com/security/cve/CVE-2023-41993.html * https://bugzilla.suse.com/show_bug.cgi?id=1213379 * https://bugzilla.suse.com/show_bug.cgi?id=1213581 * https://bugzilla.suse.com/show_bug.cgi?id=1213905 * https://bugzilla.suse.com/show_bug.cgi?id=1215072 * https://bugzilla.suse.com/show_bug.cgi?id=1215661 * https://bugzilla.suse.com/show_bug.cgi?id=1215866 * https://bugzilla.suse.com/show_bug.cgi?id=1215867 * https://bugzilla.suse.com/show_bug.cgi?id=1215868 * https://bugzilla.suse.com/show_bug.cgi?id=1215869 * https://bugzilla.suse.com/show_bug.cgi?id=1215870 * https://bugzilla.suse.com/show_bug.cgi?id=1216483 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 26 12:30:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Oct 2023 12:30:34 -0000 Subject: SUSE-SU-2023:4207-1: important: Security update for nodejs18 Message-ID: <169832343484.20045.4923764401554613260@smelt2.prg2.suse.org> # Security update for nodejs18 Announcement ID: SUSE-SU-2023:4207-1 Rating: important References: * bsc#1216190 * bsc#1216205 * bsc#1216272 * bsc#1216273 Cross-References: * CVE-2023-38552 * CVE-2023-39333 * CVE-2023-44487 * CVE-2023-45143 CVSS scores: * CVE-2023-38552 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-38552 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-39333 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-45143 ( SUSE ): 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L * CVE-2023-45143 ( NVD ): 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Server 4.2 An update that solves four vulnerabilities can now be installed. ## Description: This update for nodejs18 fixes the following issues: * Update to version 18.18.2 * CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190) * CVE-2023-45143: Fixed a cookie leakage in undici. (bsc#1216205) * CVE-2023-38552: Fixed an integrity checks according to policies that could be circumvented. (bsc#1216272) * CVE-2023-39333: Fixed a code injection via WebAssembly export names. (bsc#1216273) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4207=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4207=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4207=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4207=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4207=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4207=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4207=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * corepack16-16.20.2-150300.7.30.1 * nodejs16-debugsource-16.20.2-150300.7.30.1 * npm16-16.20.2-150300.7.30.1 * nodejs16-16.20.2-150300.7.30.1 * nodejs16-devel-16.20.2-150300.7.30.1 * nodejs16-debuginfo-16.20.2-150300.7.30.1 * openSUSE Leap 15.3 (noarch) * nodejs16-docs-16.20.2-150300.7.30.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * nodejs16-debugsource-16.20.2-150300.7.30.1 * npm16-16.20.2-150300.7.30.1 * nodejs16-16.20.2-150300.7.30.1 * nodejs16-devel-16.20.2-150300.7.30.1 * nodejs16-debuginfo-16.20.2-150300.7.30.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * nodejs16-docs-16.20.2-150300.7.30.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * nodejs16-debugsource-16.20.2-150300.7.30.1 * npm16-16.20.2-150300.7.30.1 * nodejs16-16.20.2-150300.7.30.1 * nodejs16-devel-16.20.2-150300.7.30.1 * nodejs16-debuginfo-16.20.2-150300.7.30.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * nodejs16-docs-16.20.2-150300.7.30.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * nodejs16-debugsource-16.20.2-150300.7.30.1 * npm16-16.20.2-150300.7.30.1 * nodejs16-16.20.2-150300.7.30.1 * nodejs16-devel-16.20.2-150300.7.30.1 * nodejs16-debuginfo-16.20.2-150300.7.30.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * nodejs16-docs-16.20.2-150300.7.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * nodejs16-debugsource-16.20.2-150300.7.30.1 * npm16-16.20.2-150300.7.30.1 * nodejs16-16.20.2-150300.7.30.1 * nodejs16-devel-16.20.2-150300.7.30.1 * nodejs16-debuginfo-16.20.2-150300.7.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * nodejs16-docs-16.20.2-150300.7.30.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * nodejs16-debugsource-16.20.2-150300.7.30.1 * npm16-16.20.2-150300.7.30.1 * nodejs16-16.20.2-150300.7.30.1 * nodejs16-devel-16.20.2-150300.7.30.1 * nodejs16-debuginfo-16.20.2-150300.7.30.1 * SUSE Manager Server 4.2 (noarch) * nodejs16-docs-16.20.2-150300.7.30.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * nodejs16-debugsource-16.20.2-150300.7.30.1 * npm16-16.20.2-150300.7.30.1 * nodejs16-16.20.2-150300.7.30.1 * nodejs16-devel-16.20.2-150300.7.30.1 * nodejs16-debuginfo-16.20.2-150300.7.30.1 * SUSE Enterprise Storage 7.1 (noarch) * nodejs16-docs-16.20.2-150300.7.30.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38552.html * https://www.suse.com/security/cve/CVE-2023-39333.html * https://www.suse.com/security/cve/CVE-2023-44487.html * https://www.suse.com/security/cve/CVE-2023-45143.html * https://bugzilla.suse.com/show_bug.cgi?id=1216190 * https://bugzilla.suse.com/show_bug.cgi?id=1216205 * https://bugzilla.suse.com/show_bug.cgi?id=1216272 * https://bugzilla.suse.com/show_bug.cgi?id=1216273 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 26 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Oct 2023 16:30:02 -0000 Subject: SUSE-SU-2023:4219-1: important: Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP3) Message-ID: <169833780299.23945.5134204185465160558@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP3) Announcement ID: SUSE-SU-2023:4219-1 Rating: important References: * bsc#1212934 * bsc#1214812 * bsc#1215118 * bsc#1215440 Cross-References: * CVE-2023-3390 * CVE-2023-4004 * CVE-2023-4147 * CVE-2023-4623 CVSS scores: * CVE-2023-3390 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3390 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4004 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4147 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4147 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_124 fixes several issues. The following security issues were fixed: * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215440). * CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1215118). * CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1214812). * CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212934). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4219=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-4219=1 ## Package List: * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_124-default-debuginfo-5-150300.2.2 * kernel-livepatch-SLE15-SP3_Update_33-debugsource-5-150300.2.2 * kernel-livepatch-5_3_18-150300_59_124-default-5-150300.2.2 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_124-preempt-debuginfo-5-150300.2.2 * kernel-livepatch-5_3_18-150300_59_124-preempt-5-150300.2.2 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_124-default-5-150300.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-3390.html * https://www.suse.com/security/cve/CVE-2023-4004.html * https://www.suse.com/security/cve/CVE-2023-4147.html * https://www.suse.com/security/cve/CVE-2023-4623.html * https://bugzilla.suse.com/show_bug.cgi?id=1212934 * https://bugzilla.suse.com/show_bug.cgi?id=1214812 * https://bugzilla.suse.com/show_bug.cgi?id=1215118 * https://bugzilla.suse.com/show_bug.cgi?id=1215440 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 26 16:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Oct 2023 16:30:10 -0000 Subject: SUSE-SU-2023:4220-1: moderate: Security update for python Message-ID: <169833781026.23945.12280200716481485153@smelt2.prg2.suse.org> # Security update for python Announcement ID: SUSE-SU-2023:4220-1 Rating: moderate References: * bsc#1210638 * bsc#1214685 * bsc#1214691 Cross-References: * CVE-2022-48565 * CVE-2022-48566 * CVE-2023-27043 CVSS scores: * CVE-2022-48565 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2022-48565 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48566 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N * CVE-2022-48566 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-27043 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-27043 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for python fixes the following issues: * CVE-2022-48566: Fixed a potential timing side channel due to inadequate checking during HMAC comparison (bsc#1214691). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4220=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4220=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4220=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4220=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4220=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4220=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4220=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * python-xml-2.7.18-150000.57.1 * python-demo-2.7.18-150000.57.1 * python-idle-2.7.18-150000.57.1 * python-tk-2.7.18-150000.57.1 * python-debuginfo-2.7.18-150000.57.1 * python-base-2.7.18-150000.57.1 * python-devel-2.7.18-150000.57.1 * python-curses-2.7.18-150000.57.1 * python-gdbm-2.7.18-150000.57.1 * python-gdbm-debuginfo-2.7.18-150000.57.1 * python-tk-debuginfo-2.7.18-150000.57.1 * python-base-debugsource-2.7.18-150000.57.1 * python-xml-debuginfo-2.7.18-150000.57.1 * python-debugsource-2.7.18-150000.57.1 * libpython2_7-1_0-2.7.18-150000.57.1 * python-curses-debuginfo-2.7.18-150000.57.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.57.1 * python-2.7.18-150000.57.1 * python-base-debuginfo-2.7.18-150000.57.1 * openSUSE Leap 15.4 (x86_64) * libpython2_7-1_0-32bit-2.7.18-150000.57.1 * python-32bit-debuginfo-2.7.18-150000.57.1 * python-base-32bit-debuginfo-2.7.18-150000.57.1 * libpython2_7-1_0-32bit-debuginfo-2.7.18-150000.57.1 * python-32bit-2.7.18-150000.57.1 * python-base-32bit-2.7.18-150000.57.1 * openSUSE Leap 15.4 (noarch) * python-doc-pdf-2.7.18-150000.57.1 * python-doc-2.7.18-150000.57.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * python-xml-2.7.18-150000.57.1 * python-demo-2.7.18-150000.57.1 * python-idle-2.7.18-150000.57.1 * python-tk-2.7.18-150000.57.1 * python-debuginfo-2.7.18-150000.57.1 * python-base-2.7.18-150000.57.1 * python-devel-2.7.18-150000.57.1 * python-curses-2.7.18-150000.57.1 * python-gdbm-2.7.18-150000.57.1 * python-gdbm-debuginfo-2.7.18-150000.57.1 * python-tk-debuginfo-2.7.18-150000.57.1 * python-base-debugsource-2.7.18-150000.57.1 * python-xml-debuginfo-2.7.18-150000.57.1 * python-debugsource-2.7.18-150000.57.1 * libpython2_7-1_0-2.7.18-150000.57.1 * python-curses-debuginfo-2.7.18-150000.57.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.57.1 * python-2.7.18-150000.57.1 * python-base-debuginfo-2.7.18-150000.57.1 * openSUSE Leap 15.5 (x86_64) * libpython2_7-1_0-32bit-2.7.18-150000.57.1 * python-32bit-debuginfo-2.7.18-150000.57.1 * python-base-32bit-debuginfo-2.7.18-150000.57.1 * libpython2_7-1_0-32bit-debuginfo-2.7.18-150000.57.1 * python-32bit-2.7.18-150000.57.1 * python-base-32bit-2.7.18-150000.57.1 * openSUSE Leap 15.5 (noarch) * python-doc-pdf-2.7.18-150000.57.1 * python-doc-2.7.18-150000.57.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * python-base-debugsource-2.7.18-150000.57.1 * python-devel-2.7.18-150000.57.1 * python-base-debuginfo-2.7.18-150000.57.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * python-xml-2.7.18-150000.57.1 * python-debuginfo-2.7.18-150000.57.1 * python-base-2.7.18-150000.57.1 * python-devel-2.7.18-150000.57.1 * python-curses-2.7.18-150000.57.1 * python-gdbm-2.7.18-150000.57.1 * python-gdbm-debuginfo-2.7.18-150000.57.1 * python-base-debugsource-2.7.18-150000.57.1 * python-xml-debuginfo-2.7.18-150000.57.1 * python-debugsource-2.7.18-150000.57.1 * libpython2_7-1_0-2.7.18-150000.57.1 * python-curses-debuginfo-2.7.18-150000.57.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.57.1 * python-2.7.18-150000.57.1 * python-base-debuginfo-2.7.18-150000.57.1 * SUSE Manager Proxy 4.2 (x86_64) * python-debuginfo-2.7.18-150000.57.1 * python-base-2.7.18-150000.57.1 * python-base-debugsource-2.7.18-150000.57.1 * python-debugsource-2.7.18-150000.57.1 * libpython2_7-1_0-2.7.18-150000.57.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.57.1 * python-2.7.18-150000.57.1 * python-base-debuginfo-2.7.18-150000.57.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * python-debuginfo-2.7.18-150000.57.1 * python-base-2.7.18-150000.57.1 * python-base-debugsource-2.7.18-150000.57.1 * python-debugsource-2.7.18-150000.57.1 * libpython2_7-1_0-2.7.18-150000.57.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.57.1 * python-2.7.18-150000.57.1 * python-base-debuginfo-2.7.18-150000.57.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * python-xml-2.7.18-150000.57.1 * python-debuginfo-2.7.18-150000.57.1 * python-base-2.7.18-150000.57.1 * python-devel-2.7.18-150000.57.1 * python-curses-2.7.18-150000.57.1 * python-gdbm-2.7.18-150000.57.1 * python-gdbm-debuginfo-2.7.18-150000.57.1 * python-base-debugsource-2.7.18-150000.57.1 * python-xml-debuginfo-2.7.18-150000.57.1 * python-debugsource-2.7.18-150000.57.1 * libpython2_7-1_0-2.7.18-150000.57.1 * python-curses-debuginfo-2.7.18-150000.57.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.57.1 * python-2.7.18-150000.57.1 * python-base-debuginfo-2.7.18-150000.57.1 ## References: * https://www.suse.com/security/cve/CVE-2022-48565.html * https://www.suse.com/security/cve/CVE-2022-48566.html * https://www.suse.com/security/cve/CVE-2023-27043.html * https://bugzilla.suse.com/show_bug.cgi?id=1210638 * https://bugzilla.suse.com/show_bug.cgi?id=1214685 * https://bugzilla.suse.com/show_bug.cgi?id=1214691 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Oct 26 16:30:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Oct 2023 16:30:15 -0000 Subject: SUSE-SU-2023:4218-1: important: Security update for vorbis-tools Message-ID: <169833781552.23945.589878772575942049@smelt2.prg2.suse.org> # Security update for vorbis-tools Announcement ID: SUSE-SU-2023:4218-1 Rating: important References: * bsc#1215942 Cross-References: * CVE-2023-43361 CVSS scores: * CVE-2023-43361 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2023-43361 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for vorbis-tools fixes the following issues: * CVE-2023-43361: Fixed a buffer overflow vulnerability during the conversion of wav files to ogg files. (bsc#1215942) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4218=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4218=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4218=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * vorbis-tools-debuginfo-1.4.0-27.3.1 * vorbis-tools-debugsource-1.4.0-27.3.1 * vorbis-tools-1.4.0-27.3.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * vorbis-tools-lang-1.4.0-27.3.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * vorbis-tools-debuginfo-1.4.0-27.3.1 * vorbis-tools-debugsource-1.4.0-27.3.1 * vorbis-tools-1.4.0-27.3.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * vorbis-tools-lang-1.4.0-27.3.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * vorbis-tools-debuginfo-1.4.0-27.3.1 * vorbis-tools-debugsource-1.4.0-27.3.1 * vorbis-tools-1.4.0-27.3.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * vorbis-tools-lang-1.4.0-27.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-43361.html * https://bugzilla.suse.com/show_bug.cgi?id=1215942 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 27 07:03:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2023 09:03:33 +0200 (CEST) Subject: SUSE-CU-2023:3556-1: Security update of bci/nodejs Message-ID: <20231027070333.3A590F417@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3556-1 Container Tags : bci/node:16 , bci/node:16-18.13 , bci/nodejs:16 , bci/nodejs:16-18.13 Container Release : 18.13 Severity : important Type : security References : 1030253 1095425 1103893 1107342 1112183 1146907 1158955 1159131 1161007 1162882 1166844 1167603 1182252 1182645 1192935 1193951 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215215 1215286 1215313 1215434 1215891 1216123 1216174 1216190 1216205 1216272 1216273 1216378 354372 437293 824262 CVE-2020-10531 CVE-2020-21913 CVE-2023-38552 CVE-2023-39333 CVE-2023-4039 CVE-2023-44487 CVE-2023-44487 CVE-2023-45143 CVE-2023-45853 CVE-2023-4813 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3563-1 Released: Fri Sep 8 15:28:17 2023 Summary: Security update for icu73_2 Type: security Severity: moderate References: 1030253,1095425,1103893,1112183,1146907,1158955,1159131,1161007,1162882,1166844,1167603,1182252,1182645,1192935,1193951,354372,437293,824262,CVE-2020-10531,CVE-2020-21913 This update for icu73_2 fixes the following issues: - Update to release 73.2 * CLDR extends the support for ???short??? Chinese sort orders to cover some additional, required characters for Level 2. This is carried over into ICU collation. * ICU has a modified character conversion table, mapping some GB18030 characters to Unicode characters that were encoded after GB18030-2005. - fixes builds where UCHAR_TYPE is re-defined such as libqt5-qtwebengine - Update to release 73.1 * Improved Japanese and Korean short-text line breaking * Reduction of C++ memory use in date formatting - Update to release 72.1 * Support for Unicode 15, including new characters, scripts, emoji, and corresponding API constants. * Support for CLDR 42 locale data with various additions and corrections. * Shift to tzdb 2022e. Pre-1970 data for a number of timezones has been removed. - bump library packagename to libicu71 to match the version. - update to 71.1: * updates to CLDR 41 locale data with various additions and corrections. * phrase-based line breaking for Japanese. Existing line breaking methods follow standards and conventions for body text but do not work well for short Japanese text, such as in titles and headings. This new feature is optimized for these use cases. * support for Hindi written in Latin letters (hi_Latn). The CLDR data for this increasingly popular locale has been significantly revised and expanded. Note that based on user expectations, hi_Latn incorporates a large amount of English, and can also be referred to as ???Hinglish???. * time zone data updated to version 2022a. Note that pre-1970 data for a number of time zones has been removed, as has been the case in the upstream tzdata release since 2021b. - ICU-21793 Fix ucptrietest golden diff [bsc#1192935] - Update to release 70.1: * Unicode 14 (new characters, scripts, emoji, and API constants) * CLDR 40 (many additions and corrections) * Fixes for measurement unit formatting * Can now be built with up to C++20 compilers - ICU-21613 Fix undefined behaviour in ComplexUnitsConverter::applyRounder - Update to release 69.1 * CLDR 39 * For Norwegian, 'no' is back to being the canonical code, with 'nb' treated as equivalent. This aligns handling of Norwegian with other macro language codes. * Binary prefixes in measurement units (KiB, MiB, etc.) * Time zone offsets from local time: New APIs BasicTimeZone::getOffsetFromLocal() (C++) and ucal_getTimeZoneOffsetFromLocal() - Backport ICU-21366 (bsc#1182645) - Update to release 68.2 * Fix memory problem in FormattedStringBuilder * Fix assertion when setKeywordValue w/ long value. * Fix UBSan breakage on 8bit of rbbi * fix int32_t overflow in listFormat * Fix memory handling in MemoryPool::operator=() * Fix memory leak in AliasReplacer - Add back icu.keyring, see https://unicode-org.atlassian.net/browse/ICU-21361 - Update to release 68.1 * CLDR 38 * Measurement unit preferences * PluralRules selection for ranges of numbers * Locale ID canonicalization now conforms to the CLDR spec including edge cases * DateIntervalFormat supports output options such as capitalization * Measurement units are normalized in skeleton string output * Time zone data (tzdata) version 2020d - Add the provides for libicu to Make .Net core can install successfully. (bsc#1167603, bsc#1161007) - Update to version 67.1 * Unicode 13 (ICU-20893, same as in ICU 66) + Total of 5930 new characters + 4 new scripts + 55 new emoji characters, plus additional new sequences + New CJK extension, first characters in plane 3: U+30000..U+3134A * CLDR 37 + New language at Modern coverage: Nigerian Pidgin + New languages at Basic coverage: Fulah (Adlam), Maithili, Manipuri, Santali, Sindhi (Devanagari), Sundanese + Region containment: EU no longer includes GB + Unicode 13 root collation data and Chinese data for collation and transliteration * DateTimePatternGenerator now obeys the 'hc' preference in the locale identifier (ICU-20442) * Various other improvements for ECMA-402 conformance * Number skeletons have a new 'concise' form that can be used in MessageFormat strings (ICU-20418) * Currency formatting options for formal and other currency display name variants (ICU-20854) * ListFormatter: new public API to select the style & type (ICU-12863) * ListFormatter now selects the proper ???and???/???or??? form for Spanish & Hebrew (ICU-21016) * Locale ID canonicalization upgraded to implement the complete CLDR spec (ICU-20834, ICU-20272) * LocaleMatcher: New option to ignore one-way matches (ICU-20936), and other tweaks to the code (ICU-20916, ICU-20917) and data (from CLDR) * acceptLanguage() reimplemented via LocaleMatcher (ICU-20700) * Data build tool: tzdbNames.res moved from the 'zone_tree' category to the 'zone_supplemental' category (ICU-21073) * Fixed uses of u8'literals' broken by the C++20 introduction of the incompatible char8_t type (ICU-20972), * and added a few API overloads to reduce the need for reinterpret_cast (ICU-20984). * Support for manipulating CLDR 37 unit identifiers in MeasureUnit. * Fix potential integer overflow in UnicodeString:doAppend (bsc#1166844, CVE-2020-10531). - Update to version 66.1 * Unicode 13 support * Fix uses of u8'literals' broken by C++20 introduction of incompatible char8_t type. (ICU-20972) * use LocalMemory for cmd to prevent use after free (bsc#1193951 CVE-2020-21913). - Remove /usr/lib(64)/icu/current [bsc#1158955]. - Update to release 65.1 (jsc#SLE-11118). * Updated to CLDR 36 locale data with many additions and corrections, and some new measurement units. * The Java LocaleMatcher API is improved, and ported to C++. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4122-1 Released: Thu Oct 19 08:24:34 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4155-1 Released: Mon Oct 23 09:18:09 2023 Summary: Security update for nodejs18 Type: security Severity: important References: 1216190,1216205,1216272,1216273,CVE-2023-38552,CVE-2023-39333,CVE-2023-44487,CVE-2023-45143 This update for nodejs18 fixes the following issues: - Update to version 18.18.2 - CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190) - CVE-2023-45143: Fixed a cookie leakage in undici. (bsc#1216205) - CVE-2023-38552: Fixed an integrity checks according to policies that could be circumvented. (bsc#1216272) - CVE-2023-39333: Fixed a code injection via WebAssembly export names. (bsc#1216273) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4217-1 Released: Thu Oct 26 12:20:27 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - glibc-2.31-150300.63.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libz1-1.2.11-150000.3.48.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libsystemd0-249.16-150400.8.35.5 updated - libopenssl1_1-1.1.1l-150400.7.57.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.57.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - libicu73_2-ledata-73.2-150000.1.3.1 added - libicu73_2-73.2-150000.1.3.1 added - nodejs16-16.20.2-150400.3.27.2 updated - npm16-16.20.2-150400.3.27.2 updated - container:sles15-image-15.0.0-27.14.113 updated - libicu69-69.1-7.3.2 removed - libicu69-ledata-69.1-7.3.2 removed From sle-updates at lists.suse.com Fri Oct 27 07:03:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2023 09:03:45 +0200 (CEST) Subject: SUSE-CU-2023:3557-1: Security update of bci/dotnet-aspnet Message-ID: <20231027070345.5A8BAF417@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3557-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-17.2 , bci/dotnet-aspnet:6.0.24 , bci/dotnet-aspnet:6.0.24-17.2 Container Release : 17.2 Severity : important Type : security References : 1216123 1216174 1216378 CVE-2023-44487 CVE-2023-45853 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - libz1-1.2.13-150500.4.3.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - container:sles15-image-15.0.0-36.5.50 updated From sle-updates at lists.suse.com Fri Oct 27 07:03:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2023 09:03:56 +0200 (CEST) Subject: SUSE-CU-2023:3558-1: Security update of bci/dotnet-aspnet Message-ID: <20231027070356.2984CF417@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3558-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-17.2 , bci/dotnet-aspnet:7.0.13 , bci/dotnet-aspnet:7.0.13-17.2 , bci/dotnet-aspnet:latest Container Release : 17.2 Severity : important Type : security References : 1216123 1216174 1216378 CVE-2023-44487 CVE-2023-45853 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - libz1-1.2.13-150500.4.3.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - container:sles15-image-15.0.0-36.5.50 updated From sle-updates at lists.suse.com Fri Oct 27 07:04:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2023 09:04:08 +0200 (CEST) Subject: SUSE-CU-2023:3559-1: Security update of bci/dotnet-sdk Message-ID: <20231027070408.6D8B4F417@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3559-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-16.2 , bci/dotnet-sdk:6.0.24 , bci/dotnet-sdk:6.0.24-16.2 Container Release : 16.2 Severity : important Type : security References : 1216123 1216174 1216378 CVE-2023-44487 CVE-2023-45853 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - libz1-1.2.13-150500.4.3.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - container:sles15-image-15.0.0-36.5.50 updated From sle-updates at lists.suse.com Fri Oct 27 07:04:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2023 09:04:22 +0200 (CEST) Subject: SUSE-CU-2023:3560-1: Security update of bci/dotnet-sdk Message-ID: <20231027070422.4C180F417@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3560-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-18.1 , bci/dotnet-sdk:7.0.13 , bci/dotnet-sdk:7.0.13-18.1 , bci/dotnet-sdk:latest Container Release : 18.1 Severity : important Type : security References : 1216123 1216174 1216378 CVE-2023-44487 CVE-2023-45853 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - libz1-1.2.13-150500.4.3.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - container:sles15-image-15.0.0-36.5.49 updated From sle-updates at lists.suse.com Fri Oct 27 07:04:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2023 09:04:32 +0200 (CEST) Subject: SUSE-CU-2023:3561-1: Security update of bci/dotnet-runtime Message-ID: <20231027070432.B5D40F417@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3561-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-16.1 , bci/dotnet-runtime:6.0.24 , bci/dotnet-runtime:6.0.24-16.1 Container Release : 16.1 Severity : important Type : security References : 1216123 1216174 1216378 CVE-2023-44487 CVE-2023-45853 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - libz1-1.2.13-150500.4.3.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - container:sles15-image-15.0.0-36.5.50 updated From sle-updates at lists.suse.com Fri Oct 27 07:04:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2023 09:04:46 +0200 (CEST) Subject: SUSE-CU-2023:3562-1: Security update of bci/dotnet-runtime Message-ID: <20231027070446.00ADBF417@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3562-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-18.2 , bci/dotnet-runtime:7.0.13 , bci/dotnet-runtime:7.0.13-18.2 , bci/dotnet-runtime:latest Container Release : 18.2 Severity : important Type : security References : 1216123 1216174 1216378 CVE-2023-44487 CVE-2023-45853 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - libz1-1.2.13-150500.4.3.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - container:sles15-image-15.0.0-36.5.50 updated From sle-updates at lists.suse.com Fri Oct 27 07:04:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2023 09:04:48 +0200 (CEST) Subject: SUSE-CU-2023:3563-1: Security update of suse/git Message-ID: <20231027070448.DBD55F417@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3563-1 Container Tags : suse/git:2.35 , suse/git:2.35-4.12 , suse/git:latest Container Release : 4.12 Severity : important Type : security References : 1216123 1216174 1216378 CVE-2023-44487 CVE-2023-45853 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - libnghttp2-14-1.40.0-150200.12.1 updated - libz1-1.2.13-150500.4.3.1 updated From sle-updates at lists.suse.com Fri Oct 27 07:04:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2023 09:04:51 +0200 (CEST) Subject: SUSE-CU-2023:3564-1: Security update of suse/helm Message-ID: <20231027070451.0ED1AF417@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3564-1 Container Tags : suse/helm:3.13 , suse/helm:3.13-3.10 , suse/helm:latest Container Release : 3.10 Severity : moderate Type : security References : 1216378 CVE-2023-45853 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - libz1-1.2.13-150500.4.3.1 updated From sle-updates at lists.suse.com Fri Oct 27 07:05:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2023 09:05:02 +0200 (CEST) Subject: SUSE-CU-2023:3565-1: Security update of bci/nodejs Message-ID: <20231027070502.B9190F417@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3565-1 Container Tags : bci/node:18 , bci/node:18-11.25 , bci/node:latest , bci/nodejs:18 , bci/nodejs:18-11.25 , bci/nodejs:latest Container Release : 11.25 Severity : important Type : security References : 1216123 1216174 1216378 CVE-2023-44487 CVE-2023-45853 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - libz1-1.2.13-150500.4.3.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - container:sles15-image-15.0.0-36.5.50 updated From sle-updates at lists.suse.com Fri Oct 27 08:11:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2023 10:11:16 +0200 (CEST) Subject: SUSE-CU-2023:3567-1: Security update of bci/python Message-ID: <20231027081116.5733DF417@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3567-1 Container Tags : bci/python:3 , bci/python:3-16.15 , bci/python:3.10 , bci/python:3.10-16.15 Container Release : 16.15 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1216123 1216174 1216378 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4193-1 Released: Wed Oct 25 10:36:43 2023 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - added EOL dates for previous go1.xx compiler packages (go1.15 to go1.19) - added EOL dates for previous rust compiler versions (1.43 up to 1.70) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4217-1 Released: Thu Oct 26 12:20:27 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - libnghttp2-14-1.40.0-150200.12.1 updated - libz1-1.2.11-150000.3.48.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - lifecycle-data-sle-module-development-tools-1-150200.3.21.1 updated - container:sles15-image-15.0.0-27.14.113 updated From sle-updates at lists.suse.com Fri Oct 27 08:11:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2023 10:11:30 +0200 (CEST) Subject: SUSE-CU-2023:3568-1: Security update of bci/openjdk-devel Message-ID: <20231027081130.2C35AF417@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3568-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-10.55 Container Release : 10.55 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1214790 1216123 1216174 1216374 1216378 CVE-2023-22081 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4198-1 Released: Wed Oct 25 11:58:43 2023 Summary: Security update for java-11-openjdk Type: security Severity: important References: 1214790,1216374,CVE-2023-22081 This update for java-11-openjdk fixes the following issues: - Upgraded to JDK 11.0.21+9 (October 2023 CPU): - CVE-2023-22081: Fixed a partial denial of service issue that could be triggered via HTTPS (bsc#1216374). Please visit the Oracle Release Notes page for the full changelog: https://www.oracle.com/java/technologies/javase/11all-relnotes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - libz1-1.2.13-150500.4.3.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - java-11-openjdk-headless-11.0.21.0-150000.3.107.1 updated - java-11-openjdk-11.0.21.0-150000.3.107.1 updated - java-11-openjdk-devel-11.0.21.0-150000.3.107.1 updated - container:bci-openjdk-11-15.5.11-11.26 updated From sle-updates at lists.suse.com Fri Oct 27 08:11:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2023 10:11:40 +0200 (CEST) Subject: SUSE-CU-2023:3569-1: Security update of bci/openjdk Message-ID: <20231027081140.CFD5DF417@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3569-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-11.26 Container Release : 11.26 Severity : important Type : security References : 1214790 1216123 1216174 1216374 1216378 CVE-2023-22081 CVE-2023-44487 CVE-2023-45853 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4198-1 Released: Wed Oct 25 11:58:43 2023 Summary: Security update for java-11-openjdk Type: security Severity: important References: 1214790,1216374,CVE-2023-22081 This update for java-11-openjdk fixes the following issues: - Upgraded to JDK 11.0.21+9 (October 2023 CPU): - CVE-2023-22081: Fixed a partial denial of service issue that could be triggered via HTTPS (bsc#1216374). Please visit the Oracle Release Notes page for the full changelog: https://www.oracle.com/java/technologies/javase/11all-relnotes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - libz1-1.2.13-150500.4.3.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - java-11-openjdk-headless-11.0.21.0-150000.3.107.1 updated - java-11-openjdk-11.0.21.0-150000.3.107.1 updated - container:sles15-image-15.0.0-36.5.49 updated From sle-updates at lists.suse.com Fri Oct 27 08:11:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2023 10:11:51 +0200 (CEST) Subject: SUSE-CU-2023:3570-1: Security update of bci/openjdk Message-ID: <20231027081151.D1EADF417@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3570-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-12.22 , bci/openjdk:latest Container Release : 12.22 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1216123 1216174 1216378 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - libz1-1.2.13-150500.4.3.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - container:sles15-image-15.0.0-36.5.49 updated From sle-updates at lists.suse.com Fri Oct 27 08:12:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2023 10:12:01 +0200 (CEST) Subject: SUSE-CU-2023:3571-1: Security update of bci/php-apache Message-ID: <20231027081201.AEA74F417@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3571-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-8.21 Container Release : 8.21 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1216123 1216174 1216378 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - libz1-1.2.13-150500.4.3.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - container:sles15-image-15.0.0-36.5.49 updated From sle-updates at lists.suse.com Fri Oct 27 08:12:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2023 10:12:12 +0200 (CEST) Subject: SUSE-CU-2023:3572-1: Security update of bci/php-fpm Message-ID: <20231027081212.C505CF417@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3572-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-8.23 Container Release : 8.23 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1216123 1216174 1216378 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - libz1-1.2.13-150500.4.3.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - container:sles15-image-15.0.0-36.5.49 updated From sle-updates at lists.suse.com Fri Oct 27 08:12:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2023 10:12:22 +0200 (CEST) Subject: SUSE-CU-2023:3573-1: Security update of bci/php Message-ID: <20231027081222.1ECA3F417@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3573-1 Container Tags : bci/php:8 , bci/php:8-8.20 Container Release : 8.20 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1216123 1216174 1216378 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - libz1-1.2.13-150500.4.3.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - container:sles15-image-15.0.0-36.5.49 updated From sle-updates at lists.suse.com Fri Oct 27 08:12:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2023 10:12:34 +0200 (CEST) Subject: SUSE-CU-2023:3574-1: Security update of bci/python Message-ID: <20231027081234.2C6ABF417@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3574-1 Container Tags : bci/python:3 , bci/python:3-14.17 , bci/python:3.6 , bci/python:3.6-14.17 Container Release : 14.17 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1216123 1216174 1216378 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4193-1 Released: Wed Oct 25 10:36:43 2023 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - added EOL dates for previous go1.xx compiler packages (go1.15 to go1.19) - added EOL dates for previous rust compiler versions (1.43 up to 1.70) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - libz1-1.2.13-150500.4.3.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - lifecycle-data-sle-module-development-tools-1-150200.3.21.1 updated - container:sles15-image-15.0.0-36.5.49 updated From sle-updates at lists.suse.com Fri Oct 27 08:12:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2023 10:12:44 +0200 (CEST) Subject: SUSE-CU-2023:3575-1: Security update of bci/ruby Message-ID: <20231027081244.A5F80F417@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3575-1 Container Tags : bci/ruby:2 , bci/ruby:2-12.21 , bci/ruby:2.5 , bci/ruby:2.5-12.21 , bci/ruby:latest Container Release : 12.21 Severity : important Type : security References : 1193035 1205726 1206480 1206684 1209891 1209967 1210557 1211427 1212101 1213915 1214052 1214460 1216123 1216174 1216378 CVE-2021-33621 CVE-2021-41817 CVE-2023-28755 CVE-2023-28756 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4176-1 Released: Tue Oct 24 15:35:11 2023 Summary: Security update for ruby2.5 Type: security Severity: important References: 1193035,1205726,1209891,1209967,CVE-2021-33621,CVE-2021-41817,CVE-2023-28755,CVE-2023-28756 This update for ruby2.5 fixes the following issues: - CVE-2023-28755: Fixed a ReDoS vulnerability in URI. (bsc#1209891) - CVE-2023-28756: Fixed an expensive regexp in the RFC2822 time parser. (bsc#1209967) - CVE-2021-41817: Fixed a Regular Expression Denial of Service Vulnerability of Date Parsing Methods. (bsc#1193035) - CVE-2021-33621: Fixed a HTTP response splitting vulnerability in CGI gem. (bsc#1205726) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - libz1-1.2.13-150500.4.3.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libatomic1-13.2.1+git7813-150000.1.3.3 updated - libgomp1-13.2.1+git7813-150000.1.3.3 updated - libitm1-13.2.1+git7813-150000.1.3.3 updated - liblsan0-13.2.1+git7813-150000.1.3.3 updated - libruby2_5-2_5-2.5.9-150000.4.29.1 updated - ruby2.5-stdlib-2.5.9-150000.4.29.1 updated - ruby2.5-2.5.9-150000.4.29.1 updated - ruby2.5-devel-2.5.9-150000.4.29.1 updated - container:sles15-image-15.0.0-36.5.49 updated From sle-updates at lists.suse.com Fri Oct 27 08:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2023 08:30:05 -0000 Subject: SUSE-SU-2023:4222-1: moderate: Security update for libnbd Message-ID: <169839540500.908.12596630741344073314@smelt2.prg2.suse.org> # Security update for libnbd Announcement ID: SUSE-SU-2023:4222-1 Rating: moderate References: * bsc#1215799 * jsc#ECO-3633 Cross-References: * CVE-2023-5215 CVSS scores: * CVE-2023-5215 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-5215 ( NVD ): 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 An update that solves one vulnerability and contains one feature can now be installed. ## Description: This update for libnbd fixes the following issues: * Updated to version 1.18.1 * Updated to version 1.18.0: * CVE-2023-5215: Fixed an issue where an NBD server returning an unexpected block size might crash an application (bsc#1215799). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4222=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4222=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4222=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * libnbd-debuginfo-1.18.1-150300.8.15.1 * libnbd0-1.18.1-150300.8.15.1 * libnbd-debugsource-1.18.1-150300.8.15.1 * libnbd-devel-1.18.1-150300.8.15.1 * python3-libnbd-debuginfo-1.18.1-150300.8.15.1 * python3-libnbd-1.18.1-150300.8.15.1 * nbdfuse-1.18.1-150300.8.15.1 * nbdfuse-debuginfo-1.18.1-150300.8.15.1 * libnbd-1.18.1-150300.8.15.1 * libnbd0-debuginfo-1.18.1-150300.8.15.1 * openSUSE Leap 15.3 (noarch) * libnbd-bash-completion-1.18.1-150300.8.15.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libnbd-debuginfo-1.18.1-150300.8.15.1 * libnbd0-1.18.1-150300.8.15.1 * libnbd-debugsource-1.18.1-150300.8.15.1 * libnbd-devel-1.18.1-150300.8.15.1 * nbdfuse-1.18.1-150300.8.15.1 * nbdfuse-debuginfo-1.18.1-150300.8.15.1 * libnbd-1.18.1-150300.8.15.1 * libnbd0-debuginfo-1.18.1-150300.8.15.1 * openSUSE Leap 15.4 (noarch) * libnbd-bash-completion-1.18.1-150300.8.15.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libnbd-debuginfo-1.18.1-150300.8.15.1 * libnbd0-1.18.1-150300.8.15.1 * libnbd-debugsource-1.18.1-150300.8.15.1 * libnbd-devel-1.18.1-150300.8.15.1 * python3-libnbd-debuginfo-1.18.1-150300.8.15.1 * python3-libnbd-1.18.1-150300.8.15.1 * nbdfuse-1.18.1-150300.8.15.1 * nbdfuse-debuginfo-1.18.1-150300.8.15.1 * libnbd-1.18.1-150300.8.15.1 * libnbd0-debuginfo-1.18.1-150300.8.15.1 * openSUSE Leap 15.5 (noarch) * libnbd-bash-completion-1.18.1-150300.8.15.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5215.html * https://bugzilla.suse.com/show_bug.cgi?id=1215799 * https://jira.suse.com/browse/ECO-3633 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 27 08:55:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2023 10:55:46 +0200 (CEST) Subject: SUSE-CU-2023:3576-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20231027085546.1CB06F417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3576-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.140 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.140 Severity : moderate Type : recommended References : 1107342 1215215 1215434 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4122-1 Released: Thu Oct 19 08:24:34 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - glibc-2.31-150300.63.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.57.1 updated - libopenssl1_1-1.1.1l-150400.7.57.1 updated - libsystemd0-249.16-150400.8.35.5 updated - libudev1-249.16-150400.8.35.5 updated - openssl-1_1-1.1.1l-150400.7.57.1 updated - rpm-ndb-4.14.3-150400.59.3.1 updated - container:sles15-image-15.0.0-27.14.111 updated From sle-updates at lists.suse.com Fri Oct 27 08:56:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2023 10:56:27 +0200 (CEST) Subject: SUSE-CU-2023:3578-1: Security update of suse/postgres Message-ID: <20231027085627.C6125F417@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3578-1 Container Tags : suse/postgres:14 , suse/postgres:14-24.1 , suse/postgres:14.9 , suse/postgres:14.9-24.1 Container Release : 24.1 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1216123 1216174 1216378 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4217-1 Released: Thu Oct 26 12:20:27 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - libnghttp2-14-1.40.0-150200.12.1 updated - libz1-1.2.11-150000.3.48.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - container:sles15-image-15.0.0-27.14.113 updated From sle-updates at lists.suse.com Fri Oct 27 08:56:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2023 10:56:36 +0200 (CEST) Subject: SUSE-CU-2023:3579-1: Security update of suse/registry Message-ID: <20231027085636.9B1BBF417@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3579-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-15.10 , suse/registry:latest Container Release : 15.10 Severity : moderate Type : security References : 1216378 CVE-2023-45853 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - libz1-1.2.13-150500.4.3.1 updated From sle-updates at lists.suse.com Fri Oct 27 08:56:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2023 10:56:47 +0200 (CEST) Subject: SUSE-CU-2023:3580-1: Security update of suse/pcp Message-ID: <20231027085647.A9F67F417@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3580-1 Container Tags : suse/pcp:5 , suse/pcp:5-15.42 , suse/pcp:5.2 , suse/pcp:5.2-15.42 , suse/pcp:5.2.5 , suse/pcp:5.2.5-15.42 , suse/pcp:latest Container Release : 15.42 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1216123 1216174 1216378 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - libz1-1.2.13-150500.4.3.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - container:bci-bci-init-15.5-15.5-10.22 updated From sle-updates at lists.suse.com Fri Oct 27 08:56:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2023 10:56:57 +0200 (CEST) Subject: SUSE-CU-2023:3581-1: Security update of suse/postgres Message-ID: <20231027085657.738D0F417@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3581-1 Container Tags : suse/postgres:15 , suse/postgres:15-12.1 , suse/postgres:15.4 , suse/postgres:15.4-12.1 , suse/postgres:latest Container Release : 12.1 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1216123 1216174 1216378 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - libz1-1.2.13-150500.4.3.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - container:sles15-image-15.0.0-36.5.49 updated From sle-updates at lists.suse.com Fri Oct 27 12:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2023 12:30:04 -0000 Subject: SUSE-SU-2023:4229-1: important: Security update for open-vm-tools Message-ID: <169840980426.7875.8229665761067649315@smelt2.prg2.suse.org> # Security update for open-vm-tools Announcement ID: SUSE-SU-2023:4229-1 Rating: important References: * bsc#1216432 * bsc#1216433 Cross-References: * CVE-2023-34058 * CVE-2023-34059 CVSS scores: * CVE-2023-34058 ( SUSE ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-34058 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-34059 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves two vulnerabilities can now be installed. ## Description: This update for open-vm-tools fixes the following issues: * CVE-2023-34058: Fixed a SAML token signature bypass issue (bsc#1216432). * CVE-2023-34059: Fixed a privilege escalation issue through vmware-user-suid- wrapper (bsc#1216433). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4229=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4229=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4229=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * open-vm-tools-desktop-11.3.5-150200.5.16.19.1 * libvmtools0-11.3.5-150200.5.16.19.1 * open-vm-tools-11.3.5-150200.5.16.19.1 * open-vm-tools-sdmp-debuginfo-11.3.5-150200.5.16.19.1 * open-vm-tools-sdmp-11.3.5-150200.5.16.19.1 * open-vm-tools-desktop-debuginfo-11.3.5-150200.5.16.19.1 * libvmtools0-debuginfo-11.3.5-150200.5.16.19.1 * open-vm-tools-debugsource-11.3.5-150200.5.16.19.1 * open-vm-tools-debuginfo-11.3.5-150200.5.16.19.1 * libvmtools-devel-11.3.5-150200.5.16.19.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * open-vm-tools-desktop-11.3.5-150200.5.16.19.1 * libvmtools0-11.3.5-150200.5.16.19.1 * open-vm-tools-11.3.5-150200.5.16.19.1 * open-vm-tools-sdmp-debuginfo-11.3.5-150200.5.16.19.1 * open-vm-tools-sdmp-11.3.5-150200.5.16.19.1 * open-vm-tools-desktop-debuginfo-11.3.5-150200.5.16.19.1 * libvmtools0-debuginfo-11.3.5-150200.5.16.19.1 * open-vm-tools-debugsource-11.3.5-150200.5.16.19.1 * open-vm-tools-debuginfo-11.3.5-150200.5.16.19.1 * libvmtools-devel-11.3.5-150200.5.16.19.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * open-vm-tools-desktop-11.3.5-150200.5.16.19.1 * libvmtools0-11.3.5-150200.5.16.19.1 * open-vm-tools-11.3.5-150200.5.16.19.1 * open-vm-tools-sdmp-debuginfo-11.3.5-150200.5.16.19.1 * open-vm-tools-sdmp-11.3.5-150200.5.16.19.1 * open-vm-tools-desktop-debuginfo-11.3.5-150200.5.16.19.1 * libvmtools0-debuginfo-11.3.5-150200.5.16.19.1 * open-vm-tools-debugsource-11.3.5-150200.5.16.19.1 * open-vm-tools-debuginfo-11.3.5-150200.5.16.19.1 * libvmtools-devel-11.3.5-150200.5.16.19.1 ## References: * https://www.suse.com/security/cve/CVE-2023-34058.html * https://www.suse.com/security/cve/CVE-2023-34059.html * https://bugzilla.suse.com/show_bug.cgi?id=1216432 * https://bugzilla.suse.com/show_bug.cgi?id=1216433 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 27 12:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2023 12:30:06 -0000 Subject: SUSE-SU-2023:4228-1: important: Security update for open-vm-tools Message-ID: <169840980670.7875.14766240915836854802@smelt2.prg2.suse.org> # Security update for open-vm-tools Announcement ID: SUSE-SU-2023:4228-1 Rating: important References: * bsc#1205927 * bsc#1216432 * bsc#1216433 Cross-References: * CVE-2023-34058 * CVE-2023-34059 CVSS scores: * CVE-2023-34058 ( SUSE ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-34058 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-34059 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for open-vm-tools fixes the following issues: * CVE-2023-34058: Fixed a SAML token signature bypass issue (bsc#1216432). * CVE-2023-34059: Fixed a privilege escalation issue through vmware-user-suid- wrapper (bsc#1216433). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4228=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4228=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4228=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * open-vm-tools-salt-minion-12.3.0-4.62.1 * open-vm-tools-debugsource-12.3.0-4.62.1 * libvmtools0-12.3.0-4.62.1 * open-vm-tools-desktop-12.3.0-4.62.1 * open-vm-tools-12.3.0-4.62.1 * libvmtools0-debuginfo-12.3.0-4.62.1 * open-vm-tools-desktop-debuginfo-12.3.0-4.62.1 * open-vm-tools-sdmp-12.3.0-4.62.1 * open-vm-tools-debuginfo-12.3.0-4.62.1 * open-vm-tools-sdmp-debuginfo-12.3.0-4.62.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * open-vm-tools-salt-minion-12.3.0-4.62.1 * open-vm-tools-debugsource-12.3.0-4.62.1 * libvmtools0-12.3.0-4.62.1 * open-vm-tools-desktop-12.3.0-4.62.1 * open-vm-tools-12.3.0-4.62.1 * libvmtools0-debuginfo-12.3.0-4.62.1 * open-vm-tools-desktop-debuginfo-12.3.0-4.62.1 * open-vm-tools-sdmp-12.3.0-4.62.1 * open-vm-tools-debuginfo-12.3.0-4.62.1 * open-vm-tools-sdmp-debuginfo-12.3.0-4.62.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * open-vm-tools-salt-minion-12.3.0-4.62.1 * open-vm-tools-debugsource-12.3.0-4.62.1 * libvmtools0-12.3.0-4.62.1 * open-vm-tools-desktop-12.3.0-4.62.1 * open-vm-tools-12.3.0-4.62.1 * libvmtools0-debuginfo-12.3.0-4.62.1 * open-vm-tools-desktop-debuginfo-12.3.0-4.62.1 * open-vm-tools-sdmp-12.3.0-4.62.1 * open-vm-tools-debuginfo-12.3.0-4.62.1 * open-vm-tools-sdmp-debuginfo-12.3.0-4.62.1 ## References: * https://www.suse.com/security/cve/CVE-2023-34058.html * https://www.suse.com/security/cve/CVE-2023-34059.html * https://bugzilla.suse.com/show_bug.cgi?id=1205927 * https://bugzilla.suse.com/show_bug.cgi?id=1216432 * https://bugzilla.suse.com/show_bug.cgi?id=1216433 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 27 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2023 12:30:02 -0000 Subject: SUSE-SU-2023:4230-1: important: Security update for open-vm-tools Message-ID: <169840980233.7875.13293383281716029355@smelt2.prg2.suse.org> # Security update for open-vm-tools Announcement ID: SUSE-SU-2023:4230-1 Rating: important References: * bsc#1216432 * bsc#1216433 Cross-References: * CVE-2023-34058 * CVE-2023-34059 CVSS scores: * CVE-2023-34058 ( SUSE ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-34058 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-34059 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves two vulnerabilities can now be installed. ## Description: This update for open-vm-tools fixes the following issues: * CVE-2023-34058: Fixed a SAML token signature bypass issue (bsc#1216432). * CVE-2023-34059: Fixed a privilege escalation issue through vmware-user-suid- wrapper (bsc#1216433). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4230=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4230=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4230=1 ## Package List: * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * open-vm-tools-sdmp-debuginfo-11.3.5-150100.4.37.21.1 * open-vm-tools-sdmp-11.3.5-150100.4.37.21.1 * libvmtools0-11.3.5-150100.4.37.21.1 * open-vm-tools-debuginfo-11.3.5-150100.4.37.21.1 * open-vm-tools-desktop-11.3.5-150100.4.37.21.1 * libvmtools0-debuginfo-11.3.5-150100.4.37.21.1 * open-vm-tools-desktop-debuginfo-11.3.5-150100.4.37.21.1 * open-vm-tools-debugsource-11.3.5-150100.4.37.21.1 * libvmtools-devel-11.3.5-150100.4.37.21.1 * open-vm-tools-11.3.5-150100.4.37.21.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * open-vm-tools-sdmp-debuginfo-11.3.5-150100.4.37.21.1 * open-vm-tools-sdmp-11.3.5-150100.4.37.21.1 * libvmtools0-11.3.5-150100.4.37.21.1 * open-vm-tools-debuginfo-11.3.5-150100.4.37.21.1 * open-vm-tools-desktop-11.3.5-150100.4.37.21.1 * libvmtools0-debuginfo-11.3.5-150100.4.37.21.1 * open-vm-tools-desktop-debuginfo-11.3.5-150100.4.37.21.1 * open-vm-tools-debugsource-11.3.5-150100.4.37.21.1 * libvmtools-devel-11.3.5-150100.4.37.21.1 * open-vm-tools-11.3.5-150100.4.37.21.1 * SUSE CaaS Platform 4.0 (x86_64) * open-vm-tools-sdmp-debuginfo-11.3.5-150100.4.37.21.1 * open-vm-tools-sdmp-11.3.5-150100.4.37.21.1 * libvmtools0-11.3.5-150100.4.37.21.1 * open-vm-tools-debuginfo-11.3.5-150100.4.37.21.1 * open-vm-tools-desktop-11.3.5-150100.4.37.21.1 * libvmtools0-debuginfo-11.3.5-150100.4.37.21.1 * open-vm-tools-desktop-debuginfo-11.3.5-150100.4.37.21.1 * open-vm-tools-debugsource-11.3.5-150100.4.37.21.1 * libvmtools-devel-11.3.5-150100.4.37.21.1 * open-vm-tools-11.3.5-150100.4.37.21.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * open-vm-tools-sdmp-debuginfo-11.3.5-150100.4.37.21.1 * open-vm-tools-sdmp-11.3.5-150100.4.37.21.1 * libvmtools0-11.3.5-150100.4.37.21.1 * open-vm-tools-debuginfo-11.3.5-150100.4.37.21.1 * open-vm-tools-desktop-11.3.5-150100.4.37.21.1 * libvmtools0-debuginfo-11.3.5-150100.4.37.21.1 * open-vm-tools-desktop-debuginfo-11.3.5-150100.4.37.21.1 * open-vm-tools-debugsource-11.3.5-150100.4.37.21.1 * libvmtools-devel-11.3.5-150100.4.37.21.1 * open-vm-tools-11.3.5-150100.4.37.21.1 ## References: * https://www.suse.com/security/cve/CVE-2023-34058.html * https://www.suse.com/security/cve/CVE-2023-34059.html * https://bugzilla.suse.com/show_bug.cgi?id=1216432 * https://bugzilla.suse.com/show_bug.cgi?id=1216433 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 27 12:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2023 12:30:09 -0000 Subject: SUSE-SU-2023:4227-1: important: Security update for open-vm-tools Message-ID: <169840980916.7875.12224478032710677289@smelt2.prg2.suse.org> # Security update for open-vm-tools Announcement ID: SUSE-SU-2023:4227-1 Rating: important References: * bsc#1216432 * bsc#1216433 Cross-References: * CVE-2023-34058 * CVE-2023-34059 CVSS scores: * CVE-2023-34058 ( SUSE ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-34058 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-34059 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for open-vm-tools fixes the following issues: * CVE-2023-34058: Fixed a SAML token signature bypass issue (bsc#1216432). * CVE-2023-34059: Fixed a privilege escalation issue through vmware-user-suid- wrapper (bsc#1216433). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4227=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4227=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4227=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4227=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4227=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4227=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4227=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4227=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4227=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4227=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4227=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4227=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4227=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4227=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4227=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4227=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4227=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4227=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4227=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4227=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4227=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4227=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4227=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4227=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4227=1 ## Package List: * openSUSE Leap 15.3 (aarch64 x86_64 i586) * open-vm-tools-containerinfo-debuginfo-12.3.0-150300.43.1 * open-vm-tools-12.3.0-150300.43.1 * open-vm-tools-desktop-12.3.0-150300.43.1 * libvmtools-devel-12.3.0-150300.43.1 * open-vm-tools-sdmp-debuginfo-12.3.0-150300.43.1 * open-vm-tools-desktop-debuginfo-12.3.0-150300.43.1 * open-vm-tools-sdmp-12.3.0-150300.43.1 * libvmtools0-debuginfo-12.3.0-150300.43.1 * open-vm-tools-debugsource-12.3.0-150300.43.1 * libvmtools0-12.3.0-150300.43.1 * open-vm-tools-debuginfo-12.3.0-150300.43.1 * open-vm-tools-containerinfo-12.3.0-150300.43.1 * openSUSE Leap 15.3 (x86_64) * open-vm-tools-salt-minion-12.3.0-150300.43.1 * openSUSE Leap Micro 5.3 (x86_64) * open-vm-tools-12.3.0-150300.43.1 * libvmtools0-debuginfo-12.3.0-150300.43.1 * open-vm-tools-debugsource-12.3.0-150300.43.1 * libvmtools0-12.3.0-150300.43.1 * open-vm-tools-debuginfo-12.3.0-150300.43.1 * openSUSE Leap Micro 5.4 (x86_64) * open-vm-tools-12.3.0-150300.43.1 * libvmtools0-debuginfo-12.3.0-150300.43.1 * open-vm-tools-debugsource-12.3.0-150300.43.1 * libvmtools0-12.3.0-150300.43.1 * open-vm-tools-debuginfo-12.3.0-150300.43.1 * openSUSE Leap 15.4 (aarch64 x86_64) * open-vm-tools-containerinfo-debuginfo-12.3.0-150300.43.1 * open-vm-tools-12.3.0-150300.43.1 * open-vm-tools-desktop-12.3.0-150300.43.1 * libvmtools-devel-12.3.0-150300.43.1 * open-vm-tools-sdmp-debuginfo-12.3.0-150300.43.1 * open-vm-tools-desktop-debuginfo-12.3.0-150300.43.1 * open-vm-tools-sdmp-12.3.0-150300.43.1 * libvmtools0-debuginfo-12.3.0-150300.43.1 * open-vm-tools-debugsource-12.3.0-150300.43.1 * libvmtools0-12.3.0-150300.43.1 * open-vm-tools-debuginfo-12.3.0-150300.43.1 * open-vm-tools-containerinfo-12.3.0-150300.43.1 * openSUSE Leap 15.4 (x86_64) * open-vm-tools-salt-minion-12.3.0-150300.43.1 * openSUSE Leap 15.5 (aarch64 x86_64) * open-vm-tools-containerinfo-debuginfo-12.3.0-150300.43.1 * open-vm-tools-12.3.0-150300.43.1 * open-vm-tools-desktop-12.3.0-150300.43.1 * libvmtools-devel-12.3.0-150300.43.1 * open-vm-tools-sdmp-debuginfo-12.3.0-150300.43.1 * open-vm-tools-desktop-debuginfo-12.3.0-150300.43.1 * open-vm-tools-sdmp-12.3.0-150300.43.1 * libvmtools0-debuginfo-12.3.0-150300.43.1 * open-vm-tools-debugsource-12.3.0-150300.43.1 * libvmtools0-12.3.0-150300.43.1 * open-vm-tools-debuginfo-12.3.0-150300.43.1 * open-vm-tools-containerinfo-12.3.0-150300.43.1 * openSUSE Leap 15.5 (x86_64) * open-vm-tools-salt-minion-12.3.0-150300.43.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * open-vm-tools-12.3.0-150300.43.1 * libvmtools0-debuginfo-12.3.0-150300.43.1 * open-vm-tools-debugsource-12.3.0-150300.43.1 * libvmtools0-12.3.0-150300.43.1 * open-vm-tools-debuginfo-12.3.0-150300.43.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * open-vm-tools-12.3.0-150300.43.1 * libvmtools0-debuginfo-12.3.0-150300.43.1 * open-vm-tools-debugsource-12.3.0-150300.43.1 * libvmtools0-12.3.0-150300.43.1 * open-vm-tools-debuginfo-12.3.0-150300.43.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * open-vm-tools-12.3.0-150300.43.1 * libvmtools0-debuginfo-12.3.0-150300.43.1 * open-vm-tools-debugsource-12.3.0-150300.43.1 * libvmtools0-12.3.0-150300.43.1 * open-vm-tools-debuginfo-12.3.0-150300.43.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * open-vm-tools-12.3.0-150300.43.1 * libvmtools0-debuginfo-12.3.0-150300.43.1 * open-vm-tools-debugsource-12.3.0-150300.43.1 * libvmtools0-12.3.0-150300.43.1 * open-vm-tools-debuginfo-12.3.0-150300.43.1 * SUSE Linux Enterprise Micro 5.5 (x86_64) * open-vm-tools-12.3.0-150300.43.1 * libvmtools0-debuginfo-12.3.0-150300.43.1 * open-vm-tools-debugsource-12.3.0-150300.43.1 * libvmtools0-12.3.0-150300.43.1 * open-vm-tools-debuginfo-12.3.0-150300.43.1 * Basesystem Module 15-SP4 (aarch64 x86_64) * open-vm-tools-containerinfo-debuginfo-12.3.0-150300.43.1 * open-vm-tools-12.3.0-150300.43.1 * libvmtools-devel-12.3.0-150300.43.1 * open-vm-tools-sdmp-debuginfo-12.3.0-150300.43.1 * open-vm-tools-sdmp-12.3.0-150300.43.1 * libvmtools0-debuginfo-12.3.0-150300.43.1 * open-vm-tools-debugsource-12.3.0-150300.43.1 * libvmtools0-12.3.0-150300.43.1 * open-vm-tools-debuginfo-12.3.0-150300.43.1 * open-vm-tools-containerinfo-12.3.0-150300.43.1 * Basesystem Module 15-SP4 (x86_64) * open-vm-tools-salt-minion-12.3.0-150300.43.1 * Basesystem Module 15-SP5 (aarch64 x86_64) * open-vm-tools-containerinfo-debuginfo-12.3.0-150300.43.1 * open-vm-tools-12.3.0-150300.43.1 * open-vm-tools-sdmp-debuginfo-12.3.0-150300.43.1 * open-vm-tools-sdmp-12.3.0-150300.43.1 * libvmtools0-debuginfo-12.3.0-150300.43.1 * open-vm-tools-debugsource-12.3.0-150300.43.1 * libvmtools0-12.3.0-150300.43.1 * open-vm-tools-debuginfo-12.3.0-150300.43.1 * open-vm-tools-containerinfo-12.3.0-150300.43.1 * Basesystem Module 15-SP5 (x86_64) * open-vm-tools-salt-minion-12.3.0-150300.43.1 * libvmtools-devel-12.3.0-150300.43.1 * Desktop Applications Module 15-SP4 (aarch64 x86_64) * open-vm-tools-desktop-12.3.0-150300.43.1 * open-vm-tools-debuginfo-12.3.0-150300.43.1 * open-vm-tools-desktop-debuginfo-12.3.0-150300.43.1 * open-vm-tools-debugsource-12.3.0-150300.43.1 * Desktop Applications Module 15-SP5 (aarch64 x86_64) * open-vm-tools-desktop-12.3.0-150300.43.1 * open-vm-tools-debuginfo-12.3.0-150300.43.1 * open-vm-tools-desktop-debuginfo-12.3.0-150300.43.1 * open-vm-tools-debugsource-12.3.0-150300.43.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * open-vm-tools-containerinfo-debuginfo-12.3.0-150300.43.1 * open-vm-tools-12.3.0-150300.43.1 * open-vm-tools-desktop-12.3.0-150300.43.1 * libvmtools-devel-12.3.0-150300.43.1 * open-vm-tools-salt-minion-12.3.0-150300.43.1 * open-vm-tools-sdmp-debuginfo-12.3.0-150300.43.1 * open-vm-tools-desktop-debuginfo-12.3.0-150300.43.1 * open-vm-tools-sdmp-12.3.0-150300.43.1 * libvmtools0-debuginfo-12.3.0-150300.43.1 * open-vm-tools-debugsource-12.3.0-150300.43.1 * libvmtools0-12.3.0-150300.43.1 * open-vm-tools-debuginfo-12.3.0-150300.43.1 * open-vm-tools-containerinfo-12.3.0-150300.43.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * open-vm-tools-containerinfo-debuginfo-12.3.0-150300.43.1 * open-vm-tools-12.3.0-150300.43.1 * open-vm-tools-desktop-12.3.0-150300.43.1 * libvmtools-devel-12.3.0-150300.43.1 * open-vm-tools-sdmp-debuginfo-12.3.0-150300.43.1 * open-vm-tools-desktop-debuginfo-12.3.0-150300.43.1 * open-vm-tools-sdmp-12.3.0-150300.43.1 * libvmtools0-debuginfo-12.3.0-150300.43.1 * open-vm-tools-debugsource-12.3.0-150300.43.1 * libvmtools0-12.3.0-150300.43.1 * open-vm-tools-debuginfo-12.3.0-150300.43.1 * open-vm-tools-containerinfo-12.3.0-150300.43.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * open-vm-tools-containerinfo-debuginfo-12.3.0-150300.43.1 * open-vm-tools-12.3.0-150300.43.1 * open-vm-tools-desktop-12.3.0-150300.43.1 * libvmtools-devel-12.3.0-150300.43.1 * open-vm-tools-salt-minion-12.3.0-150300.43.1 * open-vm-tools-sdmp-debuginfo-12.3.0-150300.43.1 * open-vm-tools-desktop-debuginfo-12.3.0-150300.43.1 * open-vm-tools-sdmp-12.3.0-150300.43.1 * libvmtools0-debuginfo-12.3.0-150300.43.1 * open-vm-tools-debugsource-12.3.0-150300.43.1 * libvmtools0-12.3.0-150300.43.1 * open-vm-tools-debuginfo-12.3.0-150300.43.1 * open-vm-tools-containerinfo-12.3.0-150300.43.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * open-vm-tools-containerinfo-debuginfo-12.3.0-150300.43.1 * open-vm-tools-12.3.0-150300.43.1 * open-vm-tools-desktop-12.3.0-150300.43.1 * libvmtools-devel-12.3.0-150300.43.1 * open-vm-tools-sdmp-debuginfo-12.3.0-150300.43.1 * open-vm-tools-desktop-debuginfo-12.3.0-150300.43.1 * open-vm-tools-sdmp-12.3.0-150300.43.1 * libvmtools0-debuginfo-12.3.0-150300.43.1 * open-vm-tools-debugsource-12.3.0-150300.43.1 * libvmtools0-12.3.0-150300.43.1 * open-vm-tools-debuginfo-12.3.0-150300.43.1 * open-vm-tools-containerinfo-12.3.0-150300.43.1 * SUSE Manager Proxy 4.2 (x86_64) * open-vm-tools-12.3.0-150300.43.1 * libvmtools-devel-12.3.0-150300.43.1 * open-vm-tools-sdmp-debuginfo-12.3.0-150300.43.1 * open-vm-tools-sdmp-12.3.0-150300.43.1 * libvmtools0-debuginfo-12.3.0-150300.43.1 * open-vm-tools-debugsource-12.3.0-150300.43.1 * libvmtools0-12.3.0-150300.43.1 * open-vm-tools-debuginfo-12.3.0-150300.43.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * open-vm-tools-12.3.0-150300.43.1 * libvmtools-devel-12.3.0-150300.43.1 * open-vm-tools-sdmp-debuginfo-12.3.0-150300.43.1 * open-vm-tools-sdmp-12.3.0-150300.43.1 * libvmtools0-debuginfo-12.3.0-150300.43.1 * open-vm-tools-debugsource-12.3.0-150300.43.1 * libvmtools0-12.3.0-150300.43.1 * open-vm-tools-debuginfo-12.3.0-150300.43.1 * SUSE Manager Server 4.2 (x86_64) * open-vm-tools-12.3.0-150300.43.1 * libvmtools-devel-12.3.0-150300.43.1 * open-vm-tools-sdmp-debuginfo-12.3.0-150300.43.1 * open-vm-tools-sdmp-12.3.0-150300.43.1 * libvmtools0-debuginfo-12.3.0-150300.43.1 * open-vm-tools-debugsource-12.3.0-150300.43.1 * libvmtools0-12.3.0-150300.43.1 * open-vm-tools-debuginfo-12.3.0-150300.43.1 * SUSE Enterprise Storage 7.1 (x86_64) * open-vm-tools-containerinfo-debuginfo-12.3.0-150300.43.1 * open-vm-tools-12.3.0-150300.43.1 * open-vm-tools-desktop-12.3.0-150300.43.1 * libvmtools-devel-12.3.0-150300.43.1 * open-vm-tools-salt-minion-12.3.0-150300.43.1 * open-vm-tools-sdmp-debuginfo-12.3.0-150300.43.1 * open-vm-tools-desktop-debuginfo-12.3.0-150300.43.1 * open-vm-tools-sdmp-12.3.0-150300.43.1 * libvmtools0-debuginfo-12.3.0-150300.43.1 * open-vm-tools-debugsource-12.3.0-150300.43.1 * libvmtools0-12.3.0-150300.43.1 * open-vm-tools-debuginfo-12.3.0-150300.43.1 * open-vm-tools-containerinfo-12.3.0-150300.43.1 * SUSE Linux Enterprise Micro 5.1 (x86_64) * open-vm-tools-12.3.0-150300.43.1 * libvmtools0-debuginfo-12.3.0-150300.43.1 * open-vm-tools-debugsource-12.3.0-150300.43.1 * libvmtools0-12.3.0-150300.43.1 * open-vm-tools-debuginfo-12.3.0-150300.43.1 * SUSE Linux Enterprise Micro 5.2 (x86_64) * open-vm-tools-12.3.0-150300.43.1 * libvmtools0-debuginfo-12.3.0-150300.43.1 * open-vm-tools-debugsource-12.3.0-150300.43.1 * libvmtools0-12.3.0-150300.43.1 * open-vm-tools-debuginfo-12.3.0-150300.43.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * open-vm-tools-12.3.0-150300.43.1 * libvmtools0-debuginfo-12.3.0-150300.43.1 * open-vm-tools-debugsource-12.3.0-150300.43.1 * libvmtools0-12.3.0-150300.43.1 * open-vm-tools-debuginfo-12.3.0-150300.43.1 ## References: * https://www.suse.com/security/cve/CVE-2023-34058.html * https://www.suse.com/security/cve/CVE-2023-34059.html * https://bugzilla.suse.com/show_bug.cgi?id=1216432 * https://bugzilla.suse.com/show_bug.cgi?id=1216433 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 27 12:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2023 12:30:11 -0000 Subject: SUSE-RU-2023:4226-1: moderate: Recommended update for openssl-1_1 Message-ID: <169840981190.7875.7046369970916524524@smelt2.prg2.suse.org> # Recommended update for openssl-1_1 Announcement ID: SUSE-RU-2023:4226-1 Rating: moderate References: * bsc#1215215 Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that has one fix can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * Displays "fips" in the version string (bsc#1215215) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4226=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4226=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4226=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4226=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4226=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4226=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4226=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4226=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4226=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4226=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4226=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4226=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4226=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4226=1 ## Package List: * SUSE Manager Retail Branch Server 4.2 (x86_64) * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.79.1 * libopenssl1_1-1.1.1d-150200.11.79.1 * libopenssl1_1-hmac-1.1.1d-150200.11.79.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.79.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.79.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.79.1 * openssl-1_1-debugsource-1.1.1d-150200.11.79.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.79.1 * libopenssl-1_1-devel-1.1.1d-150200.11.79.1 * openssl-1_1-1.1.1d-150200.11.79.1 * libopenssl1_1-32bit-1.1.1d-150200.11.79.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libopenssl1_1-1.1.1d-150200.11.79.1 * libopenssl1_1-hmac-1.1.1d-150200.11.79.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.79.1 * openssl-1_1-debugsource-1.1.1d-150200.11.79.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.79.1 * libopenssl-1_1-devel-1.1.1d-150200.11.79.1 * openssl-1_1-1.1.1d-150200.11.79.1 * SUSE Manager Server 4.2 (x86_64) * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.79.1 * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.79.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.79.1 * libopenssl1_1-32bit-1.1.1d-150200.11.79.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libopenssl1_1-1.1.1d-150200.11.79.1 * libopenssl1_1-hmac-1.1.1d-150200.11.79.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.79.1 * openssl-1_1-debugsource-1.1.1d-150200.11.79.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.79.1 * libopenssl-1_1-devel-1.1.1d-150200.11.79.1 * openssl-1_1-1.1.1d-150200.11.79.1 * SUSE Enterprise Storage 7.1 (noarch) * openssl-1_1-doc-1.1.1d-150200.11.79.1 * SUSE Enterprise Storage 7.1 (x86_64) * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.79.1 * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.79.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.79.1 * libopenssl1_1-32bit-1.1.1d-150200.11.79.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libopenssl1_1-1.1.1d-150200.11.79.1 * libopenssl1_1-hmac-1.1.1d-150200.11.79.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.79.1 * openssl-1_1-debugsource-1.1.1d-150200.11.79.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.79.1 * libopenssl-1_1-devel-1.1.1d-150200.11.79.1 * openssl-1_1-1.1.1d-150200.11.79.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libopenssl1_1-1.1.1d-150200.11.79.1 * libopenssl1_1-hmac-1.1.1d-150200.11.79.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.79.1 * openssl-1_1-debugsource-1.1.1d-150200.11.79.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.79.1 * libopenssl-1_1-devel-1.1.1d-150200.11.79.1 * openssl-1_1-1.1.1d-150200.11.79.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libopenssl1_1-1.1.1d-150200.11.79.1 * libopenssl1_1-hmac-1.1.1d-150200.11.79.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.79.1 * openssl-1_1-debugsource-1.1.1d-150200.11.79.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.79.1 * libopenssl-1_1-devel-1.1.1d-150200.11.79.1 * openssl-1_1-1.1.1d-150200.11.79.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libopenssl1_1-1.1.1d-150200.11.79.1 * libopenssl1_1-hmac-1.1.1d-150200.11.79.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.79.1 * openssl-1_1-debugsource-1.1.1d-150200.11.79.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.79.1 * libopenssl-1_1-devel-1.1.1d-150200.11.79.1 * openssl-1_1-1.1.1d-150200.11.79.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.79.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.79.1 * libopenssl1_1-32bit-1.1.1d-150200.11.79.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libopenssl1_1-1.1.1d-150200.11.79.1 * libopenssl1_1-hmac-1.1.1d-150200.11.79.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.79.1 * openssl-1_1-debugsource-1.1.1d-150200.11.79.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.79.1 * libopenssl-1_1-devel-1.1.1d-150200.11.79.1 * openssl-1_1-1.1.1d-150200.11.79.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * openssl-1_1-doc-1.1.1d-150200.11.79.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.79.1 * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.79.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.79.1 * libopenssl1_1-32bit-1.1.1d-150200.11.79.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libopenssl1_1-1.1.1d-150200.11.79.1 * libopenssl1_1-hmac-1.1.1d-150200.11.79.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.79.1 * openssl-1_1-debugsource-1.1.1d-150200.11.79.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.79.1 * libopenssl-1_1-devel-1.1.1d-150200.11.79.1 * openssl-1_1-1.1.1d-150200.11.79.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * openssl-1_1-doc-1.1.1d-150200.11.79.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.79.1 * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.79.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.79.1 * libopenssl1_1-32bit-1.1.1d-150200.11.79.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-1.1.1d-150200.11.79.1 * libopenssl1_1-hmac-1.1.1d-150200.11.79.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.79.1 * openssl-1_1-debugsource-1.1.1d-150200.11.79.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.79.1 * libopenssl-1_1-devel-1.1.1d-150200.11.79.1 * openssl-1_1-1.1.1d-150200.11.79.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.79.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.79.1 * libopenssl1_1-32bit-1.1.1d-150200.11.79.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-1.1.1d-150200.11.79.1 * libopenssl1_1-hmac-1.1.1d-150200.11.79.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.79.1 * openssl-1_1-debugsource-1.1.1d-150200.11.79.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.79.1 * libopenssl-1_1-devel-1.1.1d-150200.11.79.1 * openssl-1_1-1.1.1d-150200.11.79.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * openssl-1_1-doc-1.1.1d-150200.11.79.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.79.1 * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.79.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.79.1 * libopenssl1_1-32bit-1.1.1d-150200.11.79.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libopenssl1_1-1.1.1d-150200.11.79.1 * libopenssl1_1-hmac-1.1.1d-150200.11.79.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.79.1 * openssl-1_1-debugsource-1.1.1d-150200.11.79.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.79.1 * libopenssl-1_1-devel-1.1.1d-150200.11.79.1 * openssl-1_1-1.1.1d-150200.11.79.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.79.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.79.1 * libopenssl1_1-32bit-1.1.1d-150200.11.79.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libopenssl1_1-1.1.1d-150200.11.79.1 * libopenssl1_1-hmac-1.1.1d-150200.11.79.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.79.1 * openssl-1_1-debugsource-1.1.1d-150200.11.79.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.79.1 * libopenssl-1_1-devel-1.1.1d-150200.11.79.1 * openssl-1_1-1.1.1d-150200.11.79.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * openssl-1_1-doc-1.1.1d-150200.11.79.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.79.1 * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.79.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.79.1 * libopenssl1_1-32bit-1.1.1d-150200.11.79.1 * SUSE Manager Proxy 4.2 (x86_64) * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.79.1 * libopenssl1_1-1.1.1d-150200.11.79.1 * libopenssl1_1-hmac-1.1.1d-150200.11.79.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.79.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.79.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.79.1 * openssl-1_1-debugsource-1.1.1d-150200.11.79.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.79.1 * libopenssl-1_1-devel-1.1.1d-150200.11.79.1 * openssl-1_1-1.1.1d-150200.11.79.1 * libopenssl1_1-32bit-1.1.1d-150200.11.79.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215215 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 27 12:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2023 12:30:14 -0000 Subject: SUSE-SU-2023:4225-1: important: Security update for zchunk Message-ID: <169840981407.7875.14158689599550220602@smelt2.prg2.suse.org> # Security update for zchunk Announcement ID: SUSE-SU-2023:4225-1 Rating: important References: * bsc#1216268 Cross-References: * CVE-2023-46228 CVSS scores: * CVE-2023-46228 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-46228 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for zchunk fixes the following issues: * CVE-2023-46228: Fixed a handle overflow errors in malformed zchunk files. (bsc#1216268) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4225=1 openSUSE-SLE-15.4-2023-4225=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4225=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4225=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4225=1 * SUSE Linux Enterprise High Performance Computing 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4225=1 * SUSE Linux Enterprise Server 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4225=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4225=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4225=1 * SUSE Linux Enterprise Desktop 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4225=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4225=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-4225=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4225=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4225=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4225=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4225=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4225=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4225=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4225=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4225=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * zchunk-debuginfo-1.1.16-150400.3.7.1 * zchunk-1.1.16-150400.3.7.1 * libzck-devel-1.1.16-150400.3.7.1 * libzck1-1.1.16-150400.3.7.1 * libzck1-debuginfo-1.1.16-150400.3.7.1 * zchunk-debugsource-1.1.16-150400.3.7.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * zchunk-debuginfo-1.1.16-150400.3.7.1 * zchunk-1.1.16-150400.3.7.1 * libzck-devel-1.1.16-150400.3.7.1 * libzck1-1.1.16-150400.3.7.1 * libzck1-debuginfo-1.1.16-150400.3.7.1 * zchunk-debugsource-1.1.16-150400.3.7.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * zchunk-debuginfo-1.1.16-150400.3.7.1 * libzck1-1.1.16-150400.3.7.1 * libzck1-debuginfo-1.1.16-150400.3.7.1 * zchunk-debugsource-1.1.16-150400.3.7.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * zchunk-debuginfo-1.1.16-150400.3.7.1 * zchunk-1.1.16-150400.3.7.1 * libzck-devel-1.1.16-150400.3.7.1 * libzck1-1.1.16-150400.3.7.1 * libzck1-debuginfo-1.1.16-150400.3.7.1 * zchunk-debugsource-1.1.16-150400.3.7.1 * SUSE Linux Enterprise High Performance Computing 15 SP4 (aarch64 x86_64) * libzck1-1.1.16-150400.3.7.1 * SUSE Linux Enterprise Server 15 SP4 (aarch64 ppc64le s390x x86_64) * libzck1-1.1.16-150400.3.7.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * libzck1-1.1.16-150400.3.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libzck1-1.1.16-150400.3.7.1 * SUSE Linux Enterprise Desktop 15 SP4 (x86_64) * libzck1-1.1.16-150400.3.7.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * libzck1-1.1.16-150400.3.7.1 * SUSE Manager Proxy 4.3 (x86_64) * libzck1-1.1.16-150400.3.7.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * zchunk-debuginfo-1.1.16-150400.3.7.1 * zchunk-1.1.16-150400.3.7.1 * libzck-devel-1.1.16-150400.3.7.1 * libzck1-1.1.16-150400.3.7.1 * libzck1-debuginfo-1.1.16-150400.3.7.1 * zchunk-debugsource-1.1.16-150400.3.7.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * zchunk-debuginfo-1.1.16-150400.3.7.1 * zchunk-1.1.16-150400.3.7.1 * libzck-devel-1.1.16-150400.3.7.1 * libzck1-1.1.16-150400.3.7.1 * libzck1-debuginfo-1.1.16-150400.3.7.1 * zchunk-debugsource-1.1.16-150400.3.7.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * zchunk-debuginfo-1.1.16-150400.3.7.1 * libzck1-1.1.16-150400.3.7.1 * libzck1-debuginfo-1.1.16-150400.3.7.1 * zchunk-debugsource-1.1.16-150400.3.7.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * zchunk-debuginfo-1.1.16-150400.3.7.1 * libzck1-1.1.16-150400.3.7.1 * libzck1-debuginfo-1.1.16-150400.3.7.1 * zchunk-debugsource-1.1.16-150400.3.7.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * zchunk-debuginfo-1.1.16-150400.3.7.1 * libzck1-1.1.16-150400.3.7.1 * libzck1-debuginfo-1.1.16-150400.3.7.1 * zchunk-debugsource-1.1.16-150400.3.7.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * zchunk-debuginfo-1.1.16-150400.3.7.1 * zchunk-1.1.16-150400.3.7.1 * libzck-devel-1.1.16-150400.3.7.1 * libzck1-1.1.16-150400.3.7.1 * libzck1-debuginfo-1.1.16-150400.3.7.1 * zchunk-debugsource-1.1.16-150400.3.7.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * zchunk-debuginfo-1.1.16-150400.3.7.1 * zchunk-1.1.16-150400.3.7.1 * libzck-devel-1.1.16-150400.3.7.1 * libzck1-1.1.16-150400.3.7.1 * libzck1-debuginfo-1.1.16-150400.3.7.1 * zchunk-debugsource-1.1.16-150400.3.7.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * zchunk-debuginfo-1.1.16-150400.3.7.1 * libzck-devel-1.1.16-150400.3.7.1 * zchunk-debugsource-1.1.16-150400.3.7.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46228.html * https://bugzilla.suse.com/show_bug.cgi?id=1216268 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 27 12:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2023 12:30:16 -0000 Subject: SUSE-SU-2023:4224-1: important: Security update for zchunk Message-ID: <169840981671.7875.4378129408605712661@smelt2.prg2.suse.org> # Security update for zchunk Announcement ID: SUSE-SU-2023:4224-1 Rating: important References: * bsc#1216268 Cross-References: * CVE-2023-46228 CVSS scores: * CVE-2023-46228 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-46228 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves one vulnerability can now be installed. ## Description: This update for zchunk fixes the following issues: * CVE-2023-46228: Fixed a handle overflow errors in malformed zchunk files. (bsc#1216268) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4224=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4224=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4224=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4224=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4224=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4224=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4224=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4224=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4224=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4224=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4224=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * zchunk-1.1.5-150200.3.5.1 * libzck1-debuginfo-1.1.5-150200.3.5.1 * libzck-devel-1.1.5-150200.3.5.1 * libzck1-1.1.5-150200.3.5.1 * zchunk-debugsource-1.1.5-150200.3.5.1 * zchunk-debuginfo-1.1.5-150200.3.5.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * zchunk-1.1.5-150200.3.5.1 * libzck1-debuginfo-1.1.5-150200.3.5.1 * libzck-devel-1.1.5-150200.3.5.1 * libzck1-1.1.5-150200.3.5.1 * zchunk-debugsource-1.1.5-150200.3.5.1 * zchunk-debuginfo-1.1.5-150200.3.5.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * zchunk-1.1.5-150200.3.5.1 * libzck1-debuginfo-1.1.5-150200.3.5.1 * libzck-devel-1.1.5-150200.3.5.1 * libzck1-1.1.5-150200.3.5.1 * zchunk-debugsource-1.1.5-150200.3.5.1 * zchunk-debuginfo-1.1.5-150200.3.5.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * zchunk-1.1.5-150200.3.5.1 * libzck1-debuginfo-1.1.5-150200.3.5.1 * libzck-devel-1.1.5-150200.3.5.1 * libzck1-1.1.5-150200.3.5.1 * zchunk-debugsource-1.1.5-150200.3.5.1 * zchunk-debuginfo-1.1.5-150200.3.5.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * zchunk-1.1.5-150200.3.5.1 * libzck1-debuginfo-1.1.5-150200.3.5.1 * libzck-devel-1.1.5-150200.3.5.1 * libzck1-1.1.5-150200.3.5.1 * zchunk-debugsource-1.1.5-150200.3.5.1 * zchunk-debuginfo-1.1.5-150200.3.5.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * zchunk-1.1.5-150200.3.5.1 * libzck1-debuginfo-1.1.5-150200.3.5.1 * libzck-devel-1.1.5-150200.3.5.1 * libzck1-1.1.5-150200.3.5.1 * zchunk-debugsource-1.1.5-150200.3.5.1 * zchunk-debuginfo-1.1.5-150200.3.5.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * zchunk-1.1.5-150200.3.5.1 * libzck1-debuginfo-1.1.5-150200.3.5.1 * libzck-devel-1.1.5-150200.3.5.1 * libzck1-1.1.5-150200.3.5.1 * zchunk-debugsource-1.1.5-150200.3.5.1 * zchunk-debuginfo-1.1.5-150200.3.5.1 * SUSE Manager Proxy 4.2 (x86_64) * zchunk-1.1.5-150200.3.5.1 * libzck1-debuginfo-1.1.5-150200.3.5.1 * libzck-devel-1.1.5-150200.3.5.1 * libzck1-1.1.5-150200.3.5.1 * zchunk-debugsource-1.1.5-150200.3.5.1 * zchunk-debuginfo-1.1.5-150200.3.5.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * zchunk-1.1.5-150200.3.5.1 * libzck1-debuginfo-1.1.5-150200.3.5.1 * libzck-devel-1.1.5-150200.3.5.1 * libzck1-1.1.5-150200.3.5.1 * zchunk-debugsource-1.1.5-150200.3.5.1 * zchunk-debuginfo-1.1.5-150200.3.5.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * zchunk-1.1.5-150200.3.5.1 * libzck1-debuginfo-1.1.5-150200.3.5.1 * libzck-devel-1.1.5-150200.3.5.1 * libzck1-1.1.5-150200.3.5.1 * zchunk-debugsource-1.1.5-150200.3.5.1 * zchunk-debuginfo-1.1.5-150200.3.5.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * zchunk-1.1.5-150200.3.5.1 * libzck1-debuginfo-1.1.5-150200.3.5.1 * libzck-devel-1.1.5-150200.3.5.1 * libzck1-1.1.5-150200.3.5.1 * zchunk-debugsource-1.1.5-150200.3.5.1 * zchunk-debuginfo-1.1.5-150200.3.5.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46228.html * https://bugzilla.suse.com/show_bug.cgi?id=1216268 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 27 12:30:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2023 12:30:20 -0000 Subject: SUSE-RU-2023:4223-1: low: Recommended update for release-notes-sles Message-ID: <169840982027.7875.7018876026844311234@smelt2.prg2.suse.org> # Recommended update for release-notes-sles Announcement ID: SUSE-RU-2023:4223-1 Rating: low References: * bsc#1209235 * bsc#933411 * jsc#PED-1763 * jsc#PED-1911 * jsc#PED-3799 * jsc#PED-3800 * jsc#PED-3806 * jsc#PED-4560 * jsc#PED-5268 * jsc#PED-983 * jsc#SLE-24526 Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that contains nine features and has two fixes can now be installed. ## Description: This update for release-notes-sles fixes the following issues: * Minor version update to 15.5.20230929 (bsc#933411) * Added Public Cloud module deprecations (jsc#PED-3806) * Added note about libvirt host network management deprecation (jsc#PED-5268) * Added note about SUSE Manager option missing (bsc#1209235) * Added note about Python 3.11 announcement (jsc#PED-3800, jsc#PED-3799) * Added Ampere AmpereOne SoC (jsc#PED-4560) * Announce NVIDIA Orin (jsc#PED-1763) * Added AWS Graviton3 SoC (jsc#SLE-24526) * Added note about Minimal-VM and Minimal-Image for IBM Z (jsc#PED-1911) * Added note about AMD Wheat Nas GPU (jsc#PED-983) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-2023-4223=1 SUSE-SLE- INSTALLER-15-SP5-2023-4223=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4223=1 openSUSE-SLE-15.5-2023-4223=1 * SUSE Linux Enterprise High Performance Computing 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-4223=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-4223=1 * SUSE Linux Enterprise Desktop 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-4223=1 ## Package List: * SUSE Linux Enterprise Server 15 SP5 (noarch) * release-notes-sles-15.5.20230929-150500.3.6.1 * openSUSE Leap 15.5 (noarch) * release-notes-sles-15.5.20230929-150500.3.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP5 (noarch) * release-notes-sles-15.5.20230929-150500.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * release-notes-sles-15.5.20230929-150500.3.6.1 * SUSE Linux Enterprise Desktop 15 SP5 (noarch) * release-notes-sles-15.5.20230929-150500.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209235 * https://bugzilla.suse.com/show_bug.cgi?id=933411 * https://jira.suse.com/browse/PED-1763 * https://jira.suse.com/browse/PED-1911 * https://jira.suse.com/browse/PED-3799 * https://jira.suse.com/browse/PED-3800 * https://jira.suse.com/browse/PED-3806 * https://jira.suse.com/browse/PED-4560 * https://jira.suse.com/browse/PED-5268 * https://jira.suse.com/browse/PED-983 * https://jira.suse.com/browse/SLE-24526 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 27 16:25:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2023 18:25:40 +0200 (CEST) Subject: SUSE-CU-2023:3582-1: Security update of suse/sles12sp5 Message-ID: <20231027162540.60C49F417@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3582-1 Container Tags : suse/sles12sp5:6.5.527 , suse/sles12sp5:latest Container Release : 6.5.527 Severity : important Type : security References : 1216123 1216174 1216378 CVE-2023-44487 CVE-2023-45853 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4199-1 Released: Wed Oct 25 12:01:35 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4216-1 Released: Thu Oct 26 12:19:45 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - libnghttp2-14-1.39.2-3.13.1 updated - libz1-1.2.11-11.37.1 updated From sle-updates at lists.suse.com Fri Oct 27 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2023 16:30:02 -0000 Subject: SUSE-SU-2023:4232-1: moderate: Security update for python-Django Message-ID: <169842420292.20915.9122420533405691576@smelt2.prg2.suse.org> # Security update for python-Django Announcement ID: SUSE-SU-2023:4232-1 Rating: moderate References: * bsc#1215978 Cross-References: * CVE-2023-43665 CVSS scores: * CVE-2023-43665 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * HPE Helion OpenStack 8 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise Server 12 SP3 * SUSE OpenStack Cloud 8 * SUSE OpenStack Cloud Crowbar 8 An update that solves one vulnerability can now be installed. ## Description: This update for python-Django fixes the following issues: * CVE-2023-43665: Fixed a Denial-of-service in django.utils.text.Truncator. (bsc#1215978) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud Crowbar 8 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2023-4232=1 * HPE Helion OpenStack 8 zypper in -t patch HPE-Helion-OpenStack-8-2023-4232=1 * SUSE OpenStack Cloud 8 zypper in -t patch SUSE-OpenStack-Cloud-8-2023-4232=1 ## Package List: * SUSE OpenStack Cloud Crowbar 8 (noarch) * python-Django-1.11.29-3.54.1 * HPE Helion OpenStack 8 (noarch) * python-Django-1.11.29-3.54.1 * SUSE OpenStack Cloud 8 (noarch) * python-Django-1.11.29-3.54.1 ## References: * https://www.suse.com/security/cve/CVE-2023-43665.html * https://bugzilla.suse.com/show_bug.cgi?id=1215978 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Oct 27 16:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Oct 2023 16:30:05 -0000 Subject: SUSE-RU-2023:4231-1: moderate: Recommended update for python-kiwi Message-ID: <169842420520.20915.13950009086254499058@smelt2.prg2.suse.org> # Recommended update for python-kiwi Announcement ID: SUSE-RU-2023:4231-1 Rating: moderate References: * bsc#1211102 Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for python-kiwi fixes the following issues: * Add SECURE_BOOT no when the firmware is efi (bsc#1211102) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4231=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4231=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4231=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4231=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4231=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4231=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4231=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4231=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4231=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4231=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4231=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4231=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4231=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4231=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * dracut-kiwi-oem-dump-9.24.43-150100.3.62.1 * python-kiwi-debugsource-9.24.43-150100.3.62.1 * dracut-kiwi-oem-repart-9.24.43-150100.3.62.1 * dracut-kiwi-lib-9.24.43-150100.3.62.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * dracut-kiwi-oem-dump-9.24.43-150100.3.62.1 * python-kiwi-debugsource-9.24.43-150100.3.62.1 * dracut-kiwi-oem-repart-9.24.43-150100.3.62.1 * dracut-kiwi-lib-9.24.43-150100.3.62.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kiwi-man-pages-9.24.43-150100.3.62.1 * kiwi-systemdeps-core-9.24.43-150100.3.62.1 * dracut-kiwi-lib-9.24.43-150100.3.62.1 * kiwi-systemdeps-disk-images-9.24.43-150100.3.62.1 * kiwi-systemdeps-image-validation-9.24.43-150100.3.62.1 * python-kiwi-debugsource-9.24.43-150100.3.62.1 * python3-kiwi-9.24.43-150100.3.62.1 * kiwi-tools-debuginfo-9.24.43-150100.3.62.1 * dracut-kiwi-oem-dump-9.24.43-150100.3.62.1 * kiwi-systemdeps-9.24.43-150100.3.62.1 * dracut-kiwi-live-9.24.43-150100.3.62.1 * kiwi-systemdeps-containers-9.24.43-150100.3.62.1 * dracut-kiwi-overlay-9.24.43-150100.3.62.1 * kiwi-systemdeps-filesystems-9.24.43-150100.3.62.1 * kiwi-tools-9.24.43-150100.3.62.1 * kiwi-systemdeps-bootloaders-9.24.43-150100.3.62.1 * kiwi-systemdeps-iso-media-9.24.43-150100.3.62.1 * dracut-kiwi-oem-repart-9.24.43-150100.3.62.1 * openSUSE Leap 15.4 (x86_64) * kiwi-pxeboot-9.24.43-150100.3.62.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * kiwi-man-pages-9.24.43-150100.3.62.1 * kiwi-systemdeps-core-9.24.43-150100.3.62.1 * dracut-kiwi-lib-9.24.43-150100.3.62.1 * kiwi-systemdeps-disk-images-9.24.43-150100.3.62.1 * kiwi-systemdeps-image-validation-9.24.43-150100.3.62.1 * python-kiwi-debugsource-9.24.43-150100.3.62.1 * python3-kiwi-9.24.43-150100.3.62.1 * kiwi-tools-debuginfo-9.24.43-150100.3.62.1 * dracut-kiwi-oem-dump-9.24.43-150100.3.62.1 * kiwi-systemdeps-9.24.43-150100.3.62.1 * dracut-kiwi-live-9.24.43-150100.3.62.1 * kiwi-systemdeps-containers-9.24.43-150100.3.62.1 * dracut-kiwi-overlay-9.24.43-150100.3.62.1 * kiwi-systemdeps-filesystems-9.24.43-150100.3.62.1 * kiwi-tools-9.24.43-150100.3.62.1 * kiwi-systemdeps-bootloaders-9.24.43-150100.3.62.1 * kiwi-systemdeps-iso-media-9.24.43-150100.3.62.1 * dracut-kiwi-oem-repart-9.24.43-150100.3.62.1 * openSUSE Leap 15.5 (x86_64) * kiwi-pxeboot-9.24.43-150100.3.62.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * dracut-kiwi-oem-dump-9.24.43-150100.3.62.1 * python-kiwi-debugsource-9.24.43-150100.3.62.1 * dracut-kiwi-oem-repart-9.24.43-150100.3.62.1 * dracut-kiwi-lib-9.24.43-150100.3.62.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * dracut-kiwi-oem-dump-9.24.43-150100.3.62.1 * python-kiwi-debugsource-9.24.43-150100.3.62.1 * dracut-kiwi-oem-repart-9.24.43-150100.3.62.1 * dracut-kiwi-lib-9.24.43-150100.3.62.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * dracut-kiwi-oem-dump-9.24.43-150100.3.62.1 * python-kiwi-debugsource-9.24.43-150100.3.62.1 * dracut-kiwi-oem-repart-9.24.43-150100.3.62.1 * dracut-kiwi-lib-9.24.43-150100.3.62.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * dracut-kiwi-oem-dump-9.24.43-150100.3.62.1 * python-kiwi-debugsource-9.24.43-150100.3.62.1 * dracut-kiwi-oem-repart-9.24.43-150100.3.62.1 * dracut-kiwi-lib-9.24.43-150100.3.62.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * dracut-kiwi-oem-dump-9.24.43-150100.3.62.1 * python-kiwi-debugsource-9.24.43-150100.3.62.1 * dracut-kiwi-oem-repart-9.24.43-150100.3.62.1 * dracut-kiwi-lib-9.24.43-150100.3.62.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kiwi-man-pages-9.24.43-150100.3.62.1 * kiwi-systemdeps-core-9.24.43-150100.3.62.1 * dracut-kiwi-lib-9.24.43-150100.3.62.1 * kiwi-systemdeps-disk-images-9.24.43-150100.3.62.1 * kiwi-systemdeps-image-validation-9.24.43-150100.3.62.1 * python-kiwi-debugsource-9.24.43-150100.3.62.1 * python3-kiwi-9.24.43-150100.3.62.1 * kiwi-tools-debuginfo-9.24.43-150100.3.62.1 * dracut-kiwi-oem-dump-9.24.43-150100.3.62.1 * kiwi-systemdeps-9.24.43-150100.3.62.1 * dracut-kiwi-live-9.24.43-150100.3.62.1 * kiwi-systemdeps-containers-9.24.43-150100.3.62.1 * dracut-kiwi-overlay-9.24.43-150100.3.62.1 * kiwi-systemdeps-filesystems-9.24.43-150100.3.62.1 * kiwi-tools-9.24.43-150100.3.62.1 * kiwi-systemdeps-bootloaders-9.24.43-150100.3.62.1 * kiwi-systemdeps-iso-media-9.24.43-150100.3.62.1 * dracut-kiwi-oem-repart-9.24.43-150100.3.62.1 * Development Tools Module 15-SP4 (x86_64) * kiwi-pxeboot-9.24.43-150100.3.62.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * kiwi-man-pages-9.24.43-150100.3.62.1 * kiwi-systemdeps-core-9.24.43-150100.3.62.1 * dracut-kiwi-lib-9.24.43-150100.3.62.1 * kiwi-systemdeps-disk-images-9.24.43-150100.3.62.1 * kiwi-systemdeps-image-validation-9.24.43-150100.3.62.1 * python-kiwi-debugsource-9.24.43-150100.3.62.1 * python3-kiwi-9.24.43-150100.3.62.1 * kiwi-tools-debuginfo-9.24.43-150100.3.62.1 * dracut-kiwi-oem-dump-9.24.43-150100.3.62.1 * kiwi-systemdeps-9.24.43-150100.3.62.1 * dracut-kiwi-live-9.24.43-150100.3.62.1 * kiwi-systemdeps-containers-9.24.43-150100.3.62.1 * dracut-kiwi-overlay-9.24.43-150100.3.62.1 * kiwi-systemdeps-filesystems-9.24.43-150100.3.62.1 * kiwi-tools-9.24.43-150100.3.62.1 * kiwi-systemdeps-bootloaders-9.24.43-150100.3.62.1 * kiwi-systemdeps-iso-media-9.24.43-150100.3.62.1 * dracut-kiwi-oem-repart-9.24.43-150100.3.62.1 * Development Tools Module 15-SP5 (x86_64) * kiwi-pxeboot-9.24.43-150100.3.62.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * python-kiwi-debugsource-9.24.43-150100.3.62.1 * dracut-kiwi-oem-repart-9.24.43-150100.3.62.1 * dracut-kiwi-lib-9.24.43-150100.3.62.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * dracut-kiwi-oem-dump-9.24.43-150100.3.62.1 * python-kiwi-debugsource-9.24.43-150100.3.62.1 * dracut-kiwi-oem-repart-9.24.43-150100.3.62.1 * dracut-kiwi-lib-9.24.43-150100.3.62.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * dracut-kiwi-oem-dump-9.24.43-150100.3.62.1 * python-kiwi-debugsource-9.24.43-150100.3.62.1 * dracut-kiwi-oem-repart-9.24.43-150100.3.62.1 * dracut-kiwi-lib-9.24.43-150100.3.62.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211102 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Sat Oct 28 07:04:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 28 Oct 2023 09:04:22 +0200 (CEST) Subject: SUSE-CU-2023:3585-1: Security update of suse/sle15 Message-ID: <20231028070422.C47C4F417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3585-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.836 Container Release : 6.2.836 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1212475 1213915 1214052 1214460 1215713 1216378 CVE-2023-35945 CVE-2023-4039 CVE-2023-45853 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4102-1 Released: Tue Oct 17 15:14:27 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4125-1 Released: Thu Oct 19 09:34:58 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4217-1 Released: Thu Oct 26 12:20:27 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.40.2 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libnghttp2-14-1.40.0-150000.3.14.1 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libz1-1.2.11-150000.3.48.1 updated From sle-updates at lists.suse.com Sat Oct 28 07:05:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 28 Oct 2023 09:05:13 +0200 (CEST) Subject: SUSE-CU-2023:3586-1: Security update of suse/pcp Message-ID: <20231028070513.0C3E3F417@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3586-1 Container Tags : suse/pcp:5 , suse/pcp:5-17.171 , suse/pcp:5.2 , suse/pcp:5.2-17.171 , suse/pcp:5.2.5 , suse/pcp:5.2.5-17.171 Container Release : 17.171 Severity : important Type : security References : 1107342 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215215 1215286 1215313 1215434 1215891 1216123 1216174 1216378 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 CVE-2023-4813 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4122-1 Released: Thu Oct 19 08:24:34 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4217-1 Released: Thu Oct 26 12:20:27 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - glibc-2.31-150300.63.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libudev1-249.16-150400.8.35.5 updated - libz1-1.2.11-150000.3.48.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libsystemd0-249.16-150400.8.35.5 updated - libopenssl1_1-1.1.1l-150400.7.57.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.57.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - systemd-249.16-150400.8.35.5 updated - container:bci-bci-init-15.4-15.4-30.18 updated From sle-updates at lists.suse.com Sat Oct 28 07:06:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 28 Oct 2023 09:06:01 +0200 (CEST) Subject: SUSE-CU-2023:3589-1: Security update of suse/389-ds Message-ID: <20231028070601.5B9EEF417@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3589-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-16.29 , suse/389-ds:latest Container Release : 16.29 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1216123 1216174 1216378 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:4194-1 Released: Wed Oct 25 11:01:41 2023 Summary: Feature update for python3 Type: feature Severity: low References: This feature update for python3 packages adds the following: - First batch of python3.11 modules (jsc#PED-68) - Rename sources of python3-kubernetes, python3-cryptography and python3-cryptography-vectors to accommodate the new 3.11 versions, this 3 packages have no code changes. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - libz1-1.2.13-150500.4.3.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - python3-cryptography-3.3.2-150400.20.3 updated - container:sles15-image-15.0.0-36.5.50 updated From sle-updates at lists.suse.com Sat Oct 28 07:07:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 28 Oct 2023 09:07:15 +0200 (CEST) Subject: SUSE-CU-2023:3596-1: Security update of bci/golang Message-ID: <20231028070715.93843F417@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3596-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-2.4.30 , bci/golang:oldstable , bci/golang:oldstable-2.4.30 Container Release : 4.30 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1216123 1216174 1216378 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4193-1 Released: Wed Oct 25 10:36:43 2023 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - added EOL dates for previous go1.xx compiler packages (go1.15 to go1.19) - added EOL dates for previous rust compiler versions (1.43 up to 1.70) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - libz1-1.2.13-150500.4.3.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libatomic1-13.2.1+git7813-150000.1.3.3 updated - libgomp1-13.2.1+git7813-150000.1.3.3 updated - libitm1-13.2.1+git7813-150000.1.3.3 updated - liblsan0-13.2.1+git7813-150000.1.3.3 updated - lifecycle-data-sle-module-development-tools-1-150200.3.21.1 updated - container:sles15-image-15.0.0-36.5.50 updated From sle-updates at lists.suse.com Sat Oct 28 07:07:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 28 Oct 2023 09:07:20 +0200 (CEST) Subject: SUSE-CU-2023:3597-1: Security update of bci/golang Message-ID: <20231028070720.C69A0F417@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3597-1 Container Tags : bci/golang:1.19-openssl , bci/golang:1.19-openssl-7.29 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-7.29 Container Release : 7.29 Severity : important Type : security References : 1216123 1216174 1216378 CVE-2023-44487 CVE-2023-45853 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4193-1 Released: Wed Oct 25 10:36:43 2023 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - added EOL dates for previous go1.xx compiler packages (go1.15 to go1.19) - added EOL dates for previous rust compiler versions (1.43 up to 1.70) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - libz1-1.2.13-150500.4.3.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - lifecycle-data-sle-module-development-tools-1-150200.3.21.1 updated - zlib-devel-1.2.13-150500.4.3.1 updated - container:sles15-image-15.0.0-36.5.50 updated From sle-updates at lists.suse.com Sat Oct 28 07:07:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 28 Oct 2023 09:07:31 +0200 (CEST) Subject: SUSE-CU-2023:3598-1: Security update of bci/golang Message-ID: <20231028070731.81984F417@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3598-1 Container Tags : bci/golang:1.21 , bci/golang:1.21-1.4.28 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.4.28 Container Release : 4.28 Severity : important Type : security References : 1107342 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215215 1215286 1215313 1215434 1215891 1216123 1216174 1216378 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 CVE-2023-4813 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4105-1 Released: Wed Oct 18 08:15:40 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4193-1 Released: Wed Oct 25 10:36:43 2023 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - added EOL dates for previous go1.xx compiler packages (go1.15 to go1.19) - added EOL dates for previous rust compiler versions (1.43 up to 1.70) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - glibc-2.31-150300.63.1 updated - libz1-1.2.13-150500.4.3.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libsystemd0-249.16-150400.8.35.5 updated - libopenssl1_1-1.1.1l-150500.17.19.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.19.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - libatomic1-13.2.1+git7813-150000.1.3.3 updated - libgomp1-13.2.1+git7813-150000.1.3.3 updated - libitm1-13.2.1+git7813-150000.1.3.3 updated - liblsan0-13.2.1+git7813-150000.1.3.3 updated - lifecycle-data-sle-module-development-tools-1-150200.3.21.1 updated - glibc-devel-2.31-150300.63.1 updated - container:sles15-image-15.0.0-36.5.50 updated From sle-updates at lists.suse.com Sat Oct 28 07:07:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 28 Oct 2023 09:07:34 +0200 (CEST) Subject: SUSE-CU-2023:3599-1: Security update of bci/golang Message-ID: <20231028070734.D017FF417@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3599-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-7.26 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-7.26 Container Release : 7.26 Severity : important Type : security References : 1107342 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215215 1215286 1215313 1215434 1215891 1216123 1216174 1216378 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 CVE-2023-4813 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4105-1 Released: Wed Oct 18 08:15:40 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4193-1 Released: Wed Oct 25 10:36:43 2023 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - added EOL dates for previous go1.xx compiler packages (go1.15 to go1.19) - added EOL dates for previous rust compiler versions (1.43 up to 1.70) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - glibc-2.31-150300.63.1 updated - libz1-1.2.13-150500.4.3.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libsystemd0-249.16-150400.8.35.5 updated - libopenssl1_1-1.1.1l-150500.17.19.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.19.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - openssl-1_1-1.1.1l-150500.17.19.1 updated - libatomic1-13.2.1+git7813-150000.1.3.3 updated - libgomp1-13.2.1+git7813-150000.1.3.3 updated - libitm1-13.2.1+git7813-150000.1.3.3 updated - liblsan0-13.2.1+git7813-150000.1.3.3 updated - lifecycle-data-sle-module-development-tools-1-150200.3.21.1 updated - glibc-devel-2.31-150300.63.1 updated - zlib-devel-1.2.13-150500.4.3.1 updated - libopenssl-1_1-devel-1.1.1l-150500.17.19.1 updated - container:sles15-image-15.0.0-36.5.50 updated From sle-updates at lists.suse.com Sat Oct 28 07:07:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 28 Oct 2023 09:07:39 +0200 (CEST) Subject: SUSE-CU-2023:3600-1: Security update of suse/nginx Message-ID: <20231028070739.6F2D2F417@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3600-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-5.24 , suse/nginx:latest Container Release : 5.24 Severity : important Type : security References : 1216123 1216174 1216378 CVE-2023-44487 CVE-2023-45853 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - libz1-1.2.13-150500.4.3.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - container:sles15-image-15.0.0-36.5.50 updated From sle-updates at lists.suse.com Sat Oct 28 07:08:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 28 Oct 2023 09:08:10 +0200 (CEST) Subject: SUSE-CU-2023:3603-1: Security update of bci/openjdk-devel Message-ID: <20231028070810.8FBC5F417@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3603-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-12.46 , bci/openjdk-devel:latest Container Release : 12.46 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1216123 1216174 1216378 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - libz1-1.2.13-150500.4.3.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - container:bci-openjdk-17-15.5.17-12.23 updated From sle-updates at lists.suse.com Sat Oct 28 07:09:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 28 Oct 2023 09:09:17 +0200 (CEST) Subject: SUSE-CU-2023:3610-1: Security update of bci/python Message-ID: <20231028070917.04181F417@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3610-1 Container Tags : bci/python:3 , bci/python:3-12.18 , bci/python:3.11 , bci/python:3.11-12.18 , bci/python:latest Container Release : 12.18 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1216123 1216174 1216378 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4193-1 Released: Wed Oct 25 10:36:43 2023 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - added EOL dates for previous go1.xx compiler packages (go1.15 to go1.19) - added EOL dates for previous rust compiler versions (1.43 up to 1.70) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:4194-1 Released: Wed Oct 25 11:01:41 2023 Summary: Feature update for python3 Type: feature Severity: low References: This feature update for python3 packages adds the following: - First batch of python3.11 modules (jsc#PED-68) - Rename sources of python3-kubernetes, python3-cryptography and python3-cryptography-vectors to accommodate the new 3.11 versions, this 3 packages have no code changes. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - libz1-1.2.13-150500.4.3.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - lifecycle-data-sle-module-development-tools-1-150200.3.21.1 updated - python311-setuptools-67.7.2-150400.3.9.9 updated - python311-pip-22.3.1-150400.17.9.9 updated - container:sles15-image-15.0.0-36.5.50 updated From sle-updates at lists.suse.com Sat Oct 28 07:09:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 28 Oct 2023 09:09:45 +0200 (CEST) Subject: SUSE-CU-2023:3613-1: Security update of bci/rust Message-ID: <20231028070945.4DEB9F417@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3613-1 Container Tags : bci/rust:1.72 , bci/rust:1.72-2.2.14 , bci/rust:oldstable , bci/rust:oldstable-2.2.14 Container Release : 2.14 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1216123 1216174 1216378 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4193-1 Released: Wed Oct 25 10:36:43 2023 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - added EOL dates for previous go1.xx compiler packages (go1.15 to go1.19) - added EOL dates for previous rust compiler versions (1.43 up to 1.70) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - libz1-1.2.13-150500.4.3.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libasan8-13.2.1+git7813-150000.1.3.3 updated - libatomic1-13.2.1+git7813-150000.1.3.3 updated - libgomp1-13.2.1+git7813-150000.1.3.3 updated - libitm1-13.2.1+git7813-150000.1.3.3 updated - liblsan0-13.2.1+git7813-150000.1.3.3 updated - libtsan2-13.2.1+git7813-150000.1.3.3 updated - libubsan1-13.2.1+git7813-150000.1.3.3 updated - lifecycle-data-sle-module-development-tools-1-150200.3.21.1 updated - container:sles15-image-15.0.0-36.5.50 updated From sle-updates at lists.suse.com Sat Oct 28 07:09:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 28 Oct 2023 09:09:55 +0200 (CEST) Subject: SUSE-CU-2023:3614-1: Security update of bci/rust Message-ID: <20231028070955.6FA24F417@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3614-1 Container Tags : bci/rust:1.73 , bci/rust:1.73-1.2.13 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.13 Container Release : 2.13 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1216123 1216174 1216378 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4193-1 Released: Wed Oct 25 10:36:43 2023 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - added EOL dates for previous go1.xx compiler packages (go1.15 to go1.19) - added EOL dates for previous rust compiler versions (1.43 up to 1.70) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - libz1-1.2.13-150500.4.3.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libasan8-13.2.1+git7813-150000.1.3.3 updated - libatomic1-13.2.1+git7813-150000.1.3.3 updated - libgomp1-13.2.1+git7813-150000.1.3.3 updated - libitm1-13.2.1+git7813-150000.1.3.3 updated - liblsan0-13.2.1+git7813-150000.1.3.3 updated - libtsan2-13.2.1+git7813-150000.1.3.3 updated - libubsan1-13.2.1+git7813-150000.1.3.3 updated - lifecycle-data-sle-module-development-tools-1-150200.3.21.1 updated - container:sles15-image-15.0.0-36.5.50 updated From sle-updates at lists.suse.com Sat Oct 28 12:46:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 28 Oct 2023 14:46:49 +0200 (CEST) Subject: SUSE-CU-2023:3616-1: Security update of suse/sle15 Message-ID: <20231028124649.F4196F417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3616-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.363 Container Release : 9.5.363 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1212475 1213915 1214052 1214460 1215215 1216123 1216174 1216378 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4125-1 Released: Thu Oct 19 09:34:58 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4217-1 Released: Thu Oct 26 12:20:27 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4226-1 Released: Fri Oct 27 11:14:10 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) The following package changes have been done: - container-suseconnect-2.4.0-150000.4.40.2 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.79.1 updated - libopenssl1_1-1.1.1d-150200.11.79.1 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libz1-1.2.11-150000.3.48.1 updated - openssl-1_1-1.1.1d-150200.11.79.1 updated From sle-updates at lists.suse.com Mon Oct 30 08:01:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Oct 2023 09:01:03 +0100 (CET) Subject: SUSE-IU-2023:774-1: Security update of suse-sles-15-sp4-chost-byos-v20231027-x86_64-gen2 Message-ID: <20231030080103.EF47CF417@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20231027-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:774-1 Image Tags : suse-sles-15-sp4-chost-byos-v20231027-x86_64-gen2:20231027 Image Release : Severity : important Type : security References : 1023051 1107342 1120059 1177719 1188885 1193629 1194869 1201066 1201300 1202845 1205462 1205767 1206480 1206684 1208902 1208949 1209233 1209284 1209799 1210048 1210335 1210448 1210557 1211078 1211427 1212091 1212101 1212142 1212475 1212526 1212857 1212873 1213026 1213123 1213428 1213546 1213580 1213601 1213666 1213757 1213759 1213808 1213854 1213915 1213916 1213921 1213927 1213940 1213946 1213968 1213970 1213971 1214000 1214019 1214052 1214120 1214149 1214180 1214238 1214285 1214292 1214297 1214299 1214350 1214368 1214370 1214371 1214372 1214380 1214386 1214392 1214393 1214395 1214397 1214428 1214451 1214460 1214635 1214659 1214661 1214729 1214742 1214743 1214756 1214806 1214922 1214924 1214925 1214928 1214940 1214941 1214942 1214943 1214944 1214950 1214951 1214954 1214957 1214986 1214988 1214992 1214993 1215004 1215006 1215007 1215033 1215215 1215286 1215313 1215322 1215323 1215434 1215522 1215523 1215552 1215553 1215713 1215744 1215746 1215747 1215748 1215877 1215888 1215889 1215891 1215894 1215895 1215896 1215904 1215905 1215908 1215911 1215915 1215916 1215935 1215936 1215968 1216123 1216174 1216268 1216378 CVE-2023-1192 CVE-2023-1206 CVE-2023-1829 CVE-2023-1859 CVE-2023-2007 CVE-2023-20588 CVE-2023-2177 CVE-2023-22652 CVE-2023-23559 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 CVE-2023-34319 CVE-2023-34323 CVE-2023-34325 CVE-2023-34326 CVE-2023-34327 CVE-2023-34328 CVE-2023-35945 CVE-2023-3610 CVE-2023-37453 CVE-2023-3772 CVE-2023-38545 CVE-2023-38546 CVE-2023-3863 CVE-2023-39192 CVE-2023-39193 CVE-2023-39194 CVE-2023-4039 CVE-2023-4091 CVE-2023-4128 CVE-2023-4133 CVE-2023-4134 CVE-2023-4147 CVE-2023-4154 CVE-2023-4155 CVE-2023-4194 CVE-2023-42669 CVE-2023-4273 CVE-2023-42753 CVE-2023-42754 CVE-2023-43804 CVE-2023-4387 CVE-2023-4389 CVE-2023-44487 CVE-2023-4459 CVE-2023-4563 CVE-2023-4569 CVE-2023-45853 CVE-2023-4622 CVE-2023-46228 CVE-2023-4623 CVE-2023-4641 CVE-2023-4692 CVE-2023-4693 CVE-2023-4733 CVE-2023-4734 CVE-2023-4735 CVE-2023-4738 CVE-2023-4752 CVE-2023-4781 CVE-2023-4813 CVE-2023-4881 CVE-2023-4921 CVE-2023-5345 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20231027-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3951-1 Released: Tue Oct 3 19:37:46 2023 Summary: Recommended update for python3-jmespath, python3-ply Type: recommended Severity: moderate References: 1209233 This update for python3-jmespath and python3-ply fixes the following issue: - the packages are required as dependencies for python3-salt, and were missing on aarch64 based SLE Micro flavors so far. There are no functional changes. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3952-1 Released: Tue Oct 3 20:06:23 2023 Summary: Security update for runc Type: security Severity: important References: 1212475 This update of runc fixes the following issues: - Update to runc v1.1.8. Upstream changelog is available from . - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3955-1 Released: Tue Oct 3 21:27:58 2023 Summary: Security update for vim Type: security Severity: important References: 1214922,1214924,1214925,1215004,1215006,1215033,CVE-2023-4733,CVE-2023-4734,CVE-2023-4735,CVE-2023-4738,CVE-2023-4752,CVE-2023-4781 This update for vim fixes the following issues: Security fixes: - CVE-2023-4733: Fixed use-after-free in function buflist_altfpos (bsc#1215004). - CVE-2023-4734: Fixed segmentation fault in function f_fullcommand (bsc#1214925). - CVE-2023-4735: Fixed out of bounds write in ops.c (bsc#1214924). - CVE-2023-4738: Fixed heap buffer overflow in vim_regsub_both (bsc#1214922). - CVE-2023-4752: Fixed heap use-after-free in function ins_compl_get_exp (bsc#1215006). - CVE-2023-4781: Fixed heap buffer overflow in function vim_regsub_both (bsc#1215033). Other fixes: - Update to version 9.0 with patch level 1894, for the complete list of changes see https://github.com/vim/vim/compare/v9.0.1443...v9.0.1894 - Use app icons generated from vimlogo.eps in the source tarball; add higher resolution icons of sizes 128x128, 256x256, and 512x512 as png sources ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3969-1 Released: Wed Oct 4 14:05:43 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1023051,1120059,1177719,1188885,1193629,1194869,1205462,1208902,1208949,1209284,1209799,1210048,1210448,1212091,1212142,1212526,1212857,1212873,1213026,1213123,1213546,1213580,1213601,1213666,1213757,1213759,1213916,1213921,1213927,1213946,1213968,1213970,1213971,1214000,1214019,1214120,1214149,1214180,1214238,1214285,1214297,1214299,1214350,1214368,1214370,1214371,1214372,1214380,1214386,1214392,1214393,1214397,1214428,1214451,1214635,1214659,1214661,1214729,1214742,1214743,1214756,1215522,1215523,1215552,1215553,CVE-2023-2007,CVE-2023-20588,CVE-2023-34319,CVE-2023-3610,CVE-2023-37453,CVE-2023-3772,CVE-2023-3863,CVE-2023-4128,CVE-2023-4133,CVE-2023-4134,CVE-2023-4147,CVE-2023-4194,CVE-2023-4273,CVE-2023-4387,CVE-2023-4459,CVE-2023-4569 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448). - CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927). - CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546). - CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580). - CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123). - CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666). - CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). - CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149). - CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970). - CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971). - CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968). - CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019). - CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120). - CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350). - CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451). - CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c (bsc#1214729). The following non-security bugs were fixed: - Drop amdgpu patch causing spamming (bsc#1215523) - acpi: processor: perflib: avoid updating frequency qos unnecessarily (git-fixes). - acpi: processor: perflib: use the 'no limit' frequency qos (git-fixes). - acpi: x86: s2idle: fix a logic error parsing amd constraints table (git-fixes). - alsa: ac97: fix possible error value of *rac97 (git-fixes). - alsa: hda/cs8409: support new dell dolphin variants (git-fixes). - alsa: hda/realtek - remodified 3k pull low procedure (git-fixes). - alsa: hda/realtek: add quirk for hp victus 16-d1xxx to enable mute led (git-fixes). - alsa: hda/realtek: add quirk for mute leds on hp envy x360 15-eu0xxx (git-fixes). - alsa: hda/realtek: add quirks for hp g11 laptops (git-fixes). - alsa: hda/realtek: switch dell oasis models to use spi (git-fixes). - alsa: pcm: fix missing fixup call in compat hw_refine ioctl (git-fixes). - alsa: usb-audio: add support for mythware xa001au capture and playback interfaces (git-fixes). - alsa: usb-audio: fix init call orders for uac1 (git-fixes). - alsa: ymfpci: fix the missing snd_card_free() call at probe error (git-fixes). - amba: bus: fix refcount leak (git-fixes). - arm64: dts: imx8mn-var-som: add missing pull-up for onboard phy reset pinmux (git-fixes). - arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (git-fixes). - arm64: dts: rockchip: disable hs400 for emmc on rock pi 4 (git-fixes). - arm: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix usb related warnings (git-fixes). - arm: dts: imx6sll: fixup of operating points (git-fixes). - arm: spear: do not use timer namespace for timer_shutdown() function (bsc#1213970). - asoc: lower 'no backend dais enabled for ... port' log severity (git-fixes). - asoc: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes). - asoc: rt5665: add missed regulator_bulk_disable (git-fixes). - asoc: sof: intel: fix soundwire/hdaudio mutual exclusion (git-fixes). - asoc: stac9766: fix build errors with regmap_ac97 (git-fixes). - asoc: tegra: fix sfc conversion for few rates (git-fixes). - audit: fix possible soft lockup in __audit_inode_child() (git-fixes). - backlight/bd6107: compare against struct fb_info.device (git-fixes). - backlight/gpio_backlight: compare against struct fb_info.device (git-fixes). - backlight/lv5207lp: compare against struct fb_info.device (git-fixes). - batman-adv: do not get eth header before batadv_check_management_packet (git-fixes). - batman-adv: do not increase mtu when set by user (git-fixes). - batman-adv: fix batadv_v_ogm_aggr_send memory leak (git-fixes). - batman-adv: fix tt global entry leak when client roamed back (git-fixes). - batman-adv: trigger events for auto adjusted mtu (git-fixes). - bluetooth: btusb: add mt7922 bluetooth id for the asus ally (git-fixes). - bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - bluetooth: fix potential use-after-free when clear keys (git-fixes). - bluetooth: l2cap: fix use-after-free (git-fixes). - bluetooth: l2cap: fix use-after-free in l2cap_sock_ready_cb (git-fixes). - bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git-fixes). - bluetooth: remove unused declaration amp_read_loc_info() (git-fixes). - bnx2x: fix page fault following eeh recovery (bsc#1214299). - bpf: disable preemption in bpf_event_output (git-fixes). - bus: ti-sysc: fix build warning for 64-bit build (git-fixes). - bus: ti-sysc: fix cast to enum warning (git-fixes). - bus: ti-sysc: flush posted write on enable before reset (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): count rx overflow errors also in case of oom (git-fixes). - ceph: defer stopping mdsc delayed_work (bsc#1214392). - ceph: do not check for quotas on mds stray dirs (bsc#1214238). - ceph: never send metrics if disable_send_metrics is set (bsc#1214180). - check-for-config-changes: ignore builtin_return_address_strips_pac (bsc#1214380). gcc7 on sle 15 does not support this while later gcc does. - cifs: add missing return value check for cifs_sb_tlink (bsc#1193629). - cifs: allow dumping keys for directories too (bsc#1193629). - cifs: fix mid leak during reconnection after timeout threshold (git-fixes). - cifs: if deferred close is disabled then close files immediately (git-fixes). - cifs: is_network_name_deleted should return a bool (bsc#1193629). - cifs: update internal module version number for cifs.ko (bsc#1193629). - clk: fix slab-out-of-bounds error in devm_clk_release() (git-fixes). - clk: fix undefined reference to `clk_rate_exclusive_{get,put}' (git-fixes). - clk: imx8mp: fix sai4 clock (git-fixes). - clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op (git-fixes). - clk: imx: pll14xx: dynamically configure pll for 393216000/361267200hz (git-fixes). - clk: qcom: camcc-sc7180: fix async resume during probe (git-fixes). - clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (git-fixes). - clk: qcom: gcc-sc7180: fix up gcc_sdcc2_apps_clk_src (git-fixes). - clk: qcom: gcc-sm8250: fix gcc_sdcc2_apps_clk_src (git-fixes). - clk: sunxi-ng: modify mismatched function name (git-fixes). - clocksource/drivers/arm_arch_timer: do not use timer namespace for timer_shutdown() function (bsc#1213970). - clocksource/drivers/sp804: do not use timer namespace for timer_shutdown() function (bsc#1213970). - config_nvme_verbose_errors=y gone with a82baa8083b - config_printk_safe_log_buf_shift=13 gone with 7e152d55123 - cpu/smt: allow enabling partial smt states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: move smt prototypes into cpu_smt.h (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: move smt/control simple exit cases earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: remove topology_smt_supported() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: store the current/max number of threads (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpufreq: fix the race condition while updating the transition_task of policy (git-fixes). - cpufreq: intel_pstate: adjust balance_performance epp for sapphire rapids (bsc#1214659). - cpufreq: intel_pstate: enable hwp io boost for all servers (bsc#1208949 jsc#ped-6003 jsc#ped-6004). - cpufreq: intel_pstate: fix scaling for hybrid-capable systems with disabled e-cores (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - cpufreq: intel_pstate: hybrid: rework hwp calibration (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - cpufreq: intel_pstate: hybrid: use known scaling factor for p-cores (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - cpufreq: intel_pstate: read all msrs on the target cpu (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - created new preempt kernel flavor configs are cloned from the respective $arch/default configs. all changed configs appart from config_preempt->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. tree_rcu has been also changed to preempt_rcu which is the default implementation for preempt kernel. - crypto: caam - fix unchecked return value error (git-fixes). - crypto: stm32 - properly handle pm_runtime_get failing (git-fixes). - dma-buf/sw_sync: avoid recursive lock during fence signal (git-fixes). - dma-buf/sync_file: fix docs syntax (git-fixes). - dmaengine: idxd: modify the dependence of attribute pasid_enabled (git-fixes). - dmaengine: mcf-edma: fix a potential un-allocated memory access (git-fixes). - dmaengine: pl330: return dma_paused when transaction is paused (git-fixes). - dmaengine: ste_dma40: add missing irq check in d40_probe (git-fixes). - docs/process/howto: replace c89 with c11 (bsc#1214756). - docs: kernel-parameters: refer to the correct bitmap function (git-fixes). - docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx (git-fixes). - docs: printk-formats: fix hex printing of signed values (git-fixes). - documentation: devices.txt: fix minors for ttycpm* (git-fixes). - documentation: devices.txt: remove ttyioc* (git-fixes). - documentation: devices.txt: remove ttysioc* (git-fixes). - driver core: test_async: fix an error code (git-fixes). - drivers: clk: keystone: fix parameter judgment in _of_pll_clk_init() (git-fixes). - drivers: usb: smsusb: fix error handling code in smsusb_init_device (git-fixes). - drm/amd/display: check attr flag before set cursor degamma on dcn3+ (git-fixes). - drm/amd/display: check tg is non-null before checking if enabled (git-fixes). - drm/amd/display: do not wait for mpc idle if tg is disabled (git-fixes). - drm/amd/display: fix access hdcp_workqueue assert (git-fixes). - drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes). - drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes). - drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create() (git-fixes). - drm/amd: flush any delayed gfxoff on suspend entry (git-fixes). - drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() (git-fixes). - drm/amdgpu: fix potential fence use-after-free v2 (git-fixes). - drm/amdgpu: install stub fence into potential unused fence pointers (git-fixes). - drm/amdgpu: use rmw accessors for changing lnkctl (git-fixes). - drm/armada: fix off-by-one error in armada_overlay_get_property() (git-fixes). - drm/ast: fix dram init on ast2200 (git-fixes). - drm/bridge: anx7625: drop device lock before drm_helper_hpd_irq_event() (git-fixes). - drm/bridge: fix -wunused-const-variable= warning (git-fixes). - drm/bridge: tc358764: fix debug print parameter order (git-fixes). - drm/etnaviv: fix dumping of active mmu context (git-fixes). - drm/mediatek: fix dereference before null check (git-fixes). - drm/mediatek: fix potential memory leak if vmap() fail (git-fixes). - drm/msm/a2xx: call adreno_gpu_init() earlier (git-fixes). - drm/msm/mdp5: do not leak some plane state (git-fixes). - drm/nouveau/disp: revert a null check inside nouveau_connector_get_modes (git-fixes). - drm/nouveau/gr: enable memory loads on helper invocation on all channels (git-fixes). - drm/panel: simple: add missing connector type and pixel format for auo t215hvn01 (git-fixes). - drm/panel: simple: fix auo g121ean01 panel timings according to the docs (git-fixes). - drm/qxl: fix uaf on handle creation (git-fixes). - drm/radeon: use rmw accessors for changing lnkctl (git-fixes). - drm/rockchip: do not spam logs in atomic check (git-fixes). - drm/shmem-helper: reset vma->vm_ops before calling dma_buf_mmap() (git-fixes). - drm/tegra: dpaux: fix incorrect return value of platform_get_irq (git-fixes). - drm/ttm: check null pointer before accessing when swapping (git-fixes). - drm/ttm: never consider pinned bos for eviction&swap (git-fixes). - drm/vmwgfx: fix shader stage validation (git-fixes). - drm: xlnx: zynqmp_dpsub: add missing check for dma_set_mask (git-fixes). - drop cfg80211 lock fix patches that caused a regression (bsc#1213757) - drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428) - dt-bindings: clock: xlnx,versal-clk: drop select:false (git-fixes). - dt-bindings: clocks: imx8mp: make sai4 a dummy clock (git-fixes). - dt-bindings: crypto: ti,sa2ul: make power-domains conditional (git-fixes). - e1000: fix typos in comments (jsc#ped-5738). - e1000: remove unnecessary use of kmap_atomic() (jsc#ped-5738). - e1000: switch to napi_build_skb() (jsc#ped-5738). - e1000: switch to napi_consume_skb() (jsc#ped-5738). - enable analog devices industrial ethernet phy driver (jsc#ped-4759) - exfat: fix unexpected eof while reading dir (bsc#1214000). - exfat: release s_lock before calling dir_emit() (bsc#1214000). - exfat_iterate(): do not open-code file_inode(file) (bsc#1214000). - fbdev/ep93xx-fb: do not assign to struct fb_info.dev (git-fixes). - fbdev: fix potential oob read in fast_imageblit() (git-fixes). - fbdev: fix sys_imageblit() for arbitrary image widths (git-fixes). - fbdev: improve performance of sys_imageblit() (git-fixes). - fbdev: mmp: fix value check in mmphw_probe() (git-fixes). - file: reinstate f_pos locking optimization for regular files (bsc#1213759). - firmware: arm_scmi: drop of node reference in the transport channel setup (git-fixes). - firmware: cs_dsp: fix new control name check (git-fixes). - firmware: meson_sm: fix to avoid potential null pointer dereference (git-fixes). - firmware: stratix10-svc: fix an null vs is_err() bug in probe (git-fixes). - fs/sysv: null check to prevent null-ptr-deref bug (git-fixes). - ftrace: fix possible warning on checking all pages used in ftrace_process_locs() (git-fixes). - gpio: mvebu: fix irq domain leak (git-fixes). - gpio: mvebu: make use of devm_pwmchip_add (git-fixes). - gpio: tps68470: make tps68470_gpio_output() always set the initial value (git-fixes). - hid: add quirk for 03f0:464a hp elite presenter mouse (git-fixes). - hid: logitech-dj: fix error handling in logi_dj_recv_switch_to_dj_mode() (git-fixes). - hid: logitech-hidpp: add usb and bluetooth ids for the logitech g915 tkl keyboard (git-fixes). - hid: multitouch: correct devm device reference for hidinput input_dev name (git-fixes). - hid: wacom: remove the battery when the ekr is off (git-fixes). - hwmon: (pmbus/bel-pfe) enable pmbus_skip_status_check for pfe1100 (git-fixes). - hwmon: (tmp513) fix the channel number in tmp51x_is_visible() (git-fixes). - hwpoison: offline support: fix spelling in documentation/abi/ (git-fixes). - hwrng: iproc-rng200 - implement suspend and resume calls (git-fixes). - hwrng: nomadik - keep clock enabled while hwrng is registered (git-fixes). - hwrng: pic32 - use devm_clk_get_enabled (git-fixes). - i2c: bcm-iproc: fix bcm_iproc_i2c_isr deadlock issue (git-fixes). - i2c: designware: correct length byte validation logic (git-fixes). - i2c: designware: handle invalid smbus block data response length value (git-fixes). - i2c: hisi: only handle the interrupt of the driver's transfer (git-fixes). - i2c: improve size determinations (git-fixes). - i2c: nomadik: remove a useless call in the remove function (git-fixes). - i2c: nomadik: remove unnecessary goto label (git-fixes). - i2c: nomadik: use devm_clk_get_enabled() (git-fixes). - i40e: fix an null vs is_err() bug for debugfs_create_dir() (git-fixes). - iavf: fix potential races for fdir filters (git-fixes). - ib/hfi1: fix possible panic during hotplug remove (git-fixes) - ib/uverbs: fix an potential error pointer dereference (git-fixes) - ice: fix max_rate check while configuring tx rate limits (git-fixes). - ice: fix memory management in ice_ethtool_fdir.c (git-fixes). - ice: fix rdma vsi removal during queue rebuild (git-fixes). - iio: adc: ina2xx: avoid null pointer dereference on of device match (git-fixes). - iio: adc: stx104: implement and utilize register structures (git-fixes). - iio: adc: stx104: utilize iomap interface (git-fixes). - iio: cros_ec: fix the allocation size for cros_ec_command (git-fixes). - input: exc3000 - properly stop timer on shutdown (git-fixes). - intel/e1000:fix repeated words in comments (jsc#ped-5738). - intel: remove unused macros (jsc#ped-5738). - iommu/amd: add pci segment support for ivrs_ commands (git-fixes). - iommu/amd: fix compile warning in init code (git-fixes). - iommu/amd: fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (git-fixes). - iommu/amd: fix ivrs_acpihid cmdline parsing code (git-fixes). - iommu/amd: fix pci device refcount leak in ppr_notifier() (git-fixes). - iommu/amd: use full 64-bit value in build_completion_wait() (git-fixes). - iommu/arm-smmu-v3: check return value after calling platform_get_resource() (git-fixes). - iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes). - iommu/arm-smmu-v3: make default domain type of hisilicon ptt device to identity (git-fixes). - iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (git-fixes). - iommu/dart: initialize dart_streams_enable (git-fixes). - iommu/dma: fix incorrect error return on iommu deferred attach (git-fixes). - iommu/dma: fix iova map result check bug (git-fixes). - iommu/dma: return error code from iommu_dma_map_sg() (git-fixes). - iommu/fsl_pamu: fix resource leak in fsl_pamu_probe() (git-fixes). - iommu/io-pgtable-arm-v7s: add a quirk to allow pgtable pa up to 35bit (git-fixes). - iommu/iova: fix module config properly (git-fixes). - iommu/omap: fix buffer overflow in debugfs (git-fixes). - iommu/rockchip: fix permission bits in page table entries v2 (git-fixes). - iommu/sun50i: consider all fault sources for reset (git-fixes). - iommu/sun50i: fix flush size (git-fixes). - iommu/sun50i: fix r/w permission check (git-fixes). - iommu/sun50i: fix reset release (git-fixes). - iommu/sun50i: implement .iotlb_sync_map (git-fixes). - iommu/sun50i: remove iommu_domain_identity (git-fixes). - iommu/vt-d: add rpls to quirk list to skip te disabling (git-fixes). - iommu/vt-d: check correct capability for sagaw determination (git-fixes). - iommu/vt-d: clean up si_domain in the init_dmars() error path (git-fixes). - iommu/vt-d: correctly calculate sagaw value of iommu (git-fixes). - iommu/vt-d: fix kdump kernels boot failure with scalable mode (git-fixes). - iommu/vt-d: fix pci device refcount leak in dmar_dev_scope_init() (git-fixes). - iommu/vt-d: fix pci device refcount leak in has_external_pci() (git-fixes). - iommu/vt-d: preset access bit for iova in fl non-leaf paging entries (git-fixes). - iommu/vt-d: set sre bit only when hardware has srs cap (git-fixes). - ipmi:ssif: add check for kstrdup (git-fixes). - ipmi:ssif: fix a memory leak when scanning for an adapter (git-fixes). - ipmi_si: fix a memleak in try_smi_init() (git-fixes). - jffs2: correct logic when creating a hole in jffs2_write_begin (git-fixes). - kabi/severities: ignore newly added srso mitigation functions - kabi: allow extra bugsints (bsc#1213927). - kbuild: add -wno-shift-negative-value where -wextra is used (bsc#1214756). - kbuild: move to -std=gnu11 (bsc#1214756). - kernel-binary: common dependencies cleanup common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there. - kernel-binary: drop code for kerntypes support kerntypes was a suse-specific feature dropped before sle 12. - kunit: make kunit_test_timeout compatible with comment (git-fixes). - kvm: s390: fix sthyi error handling (git-fixes bsc#1214370). - leds: fix bug_on check for led_color_id_multi that is always false (git-fixes). - leds: multicolor: use rounded division when calculating color components (git-fixes). - leds: pwm: fix error code in led_pwm_create_fwnode() (git-fixes). - leds: trigger: tty: do not use led_on/off constants, use led_blink_set_oneshot instead (git-fixes). - leds: turris-omnia: drop unnecessary mutex locking (git-fixes). - lib/test_meminit: allocate pages up to order max_order (git-fixes). - lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test (git-fixes). - libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393). - md/raid0: factor out helper for mapping and submitting a bio (bsc#1213916). - md/raid0: fix performance regression for large sequential writes (bsc#1213916). - media: ad5820: drop unsupported ad5823 from i2c_ and of_device_id tables (git-fixes). - media: cx24120: add retval check for cx24120_message_send() (git-fixes). - media: dib7000p: fix potential division by zero (git-fixes). - media: dvb-usb: m920x: fix a potential memory leak in m920x_i2c_xfer() (git-fixes). - media: go7007: remove redundant if statement (git-fixes). - media: i2c: ccs: check rules is non-null (git-fixes). - media: i2c: rdacm21: fix uninitialized value (git-fixes). - media: i2c: tvp5150: check return value of devm_kasprintf() (git-fixes). - media: ov2680: add ov2680_fill_format() helper function (git-fixes). - media: ov2680: do not take the lock for try_fmt calls (git-fixes). - media: ov2680: fix ov2680_bayer_order() (git-fixes). - media: ov2680: fix ov2680_set_fmt() which == v4l2_subdev_format_try not working (git-fixes). - media: ov2680: fix regulators being left enabled on ov2680_power_on() errors (git-fixes). - media: ov2680: fix vflip / hflip set functions (git-fixes). - media: ov2680: remove video_v4l2_subdev_api ifdef-s (git-fixes). - media: ov5640: enable mipi interface in ov5640_set_power_mipi() (git-fixes). - media: rkvdec: increase max supported height for h.264 (git-fixes). - media: v4l2-core: fix a potential resource leak in v4l2_fwnode_parse_link() (git-fixes). - media: v4l2-mem2mem: add lock to protect parameter num_rdy (git-fixes). - media: venus: hfi_venus: only consider sys_idle_indicator on v1 (git-fixes). - media: venus: hfi_venus: write to vidc_ctrl_init after unmasking interrupts (git-fixes). - misc: rtsx: judge aspm mode to set petxcfg reg (git-fixes). - mkspec: allow unsupported kmps (bsc#1214386) - mlxsw: pci: add shutdown method in pci driver (git-fixes). - mmc: block: fix in_flight[issue_type] value error (git-fixes). - mmc: moxart: read scr register without changing byte order (git-fixes). - mmc: wbsd: fix double mmc_free_host() in wbsd_init() (git-fixes). - module: avoid allocation if module is already present and ready (bsc#1213921). - module: extract patient module check into helper (bsc#1213921). - module: move check_modinfo() early to early_mod_check() (bsc#1213921). - module: move early sanity checks into a helper (bsc#1213921). - move upstreamed hid patch into sorted section - move upstreamed powerpc patches into sorted section - mtd: rawnand: brcmnand: fix crash during the panic_write (git-fixes). - mtd: rawnand: brcmnand: fix mtd oobsize (git-fixes). - mtd: rawnand: brcmnand: fix potential false time out warning (git-fixes). - mtd: rawnand: brcmnand: fix potential out-of-bounds access in oob write (git-fixes). - mtd: rawnand: fsl_upm: fix an off-by one test in fun_exec_op() (git-fixes). - mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() (git-fixes). - mtd: rawnand: omap_elm: fix incorrect type in assignment (git-fixes). - mtd: rawnand: rockchip: align hwecc vs. raw page helper layouts (git-fixes). - mtd: rawnand: rockchip: fix oobfree offset and description (git-fixes). - mtd: spi-nor: check bus width while setting qe bit (git-fixes). - mtd: spinand: toshiba: fix ecc_get_status (git-fixes). - n_tty: rename tail to old_tail in n_tty_read() (git-fixes). - net: hns3: fix wrong bw weight of disabled tc issue (git-fixes). - net: ieee802154: at86rf230: stop leaking skb's (git-fixes). - net: mana: fix mana vf unload when hardware is unresponsive (git-fixes). - net: phy: at803x: remove set/get wol callbacks for ar8032 (git-fixes). - net: phy: broadcom: stub c45 read/write for 54810 (git-fixes). - net: phy: fix irq-based wake-on-lan over hibernate / power off (git-fixes). - net: usb: lan78xx: reorder cleanup operations to avoid uaf bugs (git-fixes). - net: usbnet: fix warning in usbnet_start_xmit/usb_submit_urb (git-fixes). - netfs: fix lockdep warning from taking sb_writers whilst holding mmap_lock (bsc#1214742). - netfs: fix missing xas_retry() calls in xarray iteration (bsc#1213946). - netfs: fix parameter of cleanup() (bsc#1214743). - nfsd: remove incorrect check in nfsd4_validate_stateid (git-fixes). - nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (git-fixes). - nilfs2: fix warning in mark_buffer_dirty due to discarded buffer reuse (git-fixes). - nvme-rdma: fix potential unbalanced freeze & unfreeze (bsc#1208902). - nvme-tcp: fix potential unbalanced freeze & unfreeze (bsc#1208902). - objtool/x86: fix srso mess (git-fixes). - objtool/x86: fixup frame-pointer vs rethunk (git-fixes). - objtool: union instruction::{call_dest,jump_table} (git-fixes). - old-flavors: drop 2.6 kernels. 2.6 based kernels are eol, upgrading from them is no longer suported. - pci/aspm: avoid link retraining race (git-fixes). - pci/aspm: factor out pcie_wait_for_retrain() (git-fixes). - pci/aspm: return 0 or -etimedout from pcie_retrain_link() (git-fixes). - pci: acpiphp: reassign resources on bridge if necessary (git-fixes). - pci: acpiphp: use pci_assign_unassigned_bridge_resources() only for non-root bus (git-fixes). - pci: mark nvidia t4 gpus to avoid bus reset (git-fixes). - pci: meson: remove cast between incompatible function type (git-fixes). - pci: microchip: correct the ded and sec interrupt bit offsets (git-fixes). - pci: microchip: remove cast between incompatible function type (git-fixes). - pci: pciehp: use rmw accessors for changing lnkctl (git-fixes). - pci: rockchip: remove writes to unused registers (git-fixes). - pci: s390: fix use-after-free of pci resources with per-function hotplug (git-fixes). - pci: tegra194: fix possible array out of bounds access (git-fixes). - pcmcia: rsrc_nonstatic: fix memory leak in nonstatic_release_resource_db() (git-fixes). - phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write (git-fixes). - phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate (git-fixes). - phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 (git-fixes). - phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend (git-fixes). - phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes). - phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc (git-fixes). - phy: qcom-snps: use dev_err_probe() to simplify code (git-fixes). - pinctrl: cherryview: fix address_space_handler() argument (git-fixes). - pinctrl: mcp23s08: check return value of devm_kasprintf() (git-fixes). - pinctrl: renesas: rza2: add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function} (git-fixes). - platform/x86: dell-sysman: fix reference leak (git-fixes). - pm / devfreq: fix leak in devfreq_dev_release() (git-fixes). - powerpc/64e: fix kexec build error (bsc#1212091 ltc#199106). - powerpc/iommu: do not set failed sg dma_address to dma_mapping_error (bsc#1212091 ltc#199106). - powerpc/iommu: fix iommu_table_in_use for a small default dma window case (bsc#1212091 ltc#199106). - powerpc/iommu: incorrect ddw table is referenced for sr-iov device (bsc#1212091 ltc#199106). - powerpc/iommu: return error code from .map_sg() ops (bsc#1212091 ltc#199106). - powerpc/iommu: tces are incorrectly manipulated with dlpar add/remove of memory (bsc#1212091 ltc#199106). - powerpc/kernel/iommu: add new iommu_table_in_use() helper (bsc#1212091 ltc#199106). - powerpc/kexec: fix build failure from uninitialised variable (bsc#1212091 ltc#199106). - powerpc/mm/altmap: fix altmap boundary check (bsc#1120059 git-fixes). - powerpc/pseries/ddw: do not try direct mapping with persistent memory and one window (bsc#1212091 ltc#199106). - powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: add ddw_list_new_entry() helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: add ddw_property_create() and refactor enable_ddw() (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: add iommu_pseries_alloc_table() helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: add of_node_put() before break (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: allow ddw windows starting at 0x00 (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: check if the default window in use before removing it (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: create huge dma window if no mmio32 is present (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: find existing ddw with given property name (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: make use of ddw for indirect mapping (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: print ibm,query-pe-dma-windows parameters (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: rename 'direct window' to 'dma window' (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: reorganize iommu_table_setparms*() with new helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: replace hard-coded page shift (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: update remove_dma_window() to accept property name (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: use correct vfree for it_map (bsc#1212091 ltc#199106). - powerpc/pseries: add __init attribute to eligible functions (bsc#1212091 ltc#199106). - powerpc/pseries: honour current smt state when dlpar onlining cpus (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - powerpc/pseries: initialise cpu hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - powerpc/rtas: block error injection when locked down (bsc#1023051). - powerpc/rtas: enture rtas_call is called with mmu enabled (bsc#1023051). - powerpc/rtas_flash: allow user copy to flash block cache objects (bsc#1194869). - powerpc/security: fix speculation_store_bypass reporting on power10 (bsc#1188885 ltc#193722 git-fixes). - powerpc: add hotplug_smt support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). update config files. - powerpc: fix typos in comments (bsc#1212091 ltc#199106). - powerpc: move dma64_propname define to a header (bsc#1214297 ltc#197503). - pseries/iommu/ddw: fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503). - pstore/ram: check start of empty przs during init (git-fixes). - pwm: add a stub for devm_pwmchip_add() (git-fixes). - pwm: meson: fix handling of period/duty if greater than uint_max (git-fixes). - pwm: meson: simplify duplicated per-channel tracking (git-fixes). - qed: fix scheduling in a tasklet while getting stats (git-fixes). - rdma/bnxt_re: fix error handling in probe failure path (git-fixes) - rdma/bnxt_re: fix max_qp count for virtual functions (git-fixes) - rdma/efa: fix wrong resources deallocation order (git-fixes) - rdma/hns: fix cq and qp cache affinity (git-fixes) - rdma/hns: fix incorrect post-send with direct wqe of wr-list (git-fixes) - rdma/hns: fix port active speed (git-fixes) - rdma/irdma: prevent zero-length stag registration (git-fixes) - rdma/irdma: replace one-element array with flexible-array member (git-fixes) - rdma/mlx5: return the firmware result upon destroying qp/rq (git-fixes) - rdma/qedr: remove a duplicate assignment in irdma_query_ah() (git-fixes) - rdma/siw: balance the reference of cep->kref in the error path (git-fixes) - rdma/siw: correct wrong debug message (git-fixes) - rdma/umem: set iova in odp flow (git-fixes) - readme.branch: add miroslav franc as a sle15-sp4 co-maintainer. - regmap: rbtree: use alloc_flags for memory allocations (git-fixes). - revert 'ib/isert: fix incorrect release of isert connection' (git-fixes) - revert 'tracing: add '(fault)' name injection to kernel probes' (git-fixes). - ring-buffer: do not swap cpu_buffer during resize process (git-fixes). - ring-buffer: fix deadloop issue on reading trace_pipe (git-fixes). - ring-buffer: fix wrong stat of cpu_buffer->read (git-fixes). - rpmsg: glink: add check for kstrdup (git-fixes). - s390/purgatory: disable branch profiling (git-fixes bsc#1214372). - sched/fair: fix inaccurate tally of ttwu_move_affine (git fixes). - sched/fair: use recent_used_cpu to test p->cpus_ptr (git fixes). - sched/psi: use kernfs polling functions for psi trigger polling (bsc#1209799). - scsi: bsg: increase number of devices (bsc#1210048). - scsi: core: do not wait for quiesce in scsi_device_block() (bsc#1209284). - scsi: core: do not wait for quiesce in scsi_stop_queue() (bsc#1209284). - scsi: core: improve warning message in scsi_device_block() (bsc#1209284). - scsi: core: merge scsi_internal_device_block() and device_block() (bsc#1209284). - scsi: rdma/srp: fix residual handling (git-fixes) - scsi: sg: increase number of devices (bsc#1210048). - scsi: storvsc: always set no_report_opcodes (git-fixes). - scsi: storvsc: fix handling of virtual fibre channel timeouts (git-fixes). - scsi: storvsc: handle srb status value 0x30 (git-fixes). - scsi: storvsc: limit max_sectors for virtual fibre channel devices (git-fixes). - scsi: zfcp: defer fc_rport blocking until after adisc response (git-fixes bsc#1214371). - selftests/futex: order calls to futex_lock_pi (git-fixes). - selftests/harness: actually report skip for signal tests (git-fixes). - selftests/resctrl: close perf value read fd on errors (git-fixes). - selftests/resctrl: do not leak buffer in fill_cache() (git-fixes). - selftests/resctrl: unmount resctrl fs if child fails to run benchmark (git-fixes). - selftests/rseq: check if libc rseq support is registered (git-fixes). - selftests: forwarding: add a helper to skip test when using veth pairs (git-fixes). - selftests: forwarding: ethtool: skip when using veth pairs (git-fixes). - selftests: forwarding: ethtool_extended_state: skip when using veth pairs (git-fixes). - selftests: forwarding: skip test when no interfaces are specified (git-fixes). - selftests: forwarding: switch off timeout (git-fixes). - selftests: forwarding: tc_actions: cleanup temporary files when test is aborted (git-fixes). - selftests: forwarding: tc_actions: use ncat instead of nc (git-fixes). - selftests: forwarding: tc_flower: relax success criterion (git-fixes). - selftests: mirror_gre_changes: tighten up the ttl test match (git-fixes). - serial: sc16is7xx: fix broken port 0 uart init (git-fixes). - serial: sc16is7xx: fix bug when first setting gpio direction (git-fixes). - serial: sprd: assign sprd_port after initialized to avoid wrong access (git-fixes). - serial: sprd: fix dma buffer leak issue (git-fixes). - serial: tegra: handle clk prepare error in tegra_uart_hw_init() (git-fixes). - sfc: fix crash when reading stats while nic is resetting (git-fixes). - smb3: do not send lease break acknowledgment if all file handles have been closed (git-fixes). - smb3: do not set ntlmssp_version flag for negotiate not auth request (bsc#1193629). - smb: client: fix -wstringop-overflow issues (bsc#1193629). - smb: client: fix dfs link mount against w2k8 (bsc#1212142). - smb: client: fix null auth (git-fixes). - soc: aspeed: socinfo: add kfree for kstrdup (git-fixes). - soundwire: bus: pm_runtime_request_resume on peripheral attachment (git-fixes). - soundwire: fix enumeration completion (git-fixes). - spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (git-fixes). - supported.conf: fix typos for -!optional markers - target: compare and write backend driver sense handling (bsc#1177719 bsc#1213026). - target_core_rbd: fix leak and reduce kmalloc calls (bsc#1212873). - target_core_rbd: fix rbd_img_request.snap_id assignment (bsc#1212857). - target_core_rbd: remove snapshot existence validation code (bsc#1212857). - thunderbolt: read retimer nvm authentication status prior tb_retimer_set_inbound_sbtx() (git-fixes). - timers: add shutdown mechanism to the internal functions (bsc#1213970). - timers: provide timer_shutdown[_sync]() (bsc#1213970). - timers: rename del_timer() to timer_delete() (bsc#1213970). - timers: rename del_timer_sync() to timer_delete_sync() (bsc#1213970). - timers: replace bug_on()s (bsc#1213970). - timers: silently ignore timers with a null function (bsc#1213970). - timers: split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970). - timers: update kernel-doc for various functions (bsc#1213970). - timers: use del_timer_sync() even on up (bsc#1213970). - tracing/histograms: add histograms to hist_vars if they have referenced variables (git-fixes). - tracing/histograms: return an error if we fail to add histogram to hist_vars list (git-fixes). - tracing/probes: fix not to count error code to total length (git-fixes). - tracing/probes: fix to avoid double count of the string length on the array (git-fixes). - tracing/probes: fix to record 0-length data_loc in fetch_store_string*() if fails (git-fixes). - tracing: fix cpu buffers unavailable due to 'record_disabled' missed (git-fixes). - tracing: fix memleak due to race between current_tracer and trace (git-fixes). - tracing: fix memory leak of iter->temp when reading trace_pipe (git-fixes). - tracing: fix null pointer dereference in tracing_err_log_open() (git-fixes). - tracing: fix warning in trace_buffered_event_disable() (git-fixes). - tty: fix hang on tty device with no_room set (git-fixes). - tty: n_gsm: fix the uaf caused by race condition in gsm_cleanup_mux (git-fixes). - tty: serial: fsl_lpuart: add i.mxrt1050 support (git-fixes). - tty: serial: fsl_lpuart: clear the error flags by writing 1 for lpuart32 platforms (git-fixes). - tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms (git-fixes). - tty: serial: fsl_lpuart: reduce rx watermark to 0 on ls1028a (git-fixes). - ubifs: fix memleak when insert_old_idx() failed (git-fixes). - update cpufreq-intel_pstate-fix-cpu-pstate.turbo_freq-initi (git-fixes bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - usb-storage: alauda: fix uninit-value in alauda_check_media() (git-fixes). - usb: chipidea: imx: add missing usb phy dpdm wakeup setting (git-fixes). - usb: chipidea: imx: do not request qos for imx8ulp (git-fixes). - usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 (git-fixes). - usb: common: usb-conn-gpio: prevent bailing out if initial role is none (git-fixes). - usb: dwc3: fix typos in gadget.c (git-fixes). - usb: dwc3: meson-g12a: do post init to fix broken usb after resumption (git-fixes). - usb: dwc3: properly handle processing of pending events (git-fixes). - usb: gadget: f_mass_storage: fix unused variable warning (git-fixes). - usb: gadget: fix the memory leak in raw_gadget driver (git-fixes). - usb: gadget: u_serial: avoid spinlock recursion in __gs_console_push (git-fixes). - usb: ohci-at91: fix the unhandle interrupt when resume (git-fixes). - usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (git-fixes). - usb: quirks: add quirk for focusrite scarlett (git-fixes). - usb: serial: option: add quectel ec200a module support (git-fixes). - usb: serial: option: support quectel em060k_128 (git-fixes). - usb: serial: simple: add kaufmann rks+can vcp (git-fixes). - usb: serial: simple: sort driver entries (git-fixes). - usb: typec: altmodes/displayport: signal hpd when configuring pin assignment (git-fixes). - usb: typec: tcpm: fix response to vsafe0v event (git-fixes). - usb: typec: tcpm: set initial svdm version based on pd revision (git-fixes). - usb: zaurus: add id for a-300/b-500/c-700 (git-fixes). - watchdog: sp5100_tco: support hygon fch/sch (server controller hub) (git-fixes). - wifi: ath10k: use rmw accessors for changing lnkctl (git-fixes). - wifi: ath11k: use rmw accessors for changing lnkctl (git-fixes). - wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx (git-fixes). - wifi: ath9k: protect wmi command response buffer replacement with a lock (git-fixes). - wifi: ath9k: use is_err() with debugfs_create_dir() (git-fixes). - wifi: cfg80211: fix return value in scan logic (git-fixes). - wifi: cfg80211: fix sband iftype data lookup for ap_vlan (git-fixes). - wifi: mt76: mt7615: do not advertise 5 ghz on first phy of mt7615d (dbdc) (git-fixes). - wifi: mt76: mt7915: fix power-limits while chan_switch (git-fixes). - wifi: mt76: mt7921: do not support one stream on secondary antenna only (git-fixes). - wifi: mt76: testmode: add nla_policy for mt76_tm_attr_tx_length (git-fixes). - wifi: mwifiex: avoid possible null skb pointer dereference (git-fixes). - wifi: mwifiex: fix error recovery in pcie buffer descriptor management (git-fixes). - wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (git-fixes). - wifi: mwifiex: fix missed return in oob checks failed path (git-fixes). - wifi: mwifiex: fix oob and integer underflow when rx packets (git-fixes). - wifi: nl80211/cfg80211: add forgotten nla_policy for bss color attribute (git-fixes). - wifi: radiotap: fix kernel-doc notation warnings (git-fixes). - wifi: rtw89: debug: fix error handling in rtw89_debug_priv_btc_manual_set() (git-fixes). - x86/alternative: make custom return thunk unconditional (git-fixes). - x86/cpu/amd: disable xsaves on amd family 0x17 (git-fixes). - x86/cpu/kvm: provide untrain_ret_vm (git-fixes). - x86/cpu: clean up srso return thunk mess (git-fixes). - x86/cpu: cleanup the untrain mess (git-fixes). - x86/cpu: fix __x86_return_thunk symbol type (git-fixes). - x86/cpu: fix up srso_safe_ret() and __x86_return_thunk() (git-fixes). - x86/cpu: rename original retbleed methods (git-fixes). - x86/cpu: rename srso_(.*)_alias to srso_alias_\1 (git-fixes). - x86/mce: make sure logged mces are processed after sysfs update (git-fixes). - x86/retpoline,kprobes: fix position of thunk sections with config_lto_clang (git-fixes). - x86/retpoline,kprobes: skip optprobe check for indirect jumps with retpolines and ibt (git-fixes). - x86/retpoline: do not clobber rflags during srso_safe_ret() (git-fixes). - x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635). - x86/speculation: add cpu_show_gds() prototype (git-fixes). - x86/speculation: mark all skylake cpus as vulnerable to gds (git-fixes). - x86/srso: correct the mitigation status when smt is disabled (git-fixes). - x86/srso: disable the mitigation on unaffected configurations (git-fixes). - x86/srso: explain the untraining sequences a bit more (git-fixes). - x86/srso: fix build breakage with the llvm linker (git-fixes). - x86/srso: fix return thunks in generated code (git-fixes). - x86/static_call: fix __static_call_fixup() (git-fixes). - xfs: fix sb write verify for lazysbcount (bsc#1214661). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3973-1 Released: Thu Oct 5 10:14:49 2023 Summary: Recommended update for zypper Type: recommended Severity: moderate References: 1213854,1214292,1214395,1215007 This update for zypper fixes the following issues: - Fix name of the bash completion script (bsc#1215007) - Update notes about failing signature checks (bsc#1214395) - Improve the SIGINT handler to be signal safe (bsc#1214292) - Update to version 1.14.64 - Changed location of bash completion script (bsc#1213854). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3986-1 Released: Thu Oct 5 14:07:58 2023 Summary: Recommended update for suse-module-tools Type: recommended Severity: important References: 1201066,1213428 This update for suse-module-tools fixes the following issues: - Update to version 15.4.17: * cert-script: warn only once about non-writable efivarfs * cert-script: skip cert handling if efivarfs is not writable (bsc#1213428, bsc#1201066) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4055-1 Released: Thu Oct 12 09:50:39 2023 Summary: Security update for xen Type: security Severity: important References: 1215744,1215746,1215747,1215748,CVE-2023-34323,CVE-2023-34325,CVE-2023-34326,CVE-2023-34327,CVE-2023-34328 This update for xen fixes the following issues: - CVE-2023-34323: A transaction conflict can crash C Xenstored (XSA-440, bsc#1215744) - CVE-2023-34326: Missing IOMMU TLB flushing (XSA-442, bsc#1215746) - CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling (XSA-443, bsc#1215747) - CVE-2023-34327: Debug Mask handling (XSA-444, bsc#1215748) - CVE-2023-34328: Debug Mask handling (XSA-444, bsc#1215748) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4059-1 Released: Thu Oct 12 10:01:24 2023 Summary: Security update for samba Type: security Severity: important References: 1213940,1215904,1215905,1215908,CVE-2023-4091,CVE-2023-4154,CVE-2023-42669 This update for samba fixes the following issues: - CVE-2023-4091: Fixed a bug where a client can truncate file with read-only permissions. (bsc#1215904) - CVE-2023-42669: Fixed a bug in 'rpcecho' development server which allows Denial of Service via sleep() call on AD DC. (bso#1215905) - CVE-2023-4154: Fixed a bug in dirsync which allows SYSTEM access with only 'GUID_DRS_GET_CHANGES' right. (bsc#1215908) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4072-1 Released: Fri Oct 13 10:43:00 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1202845,1213808,1214928,1214940,1214941,1214942,1214943,1214944,1214950,1214951,1214954,1214957,1214986,1214988,1214992,1214993,1215322,1215877,1215894,1215895,1215896,1215911,1215915,1215916,CVE-2023-1192,CVE-2023-1206,CVE-2023-1859,CVE-2023-2177,CVE-2023-39192,CVE-2023-39193,CVE-2023-39194,CVE-2023-4155,CVE-2023-42753,CVE-2023-42754,CVE-2023-4389,CVE-2023-4563,CVE-2023-4622,CVE-2023-4623,CVE-2023-4881,CVE-2023-4921,CVE-2023-5345 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-4563: Fixed an use-after-free flaw in the nftables sub-component. This vulnerability could allow a local attacker to crash the system or lead to a kernel information leak problem. (bsc#1214727) - CVE-2023-39194: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215861) - CVE-2023-39193: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215860) - CVE-2023-39192: Fixed a flaw in the u32_match_it function which could allow a local attackers to disclose sensitive information. (bsc#1215858) - CVE-2023-42754: Fixed a null pointer dereference in ipv4_link_failure which could lead an authenticated attacker to trigger a DoS. (bsc#1215467) - CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215899) - CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages. (bsc#1214022) - CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351). - CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150). - CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703). - CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275). - CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117). - CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). - CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169). - CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). - CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system (bsc#1210643). - CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995). The following non-security bugs were fixed: - ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs (git-fixes). - ALSA: hda/realtek: Splitting the UX3402 into two separate models (git-fixes). - ARM: pxa: remove use of symbol_get() (git-fixes). - arm64: csum: Fix OoB access in IP checksum code for negative lengths (git-fixes). - arm64: module-plts: inline linux/moduleloader.h (git-fixes) - arm64: module: Use module_init_layout_section() to spot init sections (git-fixes) - arm64: sdei: abort running SDEI handlers during crash (git-fixes) - arm64: tegra: Update AHUB clock parent and rate (git-fixes) - arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git-fixes) - ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes). - ASoC: meson: spdifin: start hw on dai probe (git-fixes). - ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes). - ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes). - ata: libata: disallow dev-initiated LPM transitions to unsupported states (git-fixes). - ata: pata_falcon: fix IO base selection for Q40 (git-fixes). - ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes). - ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes). - backlight: gpio_backlight: Drop output GPIO direction check for initial power state (git-fixes). - blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986). - blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992). - block/mq-deadline: use correct way to throttling write requests (bsc#1214993). - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (git-fixes). - bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322). - bpf: Clear the probe_addr for uprobe (git-fixes). - btrfs: do not hold CPU for too long when defragging a file (bsc#1214988). - drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (git-fixes). - drm/amd/display: fix the white screen issue when >= 64GB DRAM (git-fixes). - drm/amd/display: prevent potential division by zero errors (git-fixes). - drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808). - drm/i915: mark requests for GuC virtual engines to avoid use-after-free (git-fixes). - drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (git-fixes). - drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes). - drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes). - ext4: avoid potential data overflow in next_linear_group (bsc#1214951). - ext4: correct inline offset when handling xattrs in inode body (bsc#1214950). - ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954). - ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943). - ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944). - ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942). - ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941). - ext4: Remove ext4 locking of moved directory (bsc#1214957). - ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940). - fs: do not update freeing inode i_io_list (bsc#1214813). - fs: Establish locking order for unrelated directories (bsc#1214958). - fs: Lock moved directories (bsc#1214959). - fs: lockd: avoid possible wrong NULL parameter (git-fixes). - fs: no need to check source (bsc#1215752). - fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE (bsc#1214813). - fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581). - gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479). - gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479). - gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479). - gve: Changes to add new TX queues (bsc#1214479). - gve: Control path for DQO-QPL (bsc#1214479). - gve: fix frag_list chaining (bsc#1214479). - gve: Fix gve interrupt names (bsc#1214479). - gve: RX path for DQO-QPL (bsc#1214479). - gve: trivial spell fix Recive to Receive (bsc#1214479). - gve: Tx path for DQO-QPL (bsc#1214479). - gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479). - gve: use vmalloc_array and vcalloc (bsc#1214479). - gve: XDP support GQI-QPL: helper function changes (bsc#1214479). - hwrng: virtio - add an internal buffer (git-fixes). - hwrng: virtio - always add a pending request (git-fixes). - hwrng: virtio - do not wait on cleanup (git-fixes). - hwrng: virtio - do not waste entropy (git-fixes). - hwrng: virtio - Fix race on data_avail and actual data (git-fixes). - i2c: aspeed: Reset the i2c controller when timeout occurs (git-fixes). - i3c: master: svc: fix probe failure when no i3c device exist (git-fixes). - idr: fix param name in idr_alloc_cyclic() doc (git-fixes). - Input: tca6416-keypad - fix interrupt enable disbalance (git-fixes). - iommu/virtio: Detach domain on endpoint release (git-fixes). - jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953). - jbd2: correct the end of the journal recovery scan range (bsc#1214955). - jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949). - jbd2: fix checkpoint cleanup performance regression (bsc#1214952). - jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948). - jbd2: recheck chechpointing non-dirty buffer (bsc#1214945). - jbd2: remove journal_clean_one_cp_list() (bsc#1214947). - jbd2: remove t_checkpoint_io_list (bsc#1214946). - jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946). - kabi/severities: ignore mlx4 internal symbols - kconfig: fix possible buffer overflow (git-fixes). - kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template. - kernel-binary: python3 is needed for build At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar scripts may exist. - kselftest/runner.sh: Propagate SIGTERM to runner child (git-fixes). - KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915). - KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896). - KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916). - KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894). - KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895). - KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911). - KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-fixes). - KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes). - KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes). - KVM: x86/mmu: Include mmu.h in spte.h (git-fixes). - loop: Fix use-after-free issues (bsc#1214991). - loop: loop_set_status_from_info() check before assignment (bsc#1214990). - mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (bsc#1187236). - mlx4: Connect the ethernet part to the auxiliary bus (bsc#1187236). - mlx4: Connect the infiniband part to the auxiliary bus (bsc#1187236). - mlx4: Delete custom device management logic (bsc#1187236). - mlx4: Get rid of the mlx4_interface.activate callback (bsc#1187236). - mlx4: Get rid of the mlx4_interface.get_dev callback (bsc#1187236). - mlx4: Move the bond work to the core driver (bsc#1187236). - mlx4: Register mlx4 devices to an auxiliary virtual bus (bsc#1187236). - mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236). - mlx4: Replace the mlx4_interface.event callback with a notifier (bsc#1187236). - mlx4: Use 'void *' as the event param of mlx4_dispatch_event() (bsc#1187236). - module: Expose module_init_layout_section() (git-fixes) - net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes). - net: mana: Add page pool for RX buffers (bsc#1214040). - net: mana: Configure hwc timeout from hardware (bsc#1214037). - net: phy: micrel: Correct bit assignments for phy_device flags (git-fixes). - net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes). - net/mlx4: Remove many unnecessary NULL values (bsc#1187236). - NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git-fixes). - NFS/blocklayout: Use the passed in gfp flags (git-fixes). - NFS/pNFS: Fix assignment of xprtdata.cred (git-fixes). - NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes). - NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes). - NFSD: fix change_info in NFSv4 RENAME replies (git-fixes). - NFSD: Fix race to FREE_STATEID and cl_revoked (git-fixes). - NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes). - NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes). - NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes). - NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes). - NFSv4/pNFS: minor fix for cleanup path in nfs4_get_device_info (git-fixes). - ntb: Clean up tx tail index on link down (git-fixes). - ntb: Drop packets when qp link is down (git-fixes). - ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes). - nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543). - nvme-tcp: add recovery_delay to sysfs (bsc#1201284). - nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284). - nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284). - nvme-tcp: make 'err_work' a delayed work (bsc#1201284). - PCI: Free released resource after coalescing (git-fixes). - platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (git-fixes). - platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (git-fixes). - platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes). - platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors (git-fixes). - platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git-fixes). - platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes). - platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes). - platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes). - powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582). - powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729). - powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051). - powerpc/xics: Remove unnecessary endian conversion (bsc#1065729). - printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875). - pwm: lpc32xx: Remove handling of PWM channels (git-fixes). - quota: add new helper dquot_active() (bsc#1214998). - quota: factor out dquot_write_dquot() (bsc#1214995). - quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963). - quota: fix warning in dqgrab() (bsc#1214962). - quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961). - quota: rename dquot_active() to inode_quota_active() (bsc#1214997). - s390/qeth: Do not call dev_close/dev_open (DOWN/UP) (bsc#1214873 git-fixes). - s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215148). - scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes). - scsi: 53c700: Check that command slot is not NULL (git-fixes). - scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes). - scsi: core: Fix possible memory leak if device_add() fails (git-fixes). - scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes). - scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE (git-fixes). - scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes). - scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes). - scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (git-fixes). - scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes). - scsi: lpfc: Remove reftag check in DIF paths (git-fixes). - scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658). - scsi: qedf: Fix firmware halt over suspend and resume (git-fixes). - scsi: qedf: Fix NULL dereference in error handling (git-fixes). - scsi: qedi: Fix firmware halt over suspend and resume (git-fixes). - scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928). - scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928). - scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928). - scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928). - scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes). - scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928). - scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928). - scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928). - scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928). - scsi: qla2xxx: Remove unused declarations (bsc#1214928). - scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928). - scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928). - scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes). - scsi: scsi_debug: Remove dead code (git-fixes). - scsi: snic: Fix double free in snic_tgt_create() (git-fixes). - scsi: snic: Fix possible memory leak if device_add() fails (git-fixes). - scsi: storvsc: Handle additional SRB status values (git-fixes). - scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941). - selftests: tracing: Fix to unmount tracefs for recovering environment (git-fixes). - SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes). - tcpm: Avoid soft reset when partner does not support get_status (git-fixes). - tracing: Fix race issue between cpu buffer write and swap (git-fixes). - tracing: Remove extra space at the end of hwlat_detector/mode (git-fixes). - tracing: Remove unnecessary copying of tr->current_trace (git-fixes). - uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes). - udf: Fix extension of the last extent in the file (bsc#1214964). - udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965). - udf: Fix off-by-one error when discarding preallocation (bsc#1214966). - udf: Fix uninitialized array access for some pathnames (bsc#1214967). - uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes). - usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes). - usb: ehci: move new member has_ci_pec_bug into hole (git-fixes). - usb: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes). - usb: serial: option: add Quectel EM05G variant (0x030e) (git-fixes). - usb: typec: tcpci: clear the fault status bit (git-fixes). - usb: typec: tcpci: move tcpci.h to include/linux/usb/ (git-fixes). - vhost_vdpa: fix the crash in unmap a large memory (git-fixes). - vhost-scsi: unbreak any layout for response (git-fixes). - vhost: allow batching hint without size (git-fixes). - vhost: fix hung thread due to erroneous iotlb entries (git-fixes). - vhost: handle error while adding split ranges to iotlb (git-fixes). - virtio_net: add checking sq is full inside xdp xmit (git-fixes). - virtio_net: Fix probe failed when modprobe virtio_net (git-fixes). - virtio_net: reorder some funcs (git-fixes). - virtio_net: separate the logic of checking whether sq is full (git-fixes). - virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes). - virtio-mmio: do not break lifecycle of vm_dev (git-fixes). - virtio-net: fix race between set queues and probe (git-fixes). - virtio-net: set queues after driver_ok (git-fixes). - virtio-rng: make device ready before making request (git-fixes). - virtio: acknowledge all features before access (git-fixes). - vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582). - watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (git-fixes). - word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729). - x86/alternative: Fix race in try_get_desc() (git-fixes). - x86/boot/e820: Fix typo in e820.c comment (git-fixes). - x86/bugs: Reset speculation control settings on init (git-fixes). - x86/cpu: Add Lunar Lake M (git-fixes). - x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes). - x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git-fixes). - x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git-fixes). - x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes). - x86/ioapic: Do not return 0 from arch_dynirq_lower_bound() (git-fixes). - x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes). - x86/mce: Retrieve poison range from hardware (git-fixes). - x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes). - x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes). - x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes). - x86/purgatory: remove PGO flags (git-fixes). - x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git-fixes). - x86/reboot: Disable virtualization in an emergency if SVM is supported (git-fixes). - x86/resctl: fix scheduler confusion with 'current' (git-fixes). - x86/resctrl: Fix task CLOSID/RMID update race (git-fixes). - x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes). - x86/rtc: Remove __init for runtime functions (git-fixes). - x86/sgx: Reduce delay and interference of enclave release (git-fixes). - x86/srso: Do not probe microcode in a guest (git-fixes). - x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes). - x86/srso: Fix srso_show_state() side effect (git-fixes). - x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes). - x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes). - xen: remove a confusing comment on auto-translated guest I/O (git-fixes). - xprtrdma: Remap Receive buffers after a reconnect (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4108-1 Released: Wed Oct 18 11:51:12 2023 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1215968,CVE-2023-43804 This update for python-urllib3 fixes the following issues: - CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if the user manually set the corresponding header (bsc#1215968). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4122-1 Released: Thu Oct 19 08:24:34 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4135-1 Released: Thu Oct 19 14:14:23 2023 Summary: Security update for suse-module-tools Type: security Severity: important References: 1205767,1210335,CVE-2023-1829,CVE-2023-23559 This update for suse-module-tools fixes the following issues: - Updated to version 15.4.18: - CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier module (bsc#1210335). - CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules (bsc#1205767, jsc#PED-5731). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4138-1 Released: Thu Oct 19 17:15:38 2023 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: This update for systemd-rpm-macros fixes the following issues: - Switch to `systemd-hwdb` tool when updating the HW database. It's been introduced in systemd v219 and replaces the deprecated command `udevadm hwdb`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4139-1 Released: Fri Oct 20 10:06:58 2023 Summary: Recommended update for containerd, runc Type: recommended Severity: moderate References: 1215323 This update for containerd, runc fixes the following issues: runc was updated to v1.1.9. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.9 containerd was updated to containerd v1.7.7 for Docker v24.0.6-ce. Upstream release notes: - https://github.com/containerd/containerd/releases/tag/v1.7.7 - https://github.com/containerd/containerd/releases/tag/v1.7.6 bsc#1215323 - Add `Provides: cri-runtime` to use containerd as container runtime in Factory Kubernetes packages ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4140-1 Released: Fri Oct 20 11:34:03 2023 Summary: Security update for grub2 Type: security Severity: important References: 1201300,1215935,1215936,CVE-2023-4692,CVE-2023-4693 This update for grub2 fixes the following issues: Security fixes: - CVE-2023-4692: Fixed an out-of-bounds write at fs/ntfs.c which may lead to unsigned code execution. (bsc#1215935) - CVE-2023-4693: Fixed an out-of-bounds read at fs/ntfs.c which may lead to leak sensitive information. (bsc#1215936) Other fixes: - Fix a boot delay issue in PowerPC PXE boot (bsc#1201300) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:4194-1 Released: Wed Oct 25 11:01:41 2023 Summary: Feature update for python3 Type: feature Severity: low References: This feature update for python3 packages adds the following: - First batch of python3.11 modules (jsc#PED-68) - Rename sources of python3-kubernetes, python3-cryptography and python3-cryptography-vectors to accommodate the new 3.11 versions, this 3 packages have no code changes. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4217-1 Released: Thu Oct 26 12:20:27 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4225-1 Released: Fri Oct 27 11:02:14 2023 Summary: Security update for zchunk Type: security Severity: important References: 1216268,CVE-2023-46228 This update for zchunk fixes the following issues: - CVE-2023-46228: Fixed a handle overflow errors in malformed zchunk files. (bsc#1216268) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - containerd-ctr-1.7.7-150000.100.1 updated - containerd-1.7.7-150000.100.1 updated - curl-8.0.1-150400.5.32.1 updated - glibc-locale-base-2.31-150300.63.1 updated - glibc-locale-2.31-150300.63.1 updated - glibc-2.31-150300.63.1 updated - grub2-i386-pc-2.06-150400.11.38.1 updated - grub2-x86_64-efi-2.06-150400.11.38.1 updated - grub2-2.06-150400.11.38.1 updated - kernel-default-5.14.21-150400.24.92.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - libeconf0-0.5.2-150400.3.6.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libopenssl1_1-1.1.1l-150400.7.57.1 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libsystemd0-249.16-150400.8.35.5 updated - libudev1-249.16-150400.8.35.5 updated - libz1-1.2.11-150000.3.48.1 updated - libzck1-1.1.16-150400.3.7.1 updated - login_defs-4.8.1-150400.10.12.1 updated - openssl-1_1-1.1.1l-150400.7.57.1 updated - python3-cryptography-3.3.2-150400.20.3 updated - python3-ply-3.10-150000.3.5.1 updated - python3-urllib3-1.25.10-150300.4.6.1 updated - rpm-ndb-4.14.3-150400.59.3.1 updated - runc-1.1.9-150000.52.2 updated - samba-client-libs-4.15.13+git.691.3d3cea0641-150400.3.31.1 updated - shadow-4.8.1-150400.10.12.1 updated - suse-module-tools-15.4.18-150400.3.14.1 updated - systemd-rpm-macros-14-150000.7.36.1 updated - systemd-sysvinit-249.16-150400.8.35.5 updated - systemd-249.16-150400.8.35.5 updated - udev-249.16-150400.8.35.5 updated - vim-data-common-9.0.1894-150000.5.54.1 updated - vim-9.0.1894-150000.5.54.1 updated - xen-libs-4.16.5_06-150400.4.37.1 updated - zypper-1.14.64-150400.3.32.1 updated - samba-libs-4.15.13+git.663.9c654e06cdb-150400.3.28.1 removed From sle-updates at lists.suse.com Mon Oct 30 08:01:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Oct 2023 09:01:09 +0100 (CET) Subject: SUSE-IU-2023:775-1: Security update of suse-sles-15-sp4-chost-byos-v20231027-hvm-ssd-x86_64 Message-ID: <20231030080109.75A3EF417@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20231027-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:775-1 Image Tags : suse-sles-15-sp4-chost-byos-v20231027-hvm-ssd-x86_64:20231027 Image Release : Severity : important Type : security References : 1023051 1107342 1120059 1177719 1188885 1193629 1194869 1201066 1201300 1202845 1205462 1205767 1206480 1206684 1208902 1208949 1209233 1209284 1209799 1210048 1210335 1210448 1210557 1211078 1211427 1212091 1212101 1212142 1212475 1212526 1212857 1212873 1213026 1213123 1213428 1213546 1213580 1213601 1213666 1213757 1213759 1213808 1213854 1213915 1213916 1213921 1213927 1213940 1213946 1213968 1213970 1213971 1214000 1214019 1214052 1214120 1214149 1214180 1214238 1214285 1214292 1214297 1214299 1214350 1214368 1214370 1214371 1214372 1214380 1214386 1214392 1214393 1214395 1214397 1214428 1214451 1214460 1214635 1214659 1214661 1214729 1214742 1214743 1214756 1214806 1214922 1214924 1214925 1214928 1214940 1214941 1214942 1214943 1214944 1214950 1214951 1214954 1214957 1214986 1214988 1214992 1214993 1215004 1215006 1215007 1215033 1215215 1215286 1215313 1215322 1215323 1215434 1215522 1215523 1215552 1215553 1215713 1215744 1215746 1215747 1215748 1215877 1215888 1215889 1215891 1215894 1215895 1215896 1215904 1215905 1215908 1215911 1215915 1215916 1215935 1215936 1215968 1216123 1216174 1216268 1216378 CVE-2023-1192 CVE-2023-1206 CVE-2023-1829 CVE-2023-1859 CVE-2023-2007 CVE-2023-20588 CVE-2023-2177 CVE-2023-22652 CVE-2023-23559 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 CVE-2023-34319 CVE-2023-34323 CVE-2023-34325 CVE-2023-34326 CVE-2023-34327 CVE-2023-34328 CVE-2023-35945 CVE-2023-3610 CVE-2023-37453 CVE-2023-3772 CVE-2023-38545 CVE-2023-38546 CVE-2023-3863 CVE-2023-39192 CVE-2023-39193 CVE-2023-39194 CVE-2023-4039 CVE-2023-4091 CVE-2023-4128 CVE-2023-4133 CVE-2023-4134 CVE-2023-4147 CVE-2023-4154 CVE-2023-4155 CVE-2023-4194 CVE-2023-42669 CVE-2023-4273 CVE-2023-42753 CVE-2023-42754 CVE-2023-43804 CVE-2023-4387 CVE-2023-4389 CVE-2023-44487 CVE-2023-4459 CVE-2023-4563 CVE-2023-4569 CVE-2023-45853 CVE-2023-4622 CVE-2023-46228 CVE-2023-4623 CVE-2023-4641 CVE-2023-4692 CVE-2023-4693 CVE-2023-4733 CVE-2023-4734 CVE-2023-4735 CVE-2023-4738 CVE-2023-4752 CVE-2023-4781 CVE-2023-4813 CVE-2023-4881 CVE-2023-4921 CVE-2023-5345 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20231027-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3951-1 Released: Tue Oct 3 19:37:46 2023 Summary: Recommended update for python3-jmespath, python3-ply Type: recommended Severity: moderate References: 1209233 This update for python3-jmespath and python3-ply fixes the following issue: - the packages are required as dependencies for python3-salt, and were missing on aarch64 based SLE Micro flavors so far. There are no functional changes. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3952-1 Released: Tue Oct 3 20:06:23 2023 Summary: Security update for runc Type: security Severity: important References: 1212475 This update of runc fixes the following issues: - Update to runc v1.1.8. Upstream changelog is available from . - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3955-1 Released: Tue Oct 3 21:27:58 2023 Summary: Security update for vim Type: security Severity: important References: 1214922,1214924,1214925,1215004,1215006,1215033,CVE-2023-4733,CVE-2023-4734,CVE-2023-4735,CVE-2023-4738,CVE-2023-4752,CVE-2023-4781 This update for vim fixes the following issues: Security fixes: - CVE-2023-4733: Fixed use-after-free in function buflist_altfpos (bsc#1215004). - CVE-2023-4734: Fixed segmentation fault in function f_fullcommand (bsc#1214925). - CVE-2023-4735: Fixed out of bounds write in ops.c (bsc#1214924). - CVE-2023-4738: Fixed heap buffer overflow in vim_regsub_both (bsc#1214922). - CVE-2023-4752: Fixed heap use-after-free in function ins_compl_get_exp (bsc#1215006). - CVE-2023-4781: Fixed heap buffer overflow in function vim_regsub_both (bsc#1215033). Other fixes: - Update to version 9.0 with patch level 1894, for the complete list of changes see https://github.com/vim/vim/compare/v9.0.1443...v9.0.1894 - Use app icons generated from vimlogo.eps in the source tarball; add higher resolution icons of sizes 128x128, 256x256, and 512x512 as png sources ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3969-1 Released: Wed Oct 4 14:05:43 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1023051,1120059,1177719,1188885,1193629,1194869,1205462,1208902,1208949,1209284,1209799,1210048,1210448,1212091,1212142,1212526,1212857,1212873,1213026,1213123,1213546,1213580,1213601,1213666,1213757,1213759,1213916,1213921,1213927,1213946,1213968,1213970,1213971,1214000,1214019,1214120,1214149,1214180,1214238,1214285,1214297,1214299,1214350,1214368,1214370,1214371,1214372,1214380,1214386,1214392,1214393,1214397,1214428,1214451,1214635,1214659,1214661,1214729,1214742,1214743,1214756,1215522,1215523,1215552,1215553,CVE-2023-2007,CVE-2023-20588,CVE-2023-34319,CVE-2023-3610,CVE-2023-37453,CVE-2023-3772,CVE-2023-3863,CVE-2023-4128,CVE-2023-4133,CVE-2023-4134,CVE-2023-4147,CVE-2023-4194,CVE-2023-4273,CVE-2023-4387,CVE-2023-4459,CVE-2023-4569 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448). - CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927). - CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546). - CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580). - CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123). - CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666). - CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). - CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149). - CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970). - CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971). - CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968). - CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019). - CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120). - CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350). - CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451). - CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c (bsc#1214729). The following non-security bugs were fixed: - Drop amdgpu patch causing spamming (bsc#1215523) - acpi: processor: perflib: avoid updating frequency qos unnecessarily (git-fixes). - acpi: processor: perflib: use the 'no limit' frequency qos (git-fixes). - acpi: x86: s2idle: fix a logic error parsing amd constraints table (git-fixes). - alsa: ac97: fix possible error value of *rac97 (git-fixes). - alsa: hda/cs8409: support new dell dolphin variants (git-fixes). - alsa: hda/realtek - remodified 3k pull low procedure (git-fixes). - alsa: hda/realtek: add quirk for hp victus 16-d1xxx to enable mute led (git-fixes). - alsa: hda/realtek: add quirk for mute leds on hp envy x360 15-eu0xxx (git-fixes). - alsa: hda/realtek: add quirks for hp g11 laptops (git-fixes). - alsa: hda/realtek: switch dell oasis models to use spi (git-fixes). - alsa: pcm: fix missing fixup call in compat hw_refine ioctl (git-fixes). - alsa: usb-audio: add support for mythware xa001au capture and playback interfaces (git-fixes). - alsa: usb-audio: fix init call orders for uac1 (git-fixes). - alsa: ymfpci: fix the missing snd_card_free() call at probe error (git-fixes). - amba: bus: fix refcount leak (git-fixes). - arm64: dts: imx8mn-var-som: add missing pull-up for onboard phy reset pinmux (git-fixes). - arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (git-fixes). - arm64: dts: rockchip: disable hs400 for emmc on rock pi 4 (git-fixes). - arm: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix usb related warnings (git-fixes). - arm: dts: imx6sll: fixup of operating points (git-fixes). - arm: spear: do not use timer namespace for timer_shutdown() function (bsc#1213970). - asoc: lower 'no backend dais enabled for ... port' log severity (git-fixes). - asoc: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes). - asoc: rt5665: add missed regulator_bulk_disable (git-fixes). - asoc: sof: intel: fix soundwire/hdaudio mutual exclusion (git-fixes). - asoc: stac9766: fix build errors with regmap_ac97 (git-fixes). - asoc: tegra: fix sfc conversion for few rates (git-fixes). - audit: fix possible soft lockup in __audit_inode_child() (git-fixes). - backlight/bd6107: compare against struct fb_info.device (git-fixes). - backlight/gpio_backlight: compare against struct fb_info.device (git-fixes). - backlight/lv5207lp: compare against struct fb_info.device (git-fixes). - batman-adv: do not get eth header before batadv_check_management_packet (git-fixes). - batman-adv: do not increase mtu when set by user (git-fixes). - batman-adv: fix batadv_v_ogm_aggr_send memory leak (git-fixes). - batman-adv: fix tt global entry leak when client roamed back (git-fixes). - batman-adv: trigger events for auto adjusted mtu (git-fixes). - bluetooth: btusb: add mt7922 bluetooth id for the asus ally (git-fixes). - bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - bluetooth: fix potential use-after-free when clear keys (git-fixes). - bluetooth: l2cap: fix use-after-free (git-fixes). - bluetooth: l2cap: fix use-after-free in l2cap_sock_ready_cb (git-fixes). - bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git-fixes). - bluetooth: remove unused declaration amp_read_loc_info() (git-fixes). - bnx2x: fix page fault following eeh recovery (bsc#1214299). - bpf: disable preemption in bpf_event_output (git-fixes). - bus: ti-sysc: fix build warning for 64-bit build (git-fixes). - bus: ti-sysc: fix cast to enum warning (git-fixes). - bus: ti-sysc: flush posted write on enable before reset (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): count rx overflow errors also in case of oom (git-fixes). - ceph: defer stopping mdsc delayed_work (bsc#1214392). - ceph: do not check for quotas on mds stray dirs (bsc#1214238). - ceph: never send metrics if disable_send_metrics is set (bsc#1214180). - check-for-config-changes: ignore builtin_return_address_strips_pac (bsc#1214380). gcc7 on sle 15 does not support this while later gcc does. - cifs: add missing return value check for cifs_sb_tlink (bsc#1193629). - cifs: allow dumping keys for directories too (bsc#1193629). - cifs: fix mid leak during reconnection after timeout threshold (git-fixes). - cifs: if deferred close is disabled then close files immediately (git-fixes). - cifs: is_network_name_deleted should return a bool (bsc#1193629). - cifs: update internal module version number for cifs.ko (bsc#1193629). - clk: fix slab-out-of-bounds error in devm_clk_release() (git-fixes). - clk: fix undefined reference to `clk_rate_exclusive_{get,put}' (git-fixes). - clk: imx8mp: fix sai4 clock (git-fixes). - clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op (git-fixes). - clk: imx: pll14xx: dynamically configure pll for 393216000/361267200hz (git-fixes). - clk: qcom: camcc-sc7180: fix async resume during probe (git-fixes). - clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (git-fixes). - clk: qcom: gcc-sc7180: fix up gcc_sdcc2_apps_clk_src (git-fixes). - clk: qcom: gcc-sm8250: fix gcc_sdcc2_apps_clk_src (git-fixes). - clk: sunxi-ng: modify mismatched function name (git-fixes). - clocksource/drivers/arm_arch_timer: do not use timer namespace for timer_shutdown() function (bsc#1213970). - clocksource/drivers/sp804: do not use timer namespace for timer_shutdown() function (bsc#1213970). - config_nvme_verbose_errors=y gone with a82baa8083b - config_printk_safe_log_buf_shift=13 gone with 7e152d55123 - cpu/smt: allow enabling partial smt states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: move smt prototypes into cpu_smt.h (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: move smt/control simple exit cases earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: remove topology_smt_supported() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: store the current/max number of threads (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpufreq: fix the race condition while updating the transition_task of policy (git-fixes). - cpufreq: intel_pstate: adjust balance_performance epp for sapphire rapids (bsc#1214659). - cpufreq: intel_pstate: enable hwp io boost for all servers (bsc#1208949 jsc#ped-6003 jsc#ped-6004). - cpufreq: intel_pstate: fix scaling for hybrid-capable systems with disabled e-cores (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - cpufreq: intel_pstate: hybrid: rework hwp calibration (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - cpufreq: intel_pstate: hybrid: use known scaling factor for p-cores (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - cpufreq: intel_pstate: read all msrs on the target cpu (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - created new preempt kernel flavor configs are cloned from the respective $arch/default configs. all changed configs appart from config_preempt->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. tree_rcu has been also changed to preempt_rcu which is the default implementation for preempt kernel. - crypto: caam - fix unchecked return value error (git-fixes). - crypto: stm32 - properly handle pm_runtime_get failing (git-fixes). - dma-buf/sw_sync: avoid recursive lock during fence signal (git-fixes). - dma-buf/sync_file: fix docs syntax (git-fixes). - dmaengine: idxd: modify the dependence of attribute pasid_enabled (git-fixes). - dmaengine: mcf-edma: fix a potential un-allocated memory access (git-fixes). - dmaengine: pl330: return dma_paused when transaction is paused (git-fixes). - dmaengine: ste_dma40: add missing irq check in d40_probe (git-fixes). - docs/process/howto: replace c89 with c11 (bsc#1214756). - docs: kernel-parameters: refer to the correct bitmap function (git-fixes). - docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx (git-fixes). - docs: printk-formats: fix hex printing of signed values (git-fixes). - documentation: devices.txt: fix minors for ttycpm* (git-fixes). - documentation: devices.txt: remove ttyioc* (git-fixes). - documentation: devices.txt: remove ttysioc* (git-fixes). - driver core: test_async: fix an error code (git-fixes). - drivers: clk: keystone: fix parameter judgment in _of_pll_clk_init() (git-fixes). - drivers: usb: smsusb: fix error handling code in smsusb_init_device (git-fixes). - drm/amd/display: check attr flag before set cursor degamma on dcn3+ (git-fixes). - drm/amd/display: check tg is non-null before checking if enabled (git-fixes). - drm/amd/display: do not wait for mpc idle if tg is disabled (git-fixes). - drm/amd/display: fix access hdcp_workqueue assert (git-fixes). - drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes). - drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes). - drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create() (git-fixes). - drm/amd: flush any delayed gfxoff on suspend entry (git-fixes). - drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() (git-fixes). - drm/amdgpu: fix potential fence use-after-free v2 (git-fixes). - drm/amdgpu: install stub fence into potential unused fence pointers (git-fixes). - drm/amdgpu: use rmw accessors for changing lnkctl (git-fixes). - drm/armada: fix off-by-one error in armada_overlay_get_property() (git-fixes). - drm/ast: fix dram init on ast2200 (git-fixes). - drm/bridge: anx7625: drop device lock before drm_helper_hpd_irq_event() (git-fixes). - drm/bridge: fix -wunused-const-variable= warning (git-fixes). - drm/bridge: tc358764: fix debug print parameter order (git-fixes). - drm/etnaviv: fix dumping of active mmu context (git-fixes). - drm/mediatek: fix dereference before null check (git-fixes). - drm/mediatek: fix potential memory leak if vmap() fail (git-fixes). - drm/msm/a2xx: call adreno_gpu_init() earlier (git-fixes). - drm/msm/mdp5: do not leak some plane state (git-fixes). - drm/nouveau/disp: revert a null check inside nouveau_connector_get_modes (git-fixes). - drm/nouveau/gr: enable memory loads on helper invocation on all channels (git-fixes). - drm/panel: simple: add missing connector type and pixel format for auo t215hvn01 (git-fixes). - drm/panel: simple: fix auo g121ean01 panel timings according to the docs (git-fixes). - drm/qxl: fix uaf on handle creation (git-fixes). - drm/radeon: use rmw accessors for changing lnkctl (git-fixes). - drm/rockchip: do not spam logs in atomic check (git-fixes). - drm/shmem-helper: reset vma->vm_ops before calling dma_buf_mmap() (git-fixes). - drm/tegra: dpaux: fix incorrect return value of platform_get_irq (git-fixes). - drm/ttm: check null pointer before accessing when swapping (git-fixes). - drm/ttm: never consider pinned bos for eviction&swap (git-fixes). - drm/vmwgfx: fix shader stage validation (git-fixes). - drm: xlnx: zynqmp_dpsub: add missing check for dma_set_mask (git-fixes). - drop cfg80211 lock fix patches that caused a regression (bsc#1213757) - drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428) - dt-bindings: clock: xlnx,versal-clk: drop select:false (git-fixes). - dt-bindings: clocks: imx8mp: make sai4 a dummy clock (git-fixes). - dt-bindings: crypto: ti,sa2ul: make power-domains conditional (git-fixes). - e1000: fix typos in comments (jsc#ped-5738). - e1000: remove unnecessary use of kmap_atomic() (jsc#ped-5738). - e1000: switch to napi_build_skb() (jsc#ped-5738). - e1000: switch to napi_consume_skb() (jsc#ped-5738). - enable analog devices industrial ethernet phy driver (jsc#ped-4759) - exfat: fix unexpected eof while reading dir (bsc#1214000). - exfat: release s_lock before calling dir_emit() (bsc#1214000). - exfat_iterate(): do not open-code file_inode(file) (bsc#1214000). - fbdev/ep93xx-fb: do not assign to struct fb_info.dev (git-fixes). - fbdev: fix potential oob read in fast_imageblit() (git-fixes). - fbdev: fix sys_imageblit() for arbitrary image widths (git-fixes). - fbdev: improve performance of sys_imageblit() (git-fixes). - fbdev: mmp: fix value check in mmphw_probe() (git-fixes). - file: reinstate f_pos locking optimization for regular files (bsc#1213759). - firmware: arm_scmi: drop of node reference in the transport channel setup (git-fixes). - firmware: cs_dsp: fix new control name check (git-fixes). - firmware: meson_sm: fix to avoid potential null pointer dereference (git-fixes). - firmware: stratix10-svc: fix an null vs is_err() bug in probe (git-fixes). - fs/sysv: null check to prevent null-ptr-deref bug (git-fixes). - ftrace: fix possible warning on checking all pages used in ftrace_process_locs() (git-fixes). - gpio: mvebu: fix irq domain leak (git-fixes). - gpio: mvebu: make use of devm_pwmchip_add (git-fixes). - gpio: tps68470: make tps68470_gpio_output() always set the initial value (git-fixes). - hid: add quirk for 03f0:464a hp elite presenter mouse (git-fixes). - hid: logitech-dj: fix error handling in logi_dj_recv_switch_to_dj_mode() (git-fixes). - hid: logitech-hidpp: add usb and bluetooth ids for the logitech g915 tkl keyboard (git-fixes). - hid: multitouch: correct devm device reference for hidinput input_dev name (git-fixes). - hid: wacom: remove the battery when the ekr is off (git-fixes). - hwmon: (pmbus/bel-pfe) enable pmbus_skip_status_check for pfe1100 (git-fixes). - hwmon: (tmp513) fix the channel number in tmp51x_is_visible() (git-fixes). - hwpoison: offline support: fix spelling in documentation/abi/ (git-fixes). - hwrng: iproc-rng200 - implement suspend and resume calls (git-fixes). - hwrng: nomadik - keep clock enabled while hwrng is registered (git-fixes). - hwrng: pic32 - use devm_clk_get_enabled (git-fixes). - i2c: bcm-iproc: fix bcm_iproc_i2c_isr deadlock issue (git-fixes). - i2c: designware: correct length byte validation logic (git-fixes). - i2c: designware: handle invalid smbus block data response length value (git-fixes). - i2c: hisi: only handle the interrupt of the driver's transfer (git-fixes). - i2c: improve size determinations (git-fixes). - i2c: nomadik: remove a useless call in the remove function (git-fixes). - i2c: nomadik: remove unnecessary goto label (git-fixes). - i2c: nomadik: use devm_clk_get_enabled() (git-fixes). - i40e: fix an null vs is_err() bug for debugfs_create_dir() (git-fixes). - iavf: fix potential races for fdir filters (git-fixes). - ib/hfi1: fix possible panic during hotplug remove (git-fixes) - ib/uverbs: fix an potential error pointer dereference (git-fixes) - ice: fix max_rate check while configuring tx rate limits (git-fixes). - ice: fix memory management in ice_ethtool_fdir.c (git-fixes). - ice: fix rdma vsi removal during queue rebuild (git-fixes). - iio: adc: ina2xx: avoid null pointer dereference on of device match (git-fixes). - iio: adc: stx104: implement and utilize register structures (git-fixes). - iio: adc: stx104: utilize iomap interface (git-fixes). - iio: cros_ec: fix the allocation size for cros_ec_command (git-fixes). - input: exc3000 - properly stop timer on shutdown (git-fixes). - intel/e1000:fix repeated words in comments (jsc#ped-5738). - intel: remove unused macros (jsc#ped-5738). - iommu/amd: add pci segment support for ivrs_ commands (git-fixes). - iommu/amd: fix compile warning in init code (git-fixes). - iommu/amd: fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (git-fixes). - iommu/amd: fix ivrs_acpihid cmdline parsing code (git-fixes). - iommu/amd: fix pci device refcount leak in ppr_notifier() (git-fixes). - iommu/amd: use full 64-bit value in build_completion_wait() (git-fixes). - iommu/arm-smmu-v3: check return value after calling platform_get_resource() (git-fixes). - iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes). - iommu/arm-smmu-v3: make default domain type of hisilicon ptt device to identity (git-fixes). - iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (git-fixes). - iommu/dart: initialize dart_streams_enable (git-fixes). - iommu/dma: fix incorrect error return on iommu deferred attach (git-fixes). - iommu/dma: fix iova map result check bug (git-fixes). - iommu/dma: return error code from iommu_dma_map_sg() (git-fixes). - iommu/fsl_pamu: fix resource leak in fsl_pamu_probe() (git-fixes). - iommu/io-pgtable-arm-v7s: add a quirk to allow pgtable pa up to 35bit (git-fixes). - iommu/iova: fix module config properly (git-fixes). - iommu/omap: fix buffer overflow in debugfs (git-fixes). - iommu/rockchip: fix permission bits in page table entries v2 (git-fixes). - iommu/sun50i: consider all fault sources for reset (git-fixes). - iommu/sun50i: fix flush size (git-fixes). - iommu/sun50i: fix r/w permission check (git-fixes). - iommu/sun50i: fix reset release (git-fixes). - iommu/sun50i: implement .iotlb_sync_map (git-fixes). - iommu/sun50i: remove iommu_domain_identity (git-fixes). - iommu/vt-d: add rpls to quirk list to skip te disabling (git-fixes). - iommu/vt-d: check correct capability for sagaw determination (git-fixes). - iommu/vt-d: clean up si_domain in the init_dmars() error path (git-fixes). - iommu/vt-d: correctly calculate sagaw value of iommu (git-fixes). - iommu/vt-d: fix kdump kernels boot failure with scalable mode (git-fixes). - iommu/vt-d: fix pci device refcount leak in dmar_dev_scope_init() (git-fixes). - iommu/vt-d: fix pci device refcount leak in has_external_pci() (git-fixes). - iommu/vt-d: preset access bit for iova in fl non-leaf paging entries (git-fixes). - iommu/vt-d: set sre bit only when hardware has srs cap (git-fixes). - ipmi:ssif: add check for kstrdup (git-fixes). - ipmi:ssif: fix a memory leak when scanning for an adapter (git-fixes). - ipmi_si: fix a memleak in try_smi_init() (git-fixes). - jffs2: correct logic when creating a hole in jffs2_write_begin (git-fixes). - kabi/severities: ignore newly added srso mitigation functions - kabi: allow extra bugsints (bsc#1213927). - kbuild: add -wno-shift-negative-value where -wextra is used (bsc#1214756). - kbuild: move to -std=gnu11 (bsc#1214756). - kernel-binary: common dependencies cleanup common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there. - kernel-binary: drop code for kerntypes support kerntypes was a suse-specific feature dropped before sle 12. - kunit: make kunit_test_timeout compatible with comment (git-fixes). - kvm: s390: fix sthyi error handling (git-fixes bsc#1214370). - leds: fix bug_on check for led_color_id_multi that is always false (git-fixes). - leds: multicolor: use rounded division when calculating color components (git-fixes). - leds: pwm: fix error code in led_pwm_create_fwnode() (git-fixes). - leds: trigger: tty: do not use led_on/off constants, use led_blink_set_oneshot instead (git-fixes). - leds: turris-omnia: drop unnecessary mutex locking (git-fixes). - lib/test_meminit: allocate pages up to order max_order (git-fixes). - lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test (git-fixes). - libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393). - md/raid0: factor out helper for mapping and submitting a bio (bsc#1213916). - md/raid0: fix performance regression for large sequential writes (bsc#1213916). - media: ad5820: drop unsupported ad5823 from i2c_ and of_device_id tables (git-fixes). - media: cx24120: add retval check for cx24120_message_send() (git-fixes). - media: dib7000p: fix potential division by zero (git-fixes). - media: dvb-usb: m920x: fix a potential memory leak in m920x_i2c_xfer() (git-fixes). - media: go7007: remove redundant if statement (git-fixes). - media: i2c: ccs: check rules is non-null (git-fixes). - media: i2c: rdacm21: fix uninitialized value (git-fixes). - media: i2c: tvp5150: check return value of devm_kasprintf() (git-fixes). - media: ov2680: add ov2680_fill_format() helper function (git-fixes). - media: ov2680: do not take the lock for try_fmt calls (git-fixes). - media: ov2680: fix ov2680_bayer_order() (git-fixes). - media: ov2680: fix ov2680_set_fmt() which == v4l2_subdev_format_try not working (git-fixes). - media: ov2680: fix regulators being left enabled on ov2680_power_on() errors (git-fixes). - media: ov2680: fix vflip / hflip set functions (git-fixes). - media: ov2680: remove video_v4l2_subdev_api ifdef-s (git-fixes). - media: ov5640: enable mipi interface in ov5640_set_power_mipi() (git-fixes). - media: rkvdec: increase max supported height for h.264 (git-fixes). - media: v4l2-core: fix a potential resource leak in v4l2_fwnode_parse_link() (git-fixes). - media: v4l2-mem2mem: add lock to protect parameter num_rdy (git-fixes). - media: venus: hfi_venus: only consider sys_idle_indicator on v1 (git-fixes). - media: venus: hfi_venus: write to vidc_ctrl_init after unmasking interrupts (git-fixes). - misc: rtsx: judge aspm mode to set petxcfg reg (git-fixes). - mkspec: allow unsupported kmps (bsc#1214386) - mlxsw: pci: add shutdown method in pci driver (git-fixes). - mmc: block: fix in_flight[issue_type] value error (git-fixes). - mmc: moxart: read scr register without changing byte order (git-fixes). - mmc: wbsd: fix double mmc_free_host() in wbsd_init() (git-fixes). - module: avoid allocation if module is already present and ready (bsc#1213921). - module: extract patient module check into helper (bsc#1213921). - module: move check_modinfo() early to early_mod_check() (bsc#1213921). - module: move early sanity checks into a helper (bsc#1213921). - move upstreamed hid patch into sorted section - move upstreamed powerpc patches into sorted section - mtd: rawnand: brcmnand: fix crash during the panic_write (git-fixes). - mtd: rawnand: brcmnand: fix mtd oobsize (git-fixes). - mtd: rawnand: brcmnand: fix potential false time out warning (git-fixes). - mtd: rawnand: brcmnand: fix potential out-of-bounds access in oob write (git-fixes). - mtd: rawnand: fsl_upm: fix an off-by one test in fun_exec_op() (git-fixes). - mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() (git-fixes). - mtd: rawnand: omap_elm: fix incorrect type in assignment (git-fixes). - mtd: rawnand: rockchip: align hwecc vs. raw page helper layouts (git-fixes). - mtd: rawnand: rockchip: fix oobfree offset and description (git-fixes). - mtd: spi-nor: check bus width while setting qe bit (git-fixes). - mtd: spinand: toshiba: fix ecc_get_status (git-fixes). - n_tty: rename tail to old_tail in n_tty_read() (git-fixes). - net: hns3: fix wrong bw weight of disabled tc issue (git-fixes). - net: ieee802154: at86rf230: stop leaking skb's (git-fixes). - net: mana: fix mana vf unload when hardware is unresponsive (git-fixes). - net: phy: at803x: remove set/get wol callbacks for ar8032 (git-fixes). - net: phy: broadcom: stub c45 read/write for 54810 (git-fixes). - net: phy: fix irq-based wake-on-lan over hibernate / power off (git-fixes). - net: usb: lan78xx: reorder cleanup operations to avoid uaf bugs (git-fixes). - net: usbnet: fix warning in usbnet_start_xmit/usb_submit_urb (git-fixes). - netfs: fix lockdep warning from taking sb_writers whilst holding mmap_lock (bsc#1214742). - netfs: fix missing xas_retry() calls in xarray iteration (bsc#1213946). - netfs: fix parameter of cleanup() (bsc#1214743). - nfsd: remove incorrect check in nfsd4_validate_stateid (git-fixes). - nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (git-fixes). - nilfs2: fix warning in mark_buffer_dirty due to discarded buffer reuse (git-fixes). - nvme-rdma: fix potential unbalanced freeze & unfreeze (bsc#1208902). - nvme-tcp: fix potential unbalanced freeze & unfreeze (bsc#1208902). - objtool/x86: fix srso mess (git-fixes). - objtool/x86: fixup frame-pointer vs rethunk (git-fixes). - objtool: union instruction::{call_dest,jump_table} (git-fixes). - old-flavors: drop 2.6 kernels. 2.6 based kernels are eol, upgrading from them is no longer suported. - pci/aspm: avoid link retraining race (git-fixes). - pci/aspm: factor out pcie_wait_for_retrain() (git-fixes). - pci/aspm: return 0 or -etimedout from pcie_retrain_link() (git-fixes). - pci: acpiphp: reassign resources on bridge if necessary (git-fixes). - pci: acpiphp: use pci_assign_unassigned_bridge_resources() only for non-root bus (git-fixes). - pci: mark nvidia t4 gpus to avoid bus reset (git-fixes). - pci: meson: remove cast between incompatible function type (git-fixes). - pci: microchip: correct the ded and sec interrupt bit offsets (git-fixes). - pci: microchip: remove cast between incompatible function type (git-fixes). - pci: pciehp: use rmw accessors for changing lnkctl (git-fixes). - pci: rockchip: remove writes to unused registers (git-fixes). - pci: s390: fix use-after-free of pci resources with per-function hotplug (git-fixes). - pci: tegra194: fix possible array out of bounds access (git-fixes). - pcmcia: rsrc_nonstatic: fix memory leak in nonstatic_release_resource_db() (git-fixes). - phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write (git-fixes). - phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate (git-fixes). - phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 (git-fixes). - phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend (git-fixes). - phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes). - phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc (git-fixes). - phy: qcom-snps: use dev_err_probe() to simplify code (git-fixes). - pinctrl: cherryview: fix address_space_handler() argument (git-fixes). - pinctrl: mcp23s08: check return value of devm_kasprintf() (git-fixes). - pinctrl: renesas: rza2: add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function} (git-fixes). - platform/x86: dell-sysman: fix reference leak (git-fixes). - pm / devfreq: fix leak in devfreq_dev_release() (git-fixes). - powerpc/64e: fix kexec build error (bsc#1212091 ltc#199106). - powerpc/iommu: do not set failed sg dma_address to dma_mapping_error (bsc#1212091 ltc#199106). - powerpc/iommu: fix iommu_table_in_use for a small default dma window case (bsc#1212091 ltc#199106). - powerpc/iommu: incorrect ddw table is referenced for sr-iov device (bsc#1212091 ltc#199106). - powerpc/iommu: return error code from .map_sg() ops (bsc#1212091 ltc#199106). - powerpc/iommu: tces are incorrectly manipulated with dlpar add/remove of memory (bsc#1212091 ltc#199106). - powerpc/kernel/iommu: add new iommu_table_in_use() helper (bsc#1212091 ltc#199106). - powerpc/kexec: fix build failure from uninitialised variable (bsc#1212091 ltc#199106). - powerpc/mm/altmap: fix altmap boundary check (bsc#1120059 git-fixes). - powerpc/pseries/ddw: do not try direct mapping with persistent memory and one window (bsc#1212091 ltc#199106). - powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: add ddw_list_new_entry() helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: add ddw_property_create() and refactor enable_ddw() (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: add iommu_pseries_alloc_table() helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: add of_node_put() before break (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: allow ddw windows starting at 0x00 (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: check if the default window in use before removing it (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: create huge dma window if no mmio32 is present (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: find existing ddw with given property name (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: make use of ddw for indirect mapping (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: print ibm,query-pe-dma-windows parameters (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: rename 'direct window' to 'dma window' (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: reorganize iommu_table_setparms*() with new helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: replace hard-coded page shift (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: update remove_dma_window() to accept property name (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: use correct vfree for it_map (bsc#1212091 ltc#199106). - powerpc/pseries: add __init attribute to eligible functions (bsc#1212091 ltc#199106). - powerpc/pseries: honour current smt state when dlpar onlining cpus (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - powerpc/pseries: initialise cpu hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - powerpc/rtas: block error injection when locked down (bsc#1023051). - powerpc/rtas: enture rtas_call is called with mmu enabled (bsc#1023051). - powerpc/rtas_flash: allow user copy to flash block cache objects (bsc#1194869). - powerpc/security: fix speculation_store_bypass reporting on power10 (bsc#1188885 ltc#193722 git-fixes). - powerpc: add hotplug_smt support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). update config files. - powerpc: fix typos in comments (bsc#1212091 ltc#199106). - powerpc: move dma64_propname define to a header (bsc#1214297 ltc#197503). - pseries/iommu/ddw: fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503). - pstore/ram: check start of empty przs during init (git-fixes). - pwm: add a stub for devm_pwmchip_add() (git-fixes). - pwm: meson: fix handling of period/duty if greater than uint_max (git-fixes). - pwm: meson: simplify duplicated per-channel tracking (git-fixes). - qed: fix scheduling in a tasklet while getting stats (git-fixes). - rdma/bnxt_re: fix error handling in probe failure path (git-fixes) - rdma/bnxt_re: fix max_qp count for virtual functions (git-fixes) - rdma/efa: fix wrong resources deallocation order (git-fixes) - rdma/hns: fix cq and qp cache affinity (git-fixes) - rdma/hns: fix incorrect post-send with direct wqe of wr-list (git-fixes) - rdma/hns: fix port active speed (git-fixes) - rdma/irdma: prevent zero-length stag registration (git-fixes) - rdma/irdma: replace one-element array with flexible-array member (git-fixes) - rdma/mlx5: return the firmware result upon destroying qp/rq (git-fixes) - rdma/qedr: remove a duplicate assignment in irdma_query_ah() (git-fixes) - rdma/siw: balance the reference of cep->kref in the error path (git-fixes) - rdma/siw: correct wrong debug message (git-fixes) - rdma/umem: set iova in odp flow (git-fixes) - readme.branch: add miroslav franc as a sle15-sp4 co-maintainer. - regmap: rbtree: use alloc_flags for memory allocations (git-fixes). - revert 'ib/isert: fix incorrect release of isert connection' (git-fixes) - revert 'tracing: add '(fault)' name injection to kernel probes' (git-fixes). - ring-buffer: do not swap cpu_buffer during resize process (git-fixes). - ring-buffer: fix deadloop issue on reading trace_pipe (git-fixes). - ring-buffer: fix wrong stat of cpu_buffer->read (git-fixes). - rpmsg: glink: add check for kstrdup (git-fixes). - s390/purgatory: disable branch profiling (git-fixes bsc#1214372). - sched/fair: fix inaccurate tally of ttwu_move_affine (git fixes). - sched/fair: use recent_used_cpu to test p->cpus_ptr (git fixes). - sched/psi: use kernfs polling functions for psi trigger polling (bsc#1209799). - scsi: bsg: increase number of devices (bsc#1210048). - scsi: core: do not wait for quiesce in scsi_device_block() (bsc#1209284). - scsi: core: do not wait for quiesce in scsi_stop_queue() (bsc#1209284). - scsi: core: improve warning message in scsi_device_block() (bsc#1209284). - scsi: core: merge scsi_internal_device_block() and device_block() (bsc#1209284). - scsi: rdma/srp: fix residual handling (git-fixes) - scsi: sg: increase number of devices (bsc#1210048). - scsi: storvsc: always set no_report_opcodes (git-fixes). - scsi: storvsc: fix handling of virtual fibre channel timeouts (git-fixes). - scsi: storvsc: handle srb status value 0x30 (git-fixes). - scsi: storvsc: limit max_sectors for virtual fibre channel devices (git-fixes). - scsi: zfcp: defer fc_rport blocking until after adisc response (git-fixes bsc#1214371). - selftests/futex: order calls to futex_lock_pi (git-fixes). - selftests/harness: actually report skip for signal tests (git-fixes). - selftests/resctrl: close perf value read fd on errors (git-fixes). - selftests/resctrl: do not leak buffer in fill_cache() (git-fixes). - selftests/resctrl: unmount resctrl fs if child fails to run benchmark (git-fixes). - selftests/rseq: check if libc rseq support is registered (git-fixes). - selftests: forwarding: add a helper to skip test when using veth pairs (git-fixes). - selftests: forwarding: ethtool: skip when using veth pairs (git-fixes). - selftests: forwarding: ethtool_extended_state: skip when using veth pairs (git-fixes). - selftests: forwarding: skip test when no interfaces are specified (git-fixes). - selftests: forwarding: switch off timeout (git-fixes). - selftests: forwarding: tc_actions: cleanup temporary files when test is aborted (git-fixes). - selftests: forwarding: tc_actions: use ncat instead of nc (git-fixes). - selftests: forwarding: tc_flower: relax success criterion (git-fixes). - selftests: mirror_gre_changes: tighten up the ttl test match (git-fixes). - serial: sc16is7xx: fix broken port 0 uart init (git-fixes). - serial: sc16is7xx: fix bug when first setting gpio direction (git-fixes). - serial: sprd: assign sprd_port after initialized to avoid wrong access (git-fixes). - serial: sprd: fix dma buffer leak issue (git-fixes). - serial: tegra: handle clk prepare error in tegra_uart_hw_init() (git-fixes). - sfc: fix crash when reading stats while nic is resetting (git-fixes). - smb3: do not send lease break acknowledgment if all file handles have been closed (git-fixes). - smb3: do not set ntlmssp_version flag for negotiate not auth request (bsc#1193629). - smb: client: fix -wstringop-overflow issues (bsc#1193629). - smb: client: fix dfs link mount against w2k8 (bsc#1212142). - smb: client: fix null auth (git-fixes). - soc: aspeed: socinfo: add kfree for kstrdup (git-fixes). - soundwire: bus: pm_runtime_request_resume on peripheral attachment (git-fixes). - soundwire: fix enumeration completion (git-fixes). - spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (git-fixes). - supported.conf: fix typos for -!optional markers - target: compare and write backend driver sense handling (bsc#1177719 bsc#1213026). - target_core_rbd: fix leak and reduce kmalloc calls (bsc#1212873). - target_core_rbd: fix rbd_img_request.snap_id assignment (bsc#1212857). - target_core_rbd: remove snapshot existence validation code (bsc#1212857). - thunderbolt: read retimer nvm authentication status prior tb_retimer_set_inbound_sbtx() (git-fixes). - timers: add shutdown mechanism to the internal functions (bsc#1213970). - timers: provide timer_shutdown[_sync]() (bsc#1213970). - timers: rename del_timer() to timer_delete() (bsc#1213970). - timers: rename del_timer_sync() to timer_delete_sync() (bsc#1213970). - timers: replace bug_on()s (bsc#1213970). - timers: silently ignore timers with a null function (bsc#1213970). - timers: split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970). - timers: update kernel-doc for various functions (bsc#1213970). - timers: use del_timer_sync() even on up (bsc#1213970). - tracing/histograms: add histograms to hist_vars if they have referenced variables (git-fixes). - tracing/histograms: return an error if we fail to add histogram to hist_vars list (git-fixes). - tracing/probes: fix not to count error code to total length (git-fixes). - tracing/probes: fix to avoid double count of the string length on the array (git-fixes). - tracing/probes: fix to record 0-length data_loc in fetch_store_string*() if fails (git-fixes). - tracing: fix cpu buffers unavailable due to 'record_disabled' missed (git-fixes). - tracing: fix memleak due to race between current_tracer and trace (git-fixes). - tracing: fix memory leak of iter->temp when reading trace_pipe (git-fixes). - tracing: fix null pointer dereference in tracing_err_log_open() (git-fixes). - tracing: fix warning in trace_buffered_event_disable() (git-fixes). - tty: fix hang on tty device with no_room set (git-fixes). - tty: n_gsm: fix the uaf caused by race condition in gsm_cleanup_mux (git-fixes). - tty: serial: fsl_lpuart: add i.mxrt1050 support (git-fixes). - tty: serial: fsl_lpuart: clear the error flags by writing 1 for lpuart32 platforms (git-fixes). - tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms (git-fixes). - tty: serial: fsl_lpuart: reduce rx watermark to 0 on ls1028a (git-fixes). - ubifs: fix memleak when insert_old_idx() failed (git-fixes). - update cpufreq-intel_pstate-fix-cpu-pstate.turbo_freq-initi (git-fixes bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - usb-storage: alauda: fix uninit-value in alauda_check_media() (git-fixes). - usb: chipidea: imx: add missing usb phy dpdm wakeup setting (git-fixes). - usb: chipidea: imx: do not request qos for imx8ulp (git-fixes). - usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 (git-fixes). - usb: common: usb-conn-gpio: prevent bailing out if initial role is none (git-fixes). - usb: dwc3: fix typos in gadget.c (git-fixes). - usb: dwc3: meson-g12a: do post init to fix broken usb after resumption (git-fixes). - usb: dwc3: properly handle processing of pending events (git-fixes). - usb: gadget: f_mass_storage: fix unused variable warning (git-fixes). - usb: gadget: fix the memory leak in raw_gadget driver (git-fixes). - usb: gadget: u_serial: avoid spinlock recursion in __gs_console_push (git-fixes). - usb: ohci-at91: fix the unhandle interrupt when resume (git-fixes). - usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (git-fixes). - usb: quirks: add quirk for focusrite scarlett (git-fixes). - usb: serial: option: add quectel ec200a module support (git-fixes). - usb: serial: option: support quectel em060k_128 (git-fixes). - usb: serial: simple: add kaufmann rks+can vcp (git-fixes). - usb: serial: simple: sort driver entries (git-fixes). - usb: typec: altmodes/displayport: signal hpd when configuring pin assignment (git-fixes). - usb: typec: tcpm: fix response to vsafe0v event (git-fixes). - usb: typec: tcpm: set initial svdm version based on pd revision (git-fixes). - usb: zaurus: add id for a-300/b-500/c-700 (git-fixes). - watchdog: sp5100_tco: support hygon fch/sch (server controller hub) (git-fixes). - wifi: ath10k: use rmw accessors for changing lnkctl (git-fixes). - wifi: ath11k: use rmw accessors for changing lnkctl (git-fixes). - wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx (git-fixes). - wifi: ath9k: protect wmi command response buffer replacement with a lock (git-fixes). - wifi: ath9k: use is_err() with debugfs_create_dir() (git-fixes). - wifi: cfg80211: fix return value in scan logic (git-fixes). - wifi: cfg80211: fix sband iftype data lookup for ap_vlan (git-fixes). - wifi: mt76: mt7615: do not advertise 5 ghz on first phy of mt7615d (dbdc) (git-fixes). - wifi: mt76: mt7915: fix power-limits while chan_switch (git-fixes). - wifi: mt76: mt7921: do not support one stream on secondary antenna only (git-fixes). - wifi: mt76: testmode: add nla_policy for mt76_tm_attr_tx_length (git-fixes). - wifi: mwifiex: avoid possible null skb pointer dereference (git-fixes). - wifi: mwifiex: fix error recovery in pcie buffer descriptor management (git-fixes). - wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (git-fixes). - wifi: mwifiex: fix missed return in oob checks failed path (git-fixes). - wifi: mwifiex: fix oob and integer underflow when rx packets (git-fixes). - wifi: nl80211/cfg80211: add forgotten nla_policy for bss color attribute (git-fixes). - wifi: radiotap: fix kernel-doc notation warnings (git-fixes). - wifi: rtw89: debug: fix error handling in rtw89_debug_priv_btc_manual_set() (git-fixes). - x86/alternative: make custom return thunk unconditional (git-fixes). - x86/cpu/amd: disable xsaves on amd family 0x17 (git-fixes). - x86/cpu/kvm: provide untrain_ret_vm (git-fixes). - x86/cpu: clean up srso return thunk mess (git-fixes). - x86/cpu: cleanup the untrain mess (git-fixes). - x86/cpu: fix __x86_return_thunk symbol type (git-fixes). - x86/cpu: fix up srso_safe_ret() and __x86_return_thunk() (git-fixes). - x86/cpu: rename original retbleed methods (git-fixes). - x86/cpu: rename srso_(.*)_alias to srso_alias_\1 (git-fixes). - x86/mce: make sure logged mces are processed after sysfs update (git-fixes). - x86/retpoline,kprobes: fix position of thunk sections with config_lto_clang (git-fixes). - x86/retpoline,kprobes: skip optprobe check for indirect jumps with retpolines and ibt (git-fixes). - x86/retpoline: do not clobber rflags during srso_safe_ret() (git-fixes). - x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635). - x86/speculation: add cpu_show_gds() prototype (git-fixes). - x86/speculation: mark all skylake cpus as vulnerable to gds (git-fixes). - x86/srso: correct the mitigation status when smt is disabled (git-fixes). - x86/srso: disable the mitigation on unaffected configurations (git-fixes). - x86/srso: explain the untraining sequences a bit more (git-fixes). - x86/srso: fix build breakage with the llvm linker (git-fixes). - x86/srso: fix return thunks in generated code (git-fixes). - x86/static_call: fix __static_call_fixup() (git-fixes). - xfs: fix sb write verify for lazysbcount (bsc#1214661). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3973-1 Released: Thu Oct 5 10:14:49 2023 Summary: Recommended update for zypper Type: recommended Severity: moderate References: 1213854,1214292,1214395,1215007 This update for zypper fixes the following issues: - Fix name of the bash completion script (bsc#1215007) - Update notes about failing signature checks (bsc#1214395) - Improve the SIGINT handler to be signal safe (bsc#1214292) - Update to version 1.14.64 - Changed location of bash completion script (bsc#1213854). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3986-1 Released: Thu Oct 5 14:07:58 2023 Summary: Recommended update for suse-module-tools Type: recommended Severity: important References: 1201066,1213428 This update for suse-module-tools fixes the following issues: - Update to version 15.4.17: * cert-script: warn only once about non-writable efivarfs * cert-script: skip cert handling if efivarfs is not writable (bsc#1213428, bsc#1201066) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4055-1 Released: Thu Oct 12 09:50:39 2023 Summary: Security update for xen Type: security Severity: important References: 1215744,1215746,1215747,1215748,CVE-2023-34323,CVE-2023-34325,CVE-2023-34326,CVE-2023-34327,CVE-2023-34328 This update for xen fixes the following issues: - CVE-2023-34323: A transaction conflict can crash C Xenstored (XSA-440, bsc#1215744) - CVE-2023-34326: Missing IOMMU TLB flushing (XSA-442, bsc#1215746) - CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling (XSA-443, bsc#1215747) - CVE-2023-34327: Debug Mask handling (XSA-444, bsc#1215748) - CVE-2023-34328: Debug Mask handling (XSA-444, bsc#1215748) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4059-1 Released: Thu Oct 12 10:01:24 2023 Summary: Security update for samba Type: security Severity: important References: 1213940,1215904,1215905,1215908,CVE-2023-4091,CVE-2023-4154,CVE-2023-42669 This update for samba fixes the following issues: - CVE-2023-4091: Fixed a bug where a client can truncate file with read-only permissions. (bsc#1215904) - CVE-2023-42669: Fixed a bug in 'rpcecho' development server which allows Denial of Service via sleep() call on AD DC. (bso#1215905) - CVE-2023-4154: Fixed a bug in dirsync which allows SYSTEM access with only 'GUID_DRS_GET_CHANGES' right. (bsc#1215908) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4072-1 Released: Fri Oct 13 10:43:00 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1202845,1213808,1214928,1214940,1214941,1214942,1214943,1214944,1214950,1214951,1214954,1214957,1214986,1214988,1214992,1214993,1215322,1215877,1215894,1215895,1215896,1215911,1215915,1215916,CVE-2023-1192,CVE-2023-1206,CVE-2023-1859,CVE-2023-2177,CVE-2023-39192,CVE-2023-39193,CVE-2023-39194,CVE-2023-4155,CVE-2023-42753,CVE-2023-42754,CVE-2023-4389,CVE-2023-4563,CVE-2023-4622,CVE-2023-4623,CVE-2023-4881,CVE-2023-4921,CVE-2023-5345 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-4563: Fixed an use-after-free flaw in the nftables sub-component. This vulnerability could allow a local attacker to crash the system or lead to a kernel information leak problem. (bsc#1214727) - CVE-2023-39194: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215861) - CVE-2023-39193: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215860) - CVE-2023-39192: Fixed a flaw in the u32_match_it function which could allow a local attackers to disclose sensitive information. (bsc#1215858) - CVE-2023-42754: Fixed a null pointer dereference in ipv4_link_failure which could lead an authenticated attacker to trigger a DoS. (bsc#1215467) - CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215899) - CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages. (bsc#1214022) - CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351). - CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150). - CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703). - CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275). - CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117). - CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). - CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169). - CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). - CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system (bsc#1210643). - CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995). The following non-security bugs were fixed: - ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs (git-fixes). - ALSA: hda/realtek: Splitting the UX3402 into two separate models (git-fixes). - ARM: pxa: remove use of symbol_get() (git-fixes). - arm64: csum: Fix OoB access in IP checksum code for negative lengths (git-fixes). - arm64: module-plts: inline linux/moduleloader.h (git-fixes) - arm64: module: Use module_init_layout_section() to spot init sections (git-fixes) - arm64: sdei: abort running SDEI handlers during crash (git-fixes) - arm64: tegra: Update AHUB clock parent and rate (git-fixes) - arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git-fixes) - ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes). - ASoC: meson: spdifin: start hw on dai probe (git-fixes). - ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes). - ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes). - ata: libata: disallow dev-initiated LPM transitions to unsupported states (git-fixes). - ata: pata_falcon: fix IO base selection for Q40 (git-fixes). - ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes). - ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes). - backlight: gpio_backlight: Drop output GPIO direction check for initial power state (git-fixes). - blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986). - blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992). - block/mq-deadline: use correct way to throttling write requests (bsc#1214993). - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (git-fixes). - bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322). - bpf: Clear the probe_addr for uprobe (git-fixes). - btrfs: do not hold CPU for too long when defragging a file (bsc#1214988). - drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (git-fixes). - drm/amd/display: fix the white screen issue when >= 64GB DRAM (git-fixes). - drm/amd/display: prevent potential division by zero errors (git-fixes). - drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808). - drm/i915: mark requests for GuC virtual engines to avoid use-after-free (git-fixes). - drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (git-fixes). - drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes). - drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes). - ext4: avoid potential data overflow in next_linear_group (bsc#1214951). - ext4: correct inline offset when handling xattrs in inode body (bsc#1214950). - ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954). - ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943). - ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944). - ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942). - ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941). - ext4: Remove ext4 locking of moved directory (bsc#1214957). - ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940). - fs: do not update freeing inode i_io_list (bsc#1214813). - fs: Establish locking order for unrelated directories (bsc#1214958). - fs: Lock moved directories (bsc#1214959). - fs: lockd: avoid possible wrong NULL parameter (git-fixes). - fs: no need to check source (bsc#1215752). - fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE (bsc#1214813). - fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581). - gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479). - gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479). - gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479). - gve: Changes to add new TX queues (bsc#1214479). - gve: Control path for DQO-QPL (bsc#1214479). - gve: fix frag_list chaining (bsc#1214479). - gve: Fix gve interrupt names (bsc#1214479). - gve: RX path for DQO-QPL (bsc#1214479). - gve: trivial spell fix Recive to Receive (bsc#1214479). - gve: Tx path for DQO-QPL (bsc#1214479). - gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479). - gve: use vmalloc_array and vcalloc (bsc#1214479). - gve: XDP support GQI-QPL: helper function changes (bsc#1214479). - hwrng: virtio - add an internal buffer (git-fixes). - hwrng: virtio - always add a pending request (git-fixes). - hwrng: virtio - do not wait on cleanup (git-fixes). - hwrng: virtio - do not waste entropy (git-fixes). - hwrng: virtio - Fix race on data_avail and actual data (git-fixes). - i2c: aspeed: Reset the i2c controller when timeout occurs (git-fixes). - i3c: master: svc: fix probe failure when no i3c device exist (git-fixes). - idr: fix param name in idr_alloc_cyclic() doc (git-fixes). - Input: tca6416-keypad - fix interrupt enable disbalance (git-fixes). - iommu/virtio: Detach domain on endpoint release (git-fixes). - jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953). - jbd2: correct the end of the journal recovery scan range (bsc#1214955). - jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949). - jbd2: fix checkpoint cleanup performance regression (bsc#1214952). - jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948). - jbd2: recheck chechpointing non-dirty buffer (bsc#1214945). - jbd2: remove journal_clean_one_cp_list() (bsc#1214947). - jbd2: remove t_checkpoint_io_list (bsc#1214946). - jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946). - kabi/severities: ignore mlx4 internal symbols - kconfig: fix possible buffer overflow (git-fixes). - kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template. - kernel-binary: python3 is needed for build At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar scripts may exist. - kselftest/runner.sh: Propagate SIGTERM to runner child (git-fixes). - KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915). - KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896). - KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916). - KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894). - KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895). - KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911). - KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-fixes). - KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes). - KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes). - KVM: x86/mmu: Include mmu.h in spte.h (git-fixes). - loop: Fix use-after-free issues (bsc#1214991). - loop: loop_set_status_from_info() check before assignment (bsc#1214990). - mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (bsc#1187236). - mlx4: Connect the ethernet part to the auxiliary bus (bsc#1187236). - mlx4: Connect the infiniband part to the auxiliary bus (bsc#1187236). - mlx4: Delete custom device management logic (bsc#1187236). - mlx4: Get rid of the mlx4_interface.activate callback (bsc#1187236). - mlx4: Get rid of the mlx4_interface.get_dev callback (bsc#1187236). - mlx4: Move the bond work to the core driver (bsc#1187236). - mlx4: Register mlx4 devices to an auxiliary virtual bus (bsc#1187236). - mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236). - mlx4: Replace the mlx4_interface.event callback with a notifier (bsc#1187236). - mlx4: Use 'void *' as the event param of mlx4_dispatch_event() (bsc#1187236). - module: Expose module_init_layout_section() (git-fixes) - net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes). - net: mana: Add page pool for RX buffers (bsc#1214040). - net: mana: Configure hwc timeout from hardware (bsc#1214037). - net: phy: micrel: Correct bit assignments for phy_device flags (git-fixes). - net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes). - net/mlx4: Remove many unnecessary NULL values (bsc#1187236). - NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git-fixes). - NFS/blocklayout: Use the passed in gfp flags (git-fixes). - NFS/pNFS: Fix assignment of xprtdata.cred (git-fixes). - NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes). - NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes). - NFSD: fix change_info in NFSv4 RENAME replies (git-fixes). - NFSD: Fix race to FREE_STATEID and cl_revoked (git-fixes). - NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes). - NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes). - NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes). - NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes). - NFSv4/pNFS: minor fix for cleanup path in nfs4_get_device_info (git-fixes). - ntb: Clean up tx tail index on link down (git-fixes). - ntb: Drop packets when qp link is down (git-fixes). - ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes). - nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543). - nvme-tcp: add recovery_delay to sysfs (bsc#1201284). - nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284). - nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284). - nvme-tcp: make 'err_work' a delayed work (bsc#1201284). - PCI: Free released resource after coalescing (git-fixes). - platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (git-fixes). - platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (git-fixes). - platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes). - platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors (git-fixes). - platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git-fixes). - platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes). - platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes). - platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes). - powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582). - powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729). - powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051). - powerpc/xics: Remove unnecessary endian conversion (bsc#1065729). - printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875). - pwm: lpc32xx: Remove handling of PWM channels (git-fixes). - quota: add new helper dquot_active() (bsc#1214998). - quota: factor out dquot_write_dquot() (bsc#1214995). - quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963). - quota: fix warning in dqgrab() (bsc#1214962). - quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961). - quota: rename dquot_active() to inode_quota_active() (bsc#1214997). - s390/qeth: Do not call dev_close/dev_open (DOWN/UP) (bsc#1214873 git-fixes). - s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215148). - scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes). - scsi: 53c700: Check that command slot is not NULL (git-fixes). - scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes). - scsi: core: Fix possible memory leak if device_add() fails (git-fixes). - scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes). - scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE (git-fixes). - scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes). - scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes). - scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (git-fixes). - scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes). - scsi: lpfc: Remove reftag check in DIF paths (git-fixes). - scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658). - scsi: qedf: Fix firmware halt over suspend and resume (git-fixes). - scsi: qedf: Fix NULL dereference in error handling (git-fixes). - scsi: qedi: Fix firmware halt over suspend and resume (git-fixes). - scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928). - scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928). - scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928). - scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928). - scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes). - scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928). - scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928). - scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928). - scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928). - scsi: qla2xxx: Remove unused declarations (bsc#1214928). - scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928). - scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928). - scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes). - scsi: scsi_debug: Remove dead code (git-fixes). - scsi: snic: Fix double free in snic_tgt_create() (git-fixes). - scsi: snic: Fix possible memory leak if device_add() fails (git-fixes). - scsi: storvsc: Handle additional SRB status values (git-fixes). - scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941). - selftests: tracing: Fix to unmount tracefs for recovering environment (git-fixes). - SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes). - tcpm: Avoid soft reset when partner does not support get_status (git-fixes). - tracing: Fix race issue between cpu buffer write and swap (git-fixes). - tracing: Remove extra space at the end of hwlat_detector/mode (git-fixes). - tracing: Remove unnecessary copying of tr->current_trace (git-fixes). - uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes). - udf: Fix extension of the last extent in the file (bsc#1214964). - udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965). - udf: Fix off-by-one error when discarding preallocation (bsc#1214966). - udf: Fix uninitialized array access for some pathnames (bsc#1214967). - uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes). - usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes). - usb: ehci: move new member has_ci_pec_bug into hole (git-fixes). - usb: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes). - usb: serial: option: add Quectel EM05G variant (0x030e) (git-fixes). - usb: typec: tcpci: clear the fault status bit (git-fixes). - usb: typec: tcpci: move tcpci.h to include/linux/usb/ (git-fixes). - vhost_vdpa: fix the crash in unmap a large memory (git-fixes). - vhost-scsi: unbreak any layout for response (git-fixes). - vhost: allow batching hint without size (git-fixes). - vhost: fix hung thread due to erroneous iotlb entries (git-fixes). - vhost: handle error while adding split ranges to iotlb (git-fixes). - virtio_net: add checking sq is full inside xdp xmit (git-fixes). - virtio_net: Fix probe failed when modprobe virtio_net (git-fixes). - virtio_net: reorder some funcs (git-fixes). - virtio_net: separate the logic of checking whether sq is full (git-fixes). - virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes). - virtio-mmio: do not break lifecycle of vm_dev (git-fixes). - virtio-net: fix race between set queues and probe (git-fixes). - virtio-net: set queues after driver_ok (git-fixes). - virtio-rng: make device ready before making request (git-fixes). - virtio: acknowledge all features before access (git-fixes). - vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582). - watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (git-fixes). - word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729). - x86/alternative: Fix race in try_get_desc() (git-fixes). - x86/boot/e820: Fix typo in e820.c comment (git-fixes). - x86/bugs: Reset speculation control settings on init (git-fixes). - x86/cpu: Add Lunar Lake M (git-fixes). - x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes). - x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git-fixes). - x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git-fixes). - x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes). - x86/ioapic: Do not return 0 from arch_dynirq_lower_bound() (git-fixes). - x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes). - x86/mce: Retrieve poison range from hardware (git-fixes). - x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes). - x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes). - x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes). - x86/purgatory: remove PGO flags (git-fixes). - x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git-fixes). - x86/reboot: Disable virtualization in an emergency if SVM is supported (git-fixes). - x86/resctl: fix scheduler confusion with 'current' (git-fixes). - x86/resctrl: Fix task CLOSID/RMID update race (git-fixes). - x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes). - x86/rtc: Remove __init for runtime functions (git-fixes). - x86/sgx: Reduce delay and interference of enclave release (git-fixes). - x86/srso: Do not probe microcode in a guest (git-fixes). - x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes). - x86/srso: Fix srso_show_state() side effect (git-fixes). - x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes). - x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes). - xen: remove a confusing comment on auto-translated guest I/O (git-fixes). - xprtrdma: Remap Receive buffers after a reconnect (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4108-1 Released: Wed Oct 18 11:51:12 2023 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1215968,CVE-2023-43804 This update for python-urllib3 fixes the following issues: - CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if the user manually set the corresponding header (bsc#1215968). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4122-1 Released: Thu Oct 19 08:24:34 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4135-1 Released: Thu Oct 19 14:14:23 2023 Summary: Security update for suse-module-tools Type: security Severity: important References: 1205767,1210335,CVE-2023-1829,CVE-2023-23559 This update for suse-module-tools fixes the following issues: - Updated to version 15.4.18: - CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier module (bsc#1210335). - CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules (bsc#1205767, jsc#PED-5731). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4138-1 Released: Thu Oct 19 17:15:38 2023 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: This update for systemd-rpm-macros fixes the following issues: - Switch to `systemd-hwdb` tool when updating the HW database. It's been introduced in systemd v219 and replaces the deprecated command `udevadm hwdb`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4139-1 Released: Fri Oct 20 10:06:58 2023 Summary: Recommended update for containerd, runc Type: recommended Severity: moderate References: 1215323 This update for containerd, runc fixes the following issues: runc was updated to v1.1.9. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.9 containerd was updated to containerd v1.7.7 for Docker v24.0.6-ce. Upstream release notes: - https://github.com/containerd/containerd/releases/tag/v1.7.7 - https://github.com/containerd/containerd/releases/tag/v1.7.6 bsc#1215323 - Add `Provides: cri-runtime` to use containerd as container runtime in Factory Kubernetes packages ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4140-1 Released: Fri Oct 20 11:34:03 2023 Summary: Security update for grub2 Type: security Severity: important References: 1201300,1215935,1215936,CVE-2023-4692,CVE-2023-4693 This update for grub2 fixes the following issues: Security fixes: - CVE-2023-4692: Fixed an out-of-bounds write at fs/ntfs.c which may lead to unsigned code execution. (bsc#1215935) - CVE-2023-4693: Fixed an out-of-bounds read at fs/ntfs.c which may lead to leak sensitive information. (bsc#1215936) Other fixes: - Fix a boot delay issue in PowerPC PXE boot (bsc#1201300) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:4194-1 Released: Wed Oct 25 11:01:41 2023 Summary: Feature update for python3 Type: feature Severity: low References: This feature update for python3 packages adds the following: - First batch of python3.11 modules (jsc#PED-68) - Rename sources of python3-kubernetes, python3-cryptography and python3-cryptography-vectors to accommodate the new 3.11 versions, this 3 packages have no code changes. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4217-1 Released: Thu Oct 26 12:20:27 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4225-1 Released: Fri Oct 27 11:02:14 2023 Summary: Security update for zchunk Type: security Severity: important References: 1216268,CVE-2023-46228 This update for zchunk fixes the following issues: - CVE-2023-46228: Fixed a handle overflow errors in malformed zchunk files. (bsc#1216268) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - containerd-ctr-1.7.7-150000.100.1 updated - containerd-1.7.7-150000.100.1 updated - curl-8.0.1-150400.5.32.1 updated - glibc-locale-base-2.31-150300.63.1 updated - glibc-locale-2.31-150300.63.1 updated - glibc-2.31-150300.63.1 updated - grub2-i386-pc-2.06-150400.11.38.1 updated - grub2-x86_64-efi-2.06-150400.11.38.1 updated - grub2-x86_64-xen-2.06-150400.11.38.1 updated - grub2-2.06-150400.11.38.1 updated - kernel-default-5.14.21-150400.24.92.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - libeconf0-0.5.2-150400.3.6.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libopenssl1_1-1.1.1l-150400.7.57.1 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libsystemd0-249.16-150400.8.35.5 updated - libudev1-249.16-150400.8.35.5 updated - libz1-1.2.11-150000.3.48.1 updated - libzck1-1.1.16-150400.3.7.1 updated - login_defs-4.8.1-150400.10.12.1 updated - openssl-1_1-1.1.1l-150400.7.57.1 updated - python3-cryptography-3.3.2-150400.20.3 updated - python3-ply-3.10-150000.3.5.1 updated - python3-urllib3-1.25.10-150300.4.6.1 updated - rpm-ndb-4.14.3-150400.59.3.1 updated - runc-1.1.9-150000.52.2 updated - samba-client-libs-4.15.13+git.691.3d3cea0641-150400.3.31.1 updated - shadow-4.8.1-150400.10.12.1 updated - suse-module-tools-15.4.18-150400.3.14.1 updated - systemd-rpm-macros-14-150000.7.36.1 updated - systemd-sysvinit-249.16-150400.8.35.5 updated - systemd-249.16-150400.8.35.5 updated - udev-249.16-150400.8.35.5 updated - vim-data-common-9.0.1894-150000.5.54.1 updated - vim-9.0.1894-150000.5.54.1 updated - xen-libs-4.16.5_06-150400.4.37.1 updated - xen-tools-domU-4.16.5_06-150400.4.37.1 updated - zypper-1.14.64-150400.3.32.1 updated - samba-libs-4.15.13+git.663.9c654e06cdb-150400.3.28.1 removed From sle-updates at lists.suse.com Mon Oct 30 08:01:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Oct 2023 09:01:17 +0100 (CET) Subject: SUSE-IU-2023:776-1: Security update of sles-15-sp4-chost-byos-v20231027-arm64 Message-ID: <20231030080117.A311BF417@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp4-chost-byos-v20231027-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:776-1 Image Tags : sles-15-sp4-chost-byos-v20231027-arm64:20231027 Image Release : Severity : important Type : security References : 1023051 1107342 1120059 1177719 1188885 1193629 1194869 1201066 1201300 1202845 1205462 1205767 1206480 1206684 1208902 1208949 1209233 1209284 1209799 1210048 1210335 1210448 1210557 1211078 1211427 1212091 1212101 1212142 1212475 1212526 1212857 1212873 1213026 1213123 1213428 1213546 1213580 1213601 1213666 1213757 1213759 1213808 1213854 1213915 1213916 1213921 1213927 1213940 1213946 1213968 1213970 1213971 1214000 1214019 1214052 1214120 1214149 1214180 1214238 1214285 1214292 1214297 1214299 1214350 1214368 1214370 1214371 1214372 1214380 1214386 1214392 1214393 1214395 1214397 1214428 1214451 1214460 1214635 1214659 1214661 1214729 1214742 1214743 1214756 1214806 1214922 1214924 1214925 1214928 1214940 1214941 1214942 1214943 1214944 1214950 1214951 1214954 1214957 1214986 1214988 1214992 1214993 1215004 1215006 1215007 1215033 1215215 1215286 1215313 1215322 1215323 1215434 1215522 1215523 1215552 1215553 1215713 1215744 1215746 1215747 1215748 1215877 1215888 1215889 1215891 1215894 1215895 1215896 1215904 1215905 1215908 1215911 1215915 1215916 1215935 1215936 1215968 1216123 1216174 1216268 1216378 CVE-2023-1192 CVE-2023-1206 CVE-2023-1829 CVE-2023-1859 CVE-2023-2007 CVE-2023-20588 CVE-2023-2177 CVE-2023-22652 CVE-2023-23559 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 CVE-2023-34319 CVE-2023-34323 CVE-2023-34325 CVE-2023-34326 CVE-2023-34327 CVE-2023-34328 CVE-2023-35945 CVE-2023-3610 CVE-2023-37453 CVE-2023-3772 CVE-2023-38545 CVE-2023-38546 CVE-2023-3863 CVE-2023-39192 CVE-2023-39193 CVE-2023-39194 CVE-2023-4039 CVE-2023-4091 CVE-2023-4128 CVE-2023-4133 CVE-2023-4134 CVE-2023-4147 CVE-2023-4154 CVE-2023-4155 CVE-2023-4194 CVE-2023-42669 CVE-2023-4273 CVE-2023-42753 CVE-2023-42754 CVE-2023-43804 CVE-2023-4387 CVE-2023-4389 CVE-2023-44487 CVE-2023-4459 CVE-2023-4563 CVE-2023-4569 CVE-2023-45853 CVE-2023-4622 CVE-2023-46228 CVE-2023-4623 CVE-2023-4641 CVE-2023-4692 CVE-2023-4693 CVE-2023-4733 CVE-2023-4734 CVE-2023-4735 CVE-2023-4738 CVE-2023-4752 CVE-2023-4781 CVE-2023-4813 CVE-2023-4881 CVE-2023-4921 CVE-2023-5345 ----------------------------------------------------------------- The container sles-15-sp4-chost-byos-v20231027-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3951-1 Released: Tue Oct 3 19:37:46 2023 Summary: Recommended update for python3-jmespath, python3-ply Type: recommended Severity: moderate References: 1209233 This update for python3-jmespath and python3-ply fixes the following issue: - the packages are required as dependencies for python3-salt, and were missing on aarch64 based SLE Micro flavors so far. There are no functional changes. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3952-1 Released: Tue Oct 3 20:06:23 2023 Summary: Security update for runc Type: security Severity: important References: 1212475 This update of runc fixes the following issues: - Update to runc v1.1.8. Upstream changelog is available from . - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3955-1 Released: Tue Oct 3 21:27:58 2023 Summary: Security update for vim Type: security Severity: important References: 1214922,1214924,1214925,1215004,1215006,1215033,CVE-2023-4733,CVE-2023-4734,CVE-2023-4735,CVE-2023-4738,CVE-2023-4752,CVE-2023-4781 This update for vim fixes the following issues: Security fixes: - CVE-2023-4733: Fixed use-after-free in function buflist_altfpos (bsc#1215004). - CVE-2023-4734: Fixed segmentation fault in function f_fullcommand (bsc#1214925). - CVE-2023-4735: Fixed out of bounds write in ops.c (bsc#1214924). - CVE-2023-4738: Fixed heap buffer overflow in vim_regsub_both (bsc#1214922). - CVE-2023-4752: Fixed heap use-after-free in function ins_compl_get_exp (bsc#1215006). - CVE-2023-4781: Fixed heap buffer overflow in function vim_regsub_both (bsc#1215033). Other fixes: - Update to version 9.0 with patch level 1894, for the complete list of changes see https://github.com/vim/vim/compare/v9.0.1443...v9.0.1894 - Use app icons generated from vimlogo.eps in the source tarball; add higher resolution icons of sizes 128x128, 256x256, and 512x512 as png sources ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3969-1 Released: Wed Oct 4 14:05:43 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1023051,1120059,1177719,1188885,1193629,1194869,1205462,1208902,1208949,1209284,1209799,1210048,1210448,1212091,1212142,1212526,1212857,1212873,1213026,1213123,1213546,1213580,1213601,1213666,1213757,1213759,1213916,1213921,1213927,1213946,1213968,1213970,1213971,1214000,1214019,1214120,1214149,1214180,1214238,1214285,1214297,1214299,1214350,1214368,1214370,1214371,1214372,1214380,1214386,1214392,1214393,1214397,1214428,1214451,1214635,1214659,1214661,1214729,1214742,1214743,1214756,1215522,1215523,1215552,1215553,CVE-2023-2007,CVE-2023-20588,CVE-2023-34319,CVE-2023-3610,CVE-2023-37453,CVE-2023-3772,CVE-2023-3863,CVE-2023-4128,CVE-2023-4133,CVE-2023-4134,CVE-2023-4147,CVE-2023-4194,CVE-2023-4273,CVE-2023-4387,CVE-2023-4459,CVE-2023-4569 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448). - CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927). - CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546). - CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580). - CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123). - CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666). - CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). - CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149). - CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970). - CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971). - CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968). - CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019). - CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120). - CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350). - CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451). - CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c (bsc#1214729). The following non-security bugs were fixed: - Drop amdgpu patch causing spamming (bsc#1215523) - acpi: processor: perflib: avoid updating frequency qos unnecessarily (git-fixes). - acpi: processor: perflib: use the 'no limit' frequency qos (git-fixes). - acpi: x86: s2idle: fix a logic error parsing amd constraints table (git-fixes). - alsa: ac97: fix possible error value of *rac97 (git-fixes). - alsa: hda/cs8409: support new dell dolphin variants (git-fixes). - alsa: hda/realtek - remodified 3k pull low procedure (git-fixes). - alsa: hda/realtek: add quirk for hp victus 16-d1xxx to enable mute led (git-fixes). - alsa: hda/realtek: add quirk for mute leds on hp envy x360 15-eu0xxx (git-fixes). - alsa: hda/realtek: add quirks for hp g11 laptops (git-fixes). - alsa: hda/realtek: switch dell oasis models to use spi (git-fixes). - alsa: pcm: fix missing fixup call in compat hw_refine ioctl (git-fixes). - alsa: usb-audio: add support for mythware xa001au capture and playback interfaces (git-fixes). - alsa: usb-audio: fix init call orders for uac1 (git-fixes). - alsa: ymfpci: fix the missing snd_card_free() call at probe error (git-fixes). - amba: bus: fix refcount leak (git-fixes). - arm64: dts: imx8mn-var-som: add missing pull-up for onboard phy reset pinmux (git-fixes). - arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (git-fixes). - arm64: dts: rockchip: disable hs400 for emmc on rock pi 4 (git-fixes). - arm: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix usb related warnings (git-fixes). - arm: dts: imx6sll: fixup of operating points (git-fixes). - arm: spear: do not use timer namespace for timer_shutdown() function (bsc#1213970). - asoc: lower 'no backend dais enabled for ... port' log severity (git-fixes). - asoc: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes). - asoc: rt5665: add missed regulator_bulk_disable (git-fixes). - asoc: sof: intel: fix soundwire/hdaudio mutual exclusion (git-fixes). - asoc: stac9766: fix build errors with regmap_ac97 (git-fixes). - asoc: tegra: fix sfc conversion for few rates (git-fixes). - audit: fix possible soft lockup in __audit_inode_child() (git-fixes). - backlight/bd6107: compare against struct fb_info.device (git-fixes). - backlight/gpio_backlight: compare against struct fb_info.device (git-fixes). - backlight/lv5207lp: compare against struct fb_info.device (git-fixes). - batman-adv: do not get eth header before batadv_check_management_packet (git-fixes). - batman-adv: do not increase mtu when set by user (git-fixes). - batman-adv: fix batadv_v_ogm_aggr_send memory leak (git-fixes). - batman-adv: fix tt global entry leak when client roamed back (git-fixes). - batman-adv: trigger events for auto adjusted mtu (git-fixes). - bluetooth: btusb: add mt7922 bluetooth id for the asus ally (git-fixes). - bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - bluetooth: fix potential use-after-free when clear keys (git-fixes). - bluetooth: l2cap: fix use-after-free (git-fixes). - bluetooth: l2cap: fix use-after-free in l2cap_sock_ready_cb (git-fixes). - bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git-fixes). - bluetooth: remove unused declaration amp_read_loc_info() (git-fixes). - bnx2x: fix page fault following eeh recovery (bsc#1214299). - bpf: disable preemption in bpf_event_output (git-fixes). - bus: ti-sysc: fix build warning for 64-bit build (git-fixes). - bus: ti-sysc: fix cast to enum warning (git-fixes). - bus: ti-sysc: flush posted write on enable before reset (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): count rx overflow errors also in case of oom (git-fixes). - ceph: defer stopping mdsc delayed_work (bsc#1214392). - ceph: do not check for quotas on mds stray dirs (bsc#1214238). - ceph: never send metrics if disable_send_metrics is set (bsc#1214180). - check-for-config-changes: ignore builtin_return_address_strips_pac (bsc#1214380). gcc7 on sle 15 does not support this while later gcc does. - cifs: add missing return value check for cifs_sb_tlink (bsc#1193629). - cifs: allow dumping keys for directories too (bsc#1193629). - cifs: fix mid leak during reconnection after timeout threshold (git-fixes). - cifs: if deferred close is disabled then close files immediately (git-fixes). - cifs: is_network_name_deleted should return a bool (bsc#1193629). - cifs: update internal module version number for cifs.ko (bsc#1193629). - clk: fix slab-out-of-bounds error in devm_clk_release() (git-fixes). - clk: fix undefined reference to `clk_rate_exclusive_{get,put}' (git-fixes). - clk: imx8mp: fix sai4 clock (git-fixes). - clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op (git-fixes). - clk: imx: pll14xx: dynamically configure pll for 393216000/361267200hz (git-fixes). - clk: qcom: camcc-sc7180: fix async resume during probe (git-fixes). - clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (git-fixes). - clk: qcom: gcc-sc7180: fix up gcc_sdcc2_apps_clk_src (git-fixes). - clk: qcom: gcc-sm8250: fix gcc_sdcc2_apps_clk_src (git-fixes). - clk: sunxi-ng: modify mismatched function name (git-fixes). - clocksource/drivers/arm_arch_timer: do not use timer namespace for timer_shutdown() function (bsc#1213970). - clocksource/drivers/sp804: do not use timer namespace for timer_shutdown() function (bsc#1213970). - config_nvme_verbose_errors=y gone with a82baa8083b - config_printk_safe_log_buf_shift=13 gone with 7e152d55123 - cpu/smt: allow enabling partial smt states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: move smt prototypes into cpu_smt.h (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: move smt/control simple exit cases earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: remove topology_smt_supported() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: store the current/max number of threads (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpufreq: fix the race condition while updating the transition_task of policy (git-fixes). - cpufreq: intel_pstate: adjust balance_performance epp for sapphire rapids (bsc#1214659). - cpufreq: intel_pstate: enable hwp io boost for all servers (bsc#1208949 jsc#ped-6003 jsc#ped-6004). - cpufreq: intel_pstate: fix scaling for hybrid-capable systems with disabled e-cores (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - cpufreq: intel_pstate: hybrid: rework hwp calibration (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - cpufreq: intel_pstate: hybrid: use known scaling factor for p-cores (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - cpufreq: intel_pstate: read all msrs on the target cpu (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - created new preempt kernel flavor configs are cloned from the respective $arch/default configs. all changed configs appart from config_preempt->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. tree_rcu has been also changed to preempt_rcu which is the default implementation for preempt kernel. - crypto: caam - fix unchecked return value error (git-fixes). - crypto: stm32 - properly handle pm_runtime_get failing (git-fixes). - dma-buf/sw_sync: avoid recursive lock during fence signal (git-fixes). - dma-buf/sync_file: fix docs syntax (git-fixes). - dmaengine: idxd: modify the dependence of attribute pasid_enabled (git-fixes). - dmaengine: mcf-edma: fix a potential un-allocated memory access (git-fixes). - dmaengine: pl330: return dma_paused when transaction is paused (git-fixes). - dmaengine: ste_dma40: add missing irq check in d40_probe (git-fixes). - docs/process/howto: replace c89 with c11 (bsc#1214756). - docs: kernel-parameters: refer to the correct bitmap function (git-fixes). - docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx (git-fixes). - docs: printk-formats: fix hex printing of signed values (git-fixes). - documentation: devices.txt: fix minors for ttycpm* (git-fixes). - documentation: devices.txt: remove ttyioc* (git-fixes). - documentation: devices.txt: remove ttysioc* (git-fixes). - driver core: test_async: fix an error code (git-fixes). - drivers: clk: keystone: fix parameter judgment in _of_pll_clk_init() (git-fixes). - drivers: usb: smsusb: fix error handling code in smsusb_init_device (git-fixes). - drm/amd/display: check attr flag before set cursor degamma on dcn3+ (git-fixes). - drm/amd/display: check tg is non-null before checking if enabled (git-fixes). - drm/amd/display: do not wait for mpc idle if tg is disabled (git-fixes). - drm/amd/display: fix access hdcp_workqueue assert (git-fixes). - drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes). - drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes). - drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create() (git-fixes). - drm/amd: flush any delayed gfxoff on suspend entry (git-fixes). - drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() (git-fixes). - drm/amdgpu: fix potential fence use-after-free v2 (git-fixes). - drm/amdgpu: install stub fence into potential unused fence pointers (git-fixes). - drm/amdgpu: use rmw accessors for changing lnkctl (git-fixes). - drm/armada: fix off-by-one error in armada_overlay_get_property() (git-fixes). - drm/ast: fix dram init on ast2200 (git-fixes). - drm/bridge: anx7625: drop device lock before drm_helper_hpd_irq_event() (git-fixes). - drm/bridge: fix -wunused-const-variable= warning (git-fixes). - drm/bridge: tc358764: fix debug print parameter order (git-fixes). - drm/etnaviv: fix dumping of active mmu context (git-fixes). - drm/mediatek: fix dereference before null check (git-fixes). - drm/mediatek: fix potential memory leak if vmap() fail (git-fixes). - drm/msm/a2xx: call adreno_gpu_init() earlier (git-fixes). - drm/msm/mdp5: do not leak some plane state (git-fixes). - drm/nouveau/disp: revert a null check inside nouveau_connector_get_modes (git-fixes). - drm/nouveau/gr: enable memory loads on helper invocation on all channels (git-fixes). - drm/panel: simple: add missing connector type and pixel format for auo t215hvn01 (git-fixes). - drm/panel: simple: fix auo g121ean01 panel timings according to the docs (git-fixes). - drm/qxl: fix uaf on handle creation (git-fixes). - drm/radeon: use rmw accessors for changing lnkctl (git-fixes). - drm/rockchip: do not spam logs in atomic check (git-fixes). - drm/shmem-helper: reset vma->vm_ops before calling dma_buf_mmap() (git-fixes). - drm/tegra: dpaux: fix incorrect return value of platform_get_irq (git-fixes). - drm/ttm: check null pointer before accessing when swapping (git-fixes). - drm/ttm: never consider pinned bos for eviction&swap (git-fixes). - drm/vmwgfx: fix shader stage validation (git-fixes). - drm: xlnx: zynqmp_dpsub: add missing check for dma_set_mask (git-fixes). - drop cfg80211 lock fix patches that caused a regression (bsc#1213757) - drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428) - dt-bindings: clock: xlnx,versal-clk: drop select:false (git-fixes). - dt-bindings: clocks: imx8mp: make sai4 a dummy clock (git-fixes). - dt-bindings: crypto: ti,sa2ul: make power-domains conditional (git-fixes). - e1000: fix typos in comments (jsc#ped-5738). - e1000: remove unnecessary use of kmap_atomic() (jsc#ped-5738). - e1000: switch to napi_build_skb() (jsc#ped-5738). - e1000: switch to napi_consume_skb() (jsc#ped-5738). - enable analog devices industrial ethernet phy driver (jsc#ped-4759) - exfat: fix unexpected eof while reading dir (bsc#1214000). - exfat: release s_lock before calling dir_emit() (bsc#1214000). - exfat_iterate(): do not open-code file_inode(file) (bsc#1214000). - fbdev/ep93xx-fb: do not assign to struct fb_info.dev (git-fixes). - fbdev: fix potential oob read in fast_imageblit() (git-fixes). - fbdev: fix sys_imageblit() for arbitrary image widths (git-fixes). - fbdev: improve performance of sys_imageblit() (git-fixes). - fbdev: mmp: fix value check in mmphw_probe() (git-fixes). - file: reinstate f_pos locking optimization for regular files (bsc#1213759). - firmware: arm_scmi: drop of node reference in the transport channel setup (git-fixes). - firmware: cs_dsp: fix new control name check (git-fixes). - firmware: meson_sm: fix to avoid potential null pointer dereference (git-fixes). - firmware: stratix10-svc: fix an null vs is_err() bug in probe (git-fixes). - fs/sysv: null check to prevent null-ptr-deref bug (git-fixes). - ftrace: fix possible warning on checking all pages used in ftrace_process_locs() (git-fixes). - gpio: mvebu: fix irq domain leak (git-fixes). - gpio: mvebu: make use of devm_pwmchip_add (git-fixes). - gpio: tps68470: make tps68470_gpio_output() always set the initial value (git-fixes). - hid: add quirk for 03f0:464a hp elite presenter mouse (git-fixes). - hid: logitech-dj: fix error handling in logi_dj_recv_switch_to_dj_mode() (git-fixes). - hid: logitech-hidpp: add usb and bluetooth ids for the logitech g915 tkl keyboard (git-fixes). - hid: multitouch: correct devm device reference for hidinput input_dev name (git-fixes). - hid: wacom: remove the battery when the ekr is off (git-fixes). - hwmon: (pmbus/bel-pfe) enable pmbus_skip_status_check for pfe1100 (git-fixes). - hwmon: (tmp513) fix the channel number in tmp51x_is_visible() (git-fixes). - hwpoison: offline support: fix spelling in documentation/abi/ (git-fixes). - hwrng: iproc-rng200 - implement suspend and resume calls (git-fixes). - hwrng: nomadik - keep clock enabled while hwrng is registered (git-fixes). - hwrng: pic32 - use devm_clk_get_enabled (git-fixes). - i2c: bcm-iproc: fix bcm_iproc_i2c_isr deadlock issue (git-fixes). - i2c: designware: correct length byte validation logic (git-fixes). - i2c: designware: handle invalid smbus block data response length value (git-fixes). - i2c: hisi: only handle the interrupt of the driver's transfer (git-fixes). - i2c: improve size determinations (git-fixes). - i2c: nomadik: remove a useless call in the remove function (git-fixes). - i2c: nomadik: remove unnecessary goto label (git-fixes). - i2c: nomadik: use devm_clk_get_enabled() (git-fixes). - i40e: fix an null vs is_err() bug for debugfs_create_dir() (git-fixes). - iavf: fix potential races for fdir filters (git-fixes). - ib/hfi1: fix possible panic during hotplug remove (git-fixes) - ib/uverbs: fix an potential error pointer dereference (git-fixes) - ice: fix max_rate check while configuring tx rate limits (git-fixes). - ice: fix memory management in ice_ethtool_fdir.c (git-fixes). - ice: fix rdma vsi removal during queue rebuild (git-fixes). - iio: adc: ina2xx: avoid null pointer dereference on of device match (git-fixes). - iio: adc: stx104: implement and utilize register structures (git-fixes). - iio: adc: stx104: utilize iomap interface (git-fixes). - iio: cros_ec: fix the allocation size for cros_ec_command (git-fixes). - input: exc3000 - properly stop timer on shutdown (git-fixes). - intel/e1000:fix repeated words in comments (jsc#ped-5738). - intel: remove unused macros (jsc#ped-5738). - iommu/amd: add pci segment support for ivrs_ commands (git-fixes). - iommu/amd: fix compile warning in init code (git-fixes). - iommu/amd: fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (git-fixes). - iommu/amd: fix ivrs_acpihid cmdline parsing code (git-fixes). - iommu/amd: fix pci device refcount leak in ppr_notifier() (git-fixes). - iommu/amd: use full 64-bit value in build_completion_wait() (git-fixes). - iommu/arm-smmu-v3: check return value after calling platform_get_resource() (git-fixes). - iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes). - iommu/arm-smmu-v3: make default domain type of hisilicon ptt device to identity (git-fixes). - iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (git-fixes). - iommu/dart: initialize dart_streams_enable (git-fixes). - iommu/dma: fix incorrect error return on iommu deferred attach (git-fixes). - iommu/dma: fix iova map result check bug (git-fixes). - iommu/dma: return error code from iommu_dma_map_sg() (git-fixes). - iommu/fsl_pamu: fix resource leak in fsl_pamu_probe() (git-fixes). - iommu/io-pgtable-arm-v7s: add a quirk to allow pgtable pa up to 35bit (git-fixes). - iommu/iova: fix module config properly (git-fixes). - iommu/omap: fix buffer overflow in debugfs (git-fixes). - iommu/rockchip: fix permission bits in page table entries v2 (git-fixes). - iommu/sun50i: consider all fault sources for reset (git-fixes). - iommu/sun50i: fix flush size (git-fixes). - iommu/sun50i: fix r/w permission check (git-fixes). - iommu/sun50i: fix reset release (git-fixes). - iommu/sun50i: implement .iotlb_sync_map (git-fixes). - iommu/sun50i: remove iommu_domain_identity (git-fixes). - iommu/vt-d: add rpls to quirk list to skip te disabling (git-fixes). - iommu/vt-d: check correct capability for sagaw determination (git-fixes). - iommu/vt-d: clean up si_domain in the init_dmars() error path (git-fixes). - iommu/vt-d: correctly calculate sagaw value of iommu (git-fixes). - iommu/vt-d: fix kdump kernels boot failure with scalable mode (git-fixes). - iommu/vt-d: fix pci device refcount leak in dmar_dev_scope_init() (git-fixes). - iommu/vt-d: fix pci device refcount leak in has_external_pci() (git-fixes). - iommu/vt-d: preset access bit for iova in fl non-leaf paging entries (git-fixes). - iommu/vt-d: set sre bit only when hardware has srs cap (git-fixes). - ipmi:ssif: add check for kstrdup (git-fixes). - ipmi:ssif: fix a memory leak when scanning for an adapter (git-fixes). - ipmi_si: fix a memleak in try_smi_init() (git-fixes). - jffs2: correct logic when creating a hole in jffs2_write_begin (git-fixes). - kabi/severities: ignore newly added srso mitigation functions - kabi: allow extra bugsints (bsc#1213927). - kbuild: add -wno-shift-negative-value where -wextra is used (bsc#1214756). - kbuild: move to -std=gnu11 (bsc#1214756). - kernel-binary: common dependencies cleanup common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there. - kernel-binary: drop code for kerntypes support kerntypes was a suse-specific feature dropped before sle 12. - kunit: make kunit_test_timeout compatible with comment (git-fixes). - kvm: s390: fix sthyi error handling (git-fixes bsc#1214370). - leds: fix bug_on check for led_color_id_multi that is always false (git-fixes). - leds: multicolor: use rounded division when calculating color components (git-fixes). - leds: pwm: fix error code in led_pwm_create_fwnode() (git-fixes). - leds: trigger: tty: do not use led_on/off constants, use led_blink_set_oneshot instead (git-fixes). - leds: turris-omnia: drop unnecessary mutex locking (git-fixes). - lib/test_meminit: allocate pages up to order max_order (git-fixes). - lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test (git-fixes). - libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393). - md/raid0: factor out helper for mapping and submitting a bio (bsc#1213916). - md/raid0: fix performance regression for large sequential writes (bsc#1213916). - media: ad5820: drop unsupported ad5823 from i2c_ and of_device_id tables (git-fixes). - media: cx24120: add retval check for cx24120_message_send() (git-fixes). - media: dib7000p: fix potential division by zero (git-fixes). - media: dvb-usb: m920x: fix a potential memory leak in m920x_i2c_xfer() (git-fixes). - media: go7007: remove redundant if statement (git-fixes). - media: i2c: ccs: check rules is non-null (git-fixes). - media: i2c: rdacm21: fix uninitialized value (git-fixes). - media: i2c: tvp5150: check return value of devm_kasprintf() (git-fixes). - media: ov2680: add ov2680_fill_format() helper function (git-fixes). - media: ov2680: do not take the lock for try_fmt calls (git-fixes). - media: ov2680: fix ov2680_bayer_order() (git-fixes). - media: ov2680: fix ov2680_set_fmt() which == v4l2_subdev_format_try not working (git-fixes). - media: ov2680: fix regulators being left enabled on ov2680_power_on() errors (git-fixes). - media: ov2680: fix vflip / hflip set functions (git-fixes). - media: ov2680: remove video_v4l2_subdev_api ifdef-s (git-fixes). - media: ov5640: enable mipi interface in ov5640_set_power_mipi() (git-fixes). - media: rkvdec: increase max supported height for h.264 (git-fixes). - media: v4l2-core: fix a potential resource leak in v4l2_fwnode_parse_link() (git-fixes). - media: v4l2-mem2mem: add lock to protect parameter num_rdy (git-fixes). - media: venus: hfi_venus: only consider sys_idle_indicator on v1 (git-fixes). - media: venus: hfi_venus: write to vidc_ctrl_init after unmasking interrupts (git-fixes). - misc: rtsx: judge aspm mode to set petxcfg reg (git-fixes). - mkspec: allow unsupported kmps (bsc#1214386) - mlxsw: pci: add shutdown method in pci driver (git-fixes). - mmc: block: fix in_flight[issue_type] value error (git-fixes). - mmc: moxart: read scr register without changing byte order (git-fixes). - mmc: wbsd: fix double mmc_free_host() in wbsd_init() (git-fixes). - module: avoid allocation if module is already present and ready (bsc#1213921). - module: extract patient module check into helper (bsc#1213921). - module: move check_modinfo() early to early_mod_check() (bsc#1213921). - module: move early sanity checks into a helper (bsc#1213921). - move upstreamed hid patch into sorted section - move upstreamed powerpc patches into sorted section - mtd: rawnand: brcmnand: fix crash during the panic_write (git-fixes). - mtd: rawnand: brcmnand: fix mtd oobsize (git-fixes). - mtd: rawnand: brcmnand: fix potential false time out warning (git-fixes). - mtd: rawnand: brcmnand: fix potential out-of-bounds access in oob write (git-fixes). - mtd: rawnand: fsl_upm: fix an off-by one test in fun_exec_op() (git-fixes). - mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() (git-fixes). - mtd: rawnand: omap_elm: fix incorrect type in assignment (git-fixes). - mtd: rawnand: rockchip: align hwecc vs. raw page helper layouts (git-fixes). - mtd: rawnand: rockchip: fix oobfree offset and description (git-fixes). - mtd: spi-nor: check bus width while setting qe bit (git-fixes). - mtd: spinand: toshiba: fix ecc_get_status (git-fixes). - n_tty: rename tail to old_tail in n_tty_read() (git-fixes). - net: hns3: fix wrong bw weight of disabled tc issue (git-fixes). - net: ieee802154: at86rf230: stop leaking skb's (git-fixes). - net: mana: fix mana vf unload when hardware is unresponsive (git-fixes). - net: phy: at803x: remove set/get wol callbacks for ar8032 (git-fixes). - net: phy: broadcom: stub c45 read/write for 54810 (git-fixes). - net: phy: fix irq-based wake-on-lan over hibernate / power off (git-fixes). - net: usb: lan78xx: reorder cleanup operations to avoid uaf bugs (git-fixes). - net: usbnet: fix warning in usbnet_start_xmit/usb_submit_urb (git-fixes). - netfs: fix lockdep warning from taking sb_writers whilst holding mmap_lock (bsc#1214742). - netfs: fix missing xas_retry() calls in xarray iteration (bsc#1213946). - netfs: fix parameter of cleanup() (bsc#1214743). - nfsd: remove incorrect check in nfsd4_validate_stateid (git-fixes). - nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (git-fixes). - nilfs2: fix warning in mark_buffer_dirty due to discarded buffer reuse (git-fixes). - nvme-rdma: fix potential unbalanced freeze & unfreeze (bsc#1208902). - nvme-tcp: fix potential unbalanced freeze & unfreeze (bsc#1208902). - objtool/x86: fix srso mess (git-fixes). - objtool/x86: fixup frame-pointer vs rethunk (git-fixes). - objtool: union instruction::{call_dest,jump_table} (git-fixes). - old-flavors: drop 2.6 kernels. 2.6 based kernels are eol, upgrading from them is no longer suported. - pci/aspm: avoid link retraining race (git-fixes). - pci/aspm: factor out pcie_wait_for_retrain() (git-fixes). - pci/aspm: return 0 or -etimedout from pcie_retrain_link() (git-fixes). - pci: acpiphp: reassign resources on bridge if necessary (git-fixes). - pci: acpiphp: use pci_assign_unassigned_bridge_resources() only for non-root bus (git-fixes). - pci: mark nvidia t4 gpus to avoid bus reset (git-fixes). - pci: meson: remove cast between incompatible function type (git-fixes). - pci: microchip: correct the ded and sec interrupt bit offsets (git-fixes). - pci: microchip: remove cast between incompatible function type (git-fixes). - pci: pciehp: use rmw accessors for changing lnkctl (git-fixes). - pci: rockchip: remove writes to unused registers (git-fixes). - pci: s390: fix use-after-free of pci resources with per-function hotplug (git-fixes). - pci: tegra194: fix possible array out of bounds access (git-fixes). - pcmcia: rsrc_nonstatic: fix memory leak in nonstatic_release_resource_db() (git-fixes). - phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write (git-fixes). - phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate (git-fixes). - phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 (git-fixes). - phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend (git-fixes). - phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes). - phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc (git-fixes). - phy: qcom-snps: use dev_err_probe() to simplify code (git-fixes). - pinctrl: cherryview: fix address_space_handler() argument (git-fixes). - pinctrl: mcp23s08: check return value of devm_kasprintf() (git-fixes). - pinctrl: renesas: rza2: add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function} (git-fixes). - platform/x86: dell-sysman: fix reference leak (git-fixes). - pm / devfreq: fix leak in devfreq_dev_release() (git-fixes). - powerpc/64e: fix kexec build error (bsc#1212091 ltc#199106). - powerpc/iommu: do not set failed sg dma_address to dma_mapping_error (bsc#1212091 ltc#199106). - powerpc/iommu: fix iommu_table_in_use for a small default dma window case (bsc#1212091 ltc#199106). - powerpc/iommu: incorrect ddw table is referenced for sr-iov device (bsc#1212091 ltc#199106). - powerpc/iommu: return error code from .map_sg() ops (bsc#1212091 ltc#199106). - powerpc/iommu: tces are incorrectly manipulated with dlpar add/remove of memory (bsc#1212091 ltc#199106). - powerpc/kernel/iommu: add new iommu_table_in_use() helper (bsc#1212091 ltc#199106). - powerpc/kexec: fix build failure from uninitialised variable (bsc#1212091 ltc#199106). - powerpc/mm/altmap: fix altmap boundary check (bsc#1120059 git-fixes). - powerpc/pseries/ddw: do not try direct mapping with persistent memory and one window (bsc#1212091 ltc#199106). - powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: add ddw_list_new_entry() helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: add ddw_property_create() and refactor enable_ddw() (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: add iommu_pseries_alloc_table() helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: add of_node_put() before break (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: allow ddw windows starting at 0x00 (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: check if the default window in use before removing it (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: create huge dma window if no mmio32 is present (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: find existing ddw with given property name (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: make use of ddw for indirect mapping (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: print ibm,query-pe-dma-windows parameters (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: rename 'direct window' to 'dma window' (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: reorganize iommu_table_setparms*() with new helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: replace hard-coded page shift (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: update remove_dma_window() to accept property name (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: use correct vfree for it_map (bsc#1212091 ltc#199106). - powerpc/pseries: add __init attribute to eligible functions (bsc#1212091 ltc#199106). - powerpc/pseries: honour current smt state when dlpar onlining cpus (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - powerpc/pseries: initialise cpu hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - powerpc/rtas: block error injection when locked down (bsc#1023051). - powerpc/rtas: enture rtas_call is called with mmu enabled (bsc#1023051). - powerpc/rtas_flash: allow user copy to flash block cache objects (bsc#1194869). - powerpc/security: fix speculation_store_bypass reporting on power10 (bsc#1188885 ltc#193722 git-fixes). - powerpc: add hotplug_smt support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). update config files. - powerpc: fix typos in comments (bsc#1212091 ltc#199106). - powerpc: move dma64_propname define to a header (bsc#1214297 ltc#197503). - pseries/iommu/ddw: fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503). - pstore/ram: check start of empty przs during init (git-fixes). - pwm: add a stub for devm_pwmchip_add() (git-fixes). - pwm: meson: fix handling of period/duty if greater than uint_max (git-fixes). - pwm: meson: simplify duplicated per-channel tracking (git-fixes). - qed: fix scheduling in a tasklet while getting stats (git-fixes). - rdma/bnxt_re: fix error handling in probe failure path (git-fixes) - rdma/bnxt_re: fix max_qp count for virtual functions (git-fixes) - rdma/efa: fix wrong resources deallocation order (git-fixes) - rdma/hns: fix cq and qp cache affinity (git-fixes) - rdma/hns: fix incorrect post-send with direct wqe of wr-list (git-fixes) - rdma/hns: fix port active speed (git-fixes) - rdma/irdma: prevent zero-length stag registration (git-fixes) - rdma/irdma: replace one-element array with flexible-array member (git-fixes) - rdma/mlx5: return the firmware result upon destroying qp/rq (git-fixes) - rdma/qedr: remove a duplicate assignment in irdma_query_ah() (git-fixes) - rdma/siw: balance the reference of cep->kref in the error path (git-fixes) - rdma/siw: correct wrong debug message (git-fixes) - rdma/umem: set iova in odp flow (git-fixes) - readme.branch: add miroslav franc as a sle15-sp4 co-maintainer. - regmap: rbtree: use alloc_flags for memory allocations (git-fixes). - revert 'ib/isert: fix incorrect release of isert connection' (git-fixes) - revert 'tracing: add '(fault)' name injection to kernel probes' (git-fixes). - ring-buffer: do not swap cpu_buffer during resize process (git-fixes). - ring-buffer: fix deadloop issue on reading trace_pipe (git-fixes). - ring-buffer: fix wrong stat of cpu_buffer->read (git-fixes). - rpmsg: glink: add check for kstrdup (git-fixes). - s390/purgatory: disable branch profiling (git-fixes bsc#1214372). - sched/fair: fix inaccurate tally of ttwu_move_affine (git fixes). - sched/fair: use recent_used_cpu to test p->cpus_ptr (git fixes). - sched/psi: use kernfs polling functions for psi trigger polling (bsc#1209799). - scsi: bsg: increase number of devices (bsc#1210048). - scsi: core: do not wait for quiesce in scsi_device_block() (bsc#1209284). - scsi: core: do not wait for quiesce in scsi_stop_queue() (bsc#1209284). - scsi: core: improve warning message in scsi_device_block() (bsc#1209284). - scsi: core: merge scsi_internal_device_block() and device_block() (bsc#1209284). - scsi: rdma/srp: fix residual handling (git-fixes) - scsi: sg: increase number of devices (bsc#1210048). - scsi: storvsc: always set no_report_opcodes (git-fixes). - scsi: storvsc: fix handling of virtual fibre channel timeouts (git-fixes). - scsi: storvsc: handle srb status value 0x30 (git-fixes). - scsi: storvsc: limit max_sectors for virtual fibre channel devices (git-fixes). - scsi: zfcp: defer fc_rport blocking until after adisc response (git-fixes bsc#1214371). - selftests/futex: order calls to futex_lock_pi (git-fixes). - selftests/harness: actually report skip for signal tests (git-fixes). - selftests/resctrl: close perf value read fd on errors (git-fixes). - selftests/resctrl: do not leak buffer in fill_cache() (git-fixes). - selftests/resctrl: unmount resctrl fs if child fails to run benchmark (git-fixes). - selftests/rseq: check if libc rseq support is registered (git-fixes). - selftests: forwarding: add a helper to skip test when using veth pairs (git-fixes). - selftests: forwarding: ethtool: skip when using veth pairs (git-fixes). - selftests: forwarding: ethtool_extended_state: skip when using veth pairs (git-fixes). - selftests: forwarding: skip test when no interfaces are specified (git-fixes). - selftests: forwarding: switch off timeout (git-fixes). - selftests: forwarding: tc_actions: cleanup temporary files when test is aborted (git-fixes). - selftests: forwarding: tc_actions: use ncat instead of nc (git-fixes). - selftests: forwarding: tc_flower: relax success criterion (git-fixes). - selftests: mirror_gre_changes: tighten up the ttl test match (git-fixes). - serial: sc16is7xx: fix broken port 0 uart init (git-fixes). - serial: sc16is7xx: fix bug when first setting gpio direction (git-fixes). - serial: sprd: assign sprd_port after initialized to avoid wrong access (git-fixes). - serial: sprd: fix dma buffer leak issue (git-fixes). - serial: tegra: handle clk prepare error in tegra_uart_hw_init() (git-fixes). - sfc: fix crash when reading stats while nic is resetting (git-fixes). - smb3: do not send lease break acknowledgment if all file handles have been closed (git-fixes). - smb3: do not set ntlmssp_version flag for negotiate not auth request (bsc#1193629). - smb: client: fix -wstringop-overflow issues (bsc#1193629). - smb: client: fix dfs link mount against w2k8 (bsc#1212142). - smb: client: fix null auth (git-fixes). - soc: aspeed: socinfo: add kfree for kstrdup (git-fixes). - soundwire: bus: pm_runtime_request_resume on peripheral attachment (git-fixes). - soundwire: fix enumeration completion (git-fixes). - spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (git-fixes). - supported.conf: fix typos for -!optional markers - target: compare and write backend driver sense handling (bsc#1177719 bsc#1213026). - target_core_rbd: fix leak and reduce kmalloc calls (bsc#1212873). - target_core_rbd: fix rbd_img_request.snap_id assignment (bsc#1212857). - target_core_rbd: remove snapshot existence validation code (bsc#1212857). - thunderbolt: read retimer nvm authentication status prior tb_retimer_set_inbound_sbtx() (git-fixes). - timers: add shutdown mechanism to the internal functions (bsc#1213970). - timers: provide timer_shutdown[_sync]() (bsc#1213970). - timers: rename del_timer() to timer_delete() (bsc#1213970). - timers: rename del_timer_sync() to timer_delete_sync() (bsc#1213970). - timers: replace bug_on()s (bsc#1213970). - timers: silently ignore timers with a null function (bsc#1213970). - timers: split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970). - timers: update kernel-doc for various functions (bsc#1213970). - timers: use del_timer_sync() even on up (bsc#1213970). - tracing/histograms: add histograms to hist_vars if they have referenced variables (git-fixes). - tracing/histograms: return an error if we fail to add histogram to hist_vars list (git-fixes). - tracing/probes: fix not to count error code to total length (git-fixes). - tracing/probes: fix to avoid double count of the string length on the array (git-fixes). - tracing/probes: fix to record 0-length data_loc in fetch_store_string*() if fails (git-fixes). - tracing: fix cpu buffers unavailable due to 'record_disabled' missed (git-fixes). - tracing: fix memleak due to race between current_tracer and trace (git-fixes). - tracing: fix memory leak of iter->temp when reading trace_pipe (git-fixes). - tracing: fix null pointer dereference in tracing_err_log_open() (git-fixes). - tracing: fix warning in trace_buffered_event_disable() (git-fixes). - tty: fix hang on tty device with no_room set (git-fixes). - tty: n_gsm: fix the uaf caused by race condition in gsm_cleanup_mux (git-fixes). - tty: serial: fsl_lpuart: add i.mxrt1050 support (git-fixes). - tty: serial: fsl_lpuart: clear the error flags by writing 1 for lpuart32 platforms (git-fixes). - tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms (git-fixes). - tty: serial: fsl_lpuart: reduce rx watermark to 0 on ls1028a (git-fixes). - ubifs: fix memleak when insert_old_idx() failed (git-fixes). - update cpufreq-intel_pstate-fix-cpu-pstate.turbo_freq-initi (git-fixes bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - usb-storage: alauda: fix uninit-value in alauda_check_media() (git-fixes). - usb: chipidea: imx: add missing usb phy dpdm wakeup setting (git-fixes). - usb: chipidea: imx: do not request qos for imx8ulp (git-fixes). - usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 (git-fixes). - usb: common: usb-conn-gpio: prevent bailing out if initial role is none (git-fixes). - usb: dwc3: fix typos in gadget.c (git-fixes). - usb: dwc3: meson-g12a: do post init to fix broken usb after resumption (git-fixes). - usb: dwc3: properly handle processing of pending events (git-fixes). - usb: gadget: f_mass_storage: fix unused variable warning (git-fixes). - usb: gadget: fix the memory leak in raw_gadget driver (git-fixes). - usb: gadget: u_serial: avoid spinlock recursion in __gs_console_push (git-fixes). - usb: ohci-at91: fix the unhandle interrupt when resume (git-fixes). - usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (git-fixes). - usb: quirks: add quirk for focusrite scarlett (git-fixes). - usb: serial: option: add quectel ec200a module support (git-fixes). - usb: serial: option: support quectel em060k_128 (git-fixes). - usb: serial: simple: add kaufmann rks+can vcp (git-fixes). - usb: serial: simple: sort driver entries (git-fixes). - usb: typec: altmodes/displayport: signal hpd when configuring pin assignment (git-fixes). - usb: typec: tcpm: fix response to vsafe0v event (git-fixes). - usb: typec: tcpm: set initial svdm version based on pd revision (git-fixes). - usb: zaurus: add id for a-300/b-500/c-700 (git-fixes). - watchdog: sp5100_tco: support hygon fch/sch (server controller hub) (git-fixes). - wifi: ath10k: use rmw accessors for changing lnkctl (git-fixes). - wifi: ath11k: use rmw accessors for changing lnkctl (git-fixes). - wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx (git-fixes). - wifi: ath9k: protect wmi command response buffer replacement with a lock (git-fixes). - wifi: ath9k: use is_err() with debugfs_create_dir() (git-fixes). - wifi: cfg80211: fix return value in scan logic (git-fixes). - wifi: cfg80211: fix sband iftype data lookup for ap_vlan (git-fixes). - wifi: mt76: mt7615: do not advertise 5 ghz on first phy of mt7615d (dbdc) (git-fixes). - wifi: mt76: mt7915: fix power-limits while chan_switch (git-fixes). - wifi: mt76: mt7921: do not support one stream on secondary antenna only (git-fixes). - wifi: mt76: testmode: add nla_policy for mt76_tm_attr_tx_length (git-fixes). - wifi: mwifiex: avoid possible null skb pointer dereference (git-fixes). - wifi: mwifiex: fix error recovery in pcie buffer descriptor management (git-fixes). - wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (git-fixes). - wifi: mwifiex: fix missed return in oob checks failed path (git-fixes). - wifi: mwifiex: fix oob and integer underflow when rx packets (git-fixes). - wifi: nl80211/cfg80211: add forgotten nla_policy for bss color attribute (git-fixes). - wifi: radiotap: fix kernel-doc notation warnings (git-fixes). - wifi: rtw89: debug: fix error handling in rtw89_debug_priv_btc_manual_set() (git-fixes). - x86/alternative: make custom return thunk unconditional (git-fixes). - x86/cpu/amd: disable xsaves on amd family 0x17 (git-fixes). - x86/cpu/kvm: provide untrain_ret_vm (git-fixes). - x86/cpu: clean up srso return thunk mess (git-fixes). - x86/cpu: cleanup the untrain mess (git-fixes). - x86/cpu: fix __x86_return_thunk symbol type (git-fixes). - x86/cpu: fix up srso_safe_ret() and __x86_return_thunk() (git-fixes). - x86/cpu: rename original retbleed methods (git-fixes). - x86/cpu: rename srso_(.*)_alias to srso_alias_\1 (git-fixes). - x86/mce: make sure logged mces are processed after sysfs update (git-fixes). - x86/retpoline,kprobes: fix position of thunk sections with config_lto_clang (git-fixes). - x86/retpoline,kprobes: skip optprobe check for indirect jumps with retpolines and ibt (git-fixes). - x86/retpoline: do not clobber rflags during srso_safe_ret() (git-fixes). - x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635). - x86/speculation: add cpu_show_gds() prototype (git-fixes). - x86/speculation: mark all skylake cpus as vulnerable to gds (git-fixes). - x86/srso: correct the mitigation status when smt is disabled (git-fixes). - x86/srso: disable the mitigation on unaffected configurations (git-fixes). - x86/srso: explain the untraining sequences a bit more (git-fixes). - x86/srso: fix build breakage with the llvm linker (git-fixes). - x86/srso: fix return thunks in generated code (git-fixes). - x86/static_call: fix __static_call_fixup() (git-fixes). - xfs: fix sb write verify for lazysbcount (bsc#1214661). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3973-1 Released: Thu Oct 5 10:14:49 2023 Summary: Recommended update for zypper Type: recommended Severity: moderate References: 1213854,1214292,1214395,1215007 This update for zypper fixes the following issues: - Fix name of the bash completion script (bsc#1215007) - Update notes about failing signature checks (bsc#1214395) - Improve the SIGINT handler to be signal safe (bsc#1214292) - Update to version 1.14.64 - Changed location of bash completion script (bsc#1213854). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3986-1 Released: Thu Oct 5 14:07:58 2023 Summary: Recommended update for suse-module-tools Type: recommended Severity: important References: 1201066,1213428 This update for suse-module-tools fixes the following issues: - Update to version 15.4.17: * cert-script: warn only once about non-writable efivarfs * cert-script: skip cert handling if efivarfs is not writable (bsc#1213428, bsc#1201066) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4055-1 Released: Thu Oct 12 09:50:39 2023 Summary: Security update for xen Type: security Severity: important References: 1215744,1215746,1215747,1215748,CVE-2023-34323,CVE-2023-34325,CVE-2023-34326,CVE-2023-34327,CVE-2023-34328 This update for xen fixes the following issues: - CVE-2023-34323: A transaction conflict can crash C Xenstored (XSA-440, bsc#1215744) - CVE-2023-34326: Missing IOMMU TLB flushing (XSA-442, bsc#1215746) - CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling (XSA-443, bsc#1215747) - CVE-2023-34327: Debug Mask handling (XSA-444, bsc#1215748) - CVE-2023-34328: Debug Mask handling (XSA-444, bsc#1215748) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4059-1 Released: Thu Oct 12 10:01:24 2023 Summary: Security update for samba Type: security Severity: important References: 1213940,1215904,1215905,1215908,CVE-2023-4091,CVE-2023-4154,CVE-2023-42669 This update for samba fixes the following issues: - CVE-2023-4091: Fixed a bug where a client can truncate file with read-only permissions. (bsc#1215904) - CVE-2023-42669: Fixed a bug in 'rpcecho' development server which allows Denial of Service via sleep() call on AD DC. (bso#1215905) - CVE-2023-4154: Fixed a bug in dirsync which allows SYSTEM access with only 'GUID_DRS_GET_CHANGES' right. (bsc#1215908) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4072-1 Released: Fri Oct 13 10:43:00 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1202845,1213808,1214928,1214940,1214941,1214942,1214943,1214944,1214950,1214951,1214954,1214957,1214986,1214988,1214992,1214993,1215322,1215877,1215894,1215895,1215896,1215911,1215915,1215916,CVE-2023-1192,CVE-2023-1206,CVE-2023-1859,CVE-2023-2177,CVE-2023-39192,CVE-2023-39193,CVE-2023-39194,CVE-2023-4155,CVE-2023-42753,CVE-2023-42754,CVE-2023-4389,CVE-2023-4563,CVE-2023-4622,CVE-2023-4623,CVE-2023-4881,CVE-2023-4921,CVE-2023-5345 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-4563: Fixed an use-after-free flaw in the nftables sub-component. This vulnerability could allow a local attacker to crash the system or lead to a kernel information leak problem. (bsc#1214727) - CVE-2023-39194: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215861) - CVE-2023-39193: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215860) - CVE-2023-39192: Fixed a flaw in the u32_match_it function which could allow a local attackers to disclose sensitive information. (bsc#1215858) - CVE-2023-42754: Fixed a null pointer dereference in ipv4_link_failure which could lead an authenticated attacker to trigger a DoS. (bsc#1215467) - CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215899) - CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages. (bsc#1214022) - CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351). - CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150). - CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703). - CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275). - CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117). - CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). - CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169). - CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). - CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system (bsc#1210643). - CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995). The following non-security bugs were fixed: - ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs (git-fixes). - ALSA: hda/realtek: Splitting the UX3402 into two separate models (git-fixes). - ARM: pxa: remove use of symbol_get() (git-fixes). - arm64: csum: Fix OoB access in IP checksum code for negative lengths (git-fixes). - arm64: module-plts: inline linux/moduleloader.h (git-fixes) - arm64: module: Use module_init_layout_section() to spot init sections (git-fixes) - arm64: sdei: abort running SDEI handlers during crash (git-fixes) - arm64: tegra: Update AHUB clock parent and rate (git-fixes) - arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git-fixes) - ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes). - ASoC: meson: spdifin: start hw on dai probe (git-fixes). - ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes). - ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes). - ata: libata: disallow dev-initiated LPM transitions to unsupported states (git-fixes). - ata: pata_falcon: fix IO base selection for Q40 (git-fixes). - ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes). - ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes). - backlight: gpio_backlight: Drop output GPIO direction check for initial power state (git-fixes). - blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986). - blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992). - block/mq-deadline: use correct way to throttling write requests (bsc#1214993). - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (git-fixes). - bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322). - bpf: Clear the probe_addr for uprobe (git-fixes). - btrfs: do not hold CPU for too long when defragging a file (bsc#1214988). - drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (git-fixes). - drm/amd/display: fix the white screen issue when >= 64GB DRAM (git-fixes). - drm/amd/display: prevent potential division by zero errors (git-fixes). - drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808). - drm/i915: mark requests for GuC virtual engines to avoid use-after-free (git-fixes). - drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (git-fixes). - drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes). - drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes). - ext4: avoid potential data overflow in next_linear_group (bsc#1214951). - ext4: correct inline offset when handling xattrs in inode body (bsc#1214950). - ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954). - ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943). - ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944). - ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942). - ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941). - ext4: Remove ext4 locking of moved directory (bsc#1214957). - ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940). - fs: do not update freeing inode i_io_list (bsc#1214813). - fs: Establish locking order for unrelated directories (bsc#1214958). - fs: Lock moved directories (bsc#1214959). - fs: lockd: avoid possible wrong NULL parameter (git-fixes). - fs: no need to check source (bsc#1215752). - fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE (bsc#1214813). - fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581). - gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479). - gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479). - gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479). - gve: Changes to add new TX queues (bsc#1214479). - gve: Control path for DQO-QPL (bsc#1214479). - gve: fix frag_list chaining (bsc#1214479). - gve: Fix gve interrupt names (bsc#1214479). - gve: RX path for DQO-QPL (bsc#1214479). - gve: trivial spell fix Recive to Receive (bsc#1214479). - gve: Tx path for DQO-QPL (bsc#1214479). - gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479). - gve: use vmalloc_array and vcalloc (bsc#1214479). - gve: XDP support GQI-QPL: helper function changes (bsc#1214479). - hwrng: virtio - add an internal buffer (git-fixes). - hwrng: virtio - always add a pending request (git-fixes). - hwrng: virtio - do not wait on cleanup (git-fixes). - hwrng: virtio - do not waste entropy (git-fixes). - hwrng: virtio - Fix race on data_avail and actual data (git-fixes). - i2c: aspeed: Reset the i2c controller when timeout occurs (git-fixes). - i3c: master: svc: fix probe failure when no i3c device exist (git-fixes). - idr: fix param name in idr_alloc_cyclic() doc (git-fixes). - Input: tca6416-keypad - fix interrupt enable disbalance (git-fixes). - iommu/virtio: Detach domain on endpoint release (git-fixes). - jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953). - jbd2: correct the end of the journal recovery scan range (bsc#1214955). - jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949). - jbd2: fix checkpoint cleanup performance regression (bsc#1214952). - jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948). - jbd2: recheck chechpointing non-dirty buffer (bsc#1214945). - jbd2: remove journal_clean_one_cp_list() (bsc#1214947). - jbd2: remove t_checkpoint_io_list (bsc#1214946). - jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946). - kabi/severities: ignore mlx4 internal symbols - kconfig: fix possible buffer overflow (git-fixes). - kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template. - kernel-binary: python3 is needed for build At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar scripts may exist. - kselftest/runner.sh: Propagate SIGTERM to runner child (git-fixes). - KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915). - KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896). - KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916). - KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894). - KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895). - KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911). - KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-fixes). - KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes). - KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes). - KVM: x86/mmu: Include mmu.h in spte.h (git-fixes). - loop: Fix use-after-free issues (bsc#1214991). - loop: loop_set_status_from_info() check before assignment (bsc#1214990). - mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (bsc#1187236). - mlx4: Connect the ethernet part to the auxiliary bus (bsc#1187236). - mlx4: Connect the infiniband part to the auxiliary bus (bsc#1187236). - mlx4: Delete custom device management logic (bsc#1187236). - mlx4: Get rid of the mlx4_interface.activate callback (bsc#1187236). - mlx4: Get rid of the mlx4_interface.get_dev callback (bsc#1187236). - mlx4: Move the bond work to the core driver (bsc#1187236). - mlx4: Register mlx4 devices to an auxiliary virtual bus (bsc#1187236). - mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236). - mlx4: Replace the mlx4_interface.event callback with a notifier (bsc#1187236). - mlx4: Use 'void *' as the event param of mlx4_dispatch_event() (bsc#1187236). - module: Expose module_init_layout_section() (git-fixes) - net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes). - net: mana: Add page pool for RX buffers (bsc#1214040). - net: mana: Configure hwc timeout from hardware (bsc#1214037). - net: phy: micrel: Correct bit assignments for phy_device flags (git-fixes). - net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes). - net/mlx4: Remove many unnecessary NULL values (bsc#1187236). - NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git-fixes). - NFS/blocklayout: Use the passed in gfp flags (git-fixes). - NFS/pNFS: Fix assignment of xprtdata.cred (git-fixes). - NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes). - NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes). - NFSD: fix change_info in NFSv4 RENAME replies (git-fixes). - NFSD: Fix race to FREE_STATEID and cl_revoked (git-fixes). - NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes). - NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes). - NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes). - NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes). - NFSv4/pNFS: minor fix for cleanup path in nfs4_get_device_info (git-fixes). - ntb: Clean up tx tail index on link down (git-fixes). - ntb: Drop packets when qp link is down (git-fixes). - ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes). - nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543). - nvme-tcp: add recovery_delay to sysfs (bsc#1201284). - nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284). - nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284). - nvme-tcp: make 'err_work' a delayed work (bsc#1201284). - PCI: Free released resource after coalescing (git-fixes). - platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (git-fixes). - platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (git-fixes). - platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes). - platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors (git-fixes). - platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git-fixes). - platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes). - platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes). - platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes). - powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582). - powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729). - powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051). - powerpc/xics: Remove unnecessary endian conversion (bsc#1065729). - printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875). - pwm: lpc32xx: Remove handling of PWM channels (git-fixes). - quota: add new helper dquot_active() (bsc#1214998). - quota: factor out dquot_write_dquot() (bsc#1214995). - quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963). - quota: fix warning in dqgrab() (bsc#1214962). - quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961). - quota: rename dquot_active() to inode_quota_active() (bsc#1214997). - s390/qeth: Do not call dev_close/dev_open (DOWN/UP) (bsc#1214873 git-fixes). - s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215148). - scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes). - scsi: 53c700: Check that command slot is not NULL (git-fixes). - scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes). - scsi: core: Fix possible memory leak if device_add() fails (git-fixes). - scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes). - scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE (git-fixes). - scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes). - scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes). - scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (git-fixes). - scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes). - scsi: lpfc: Remove reftag check in DIF paths (git-fixes). - scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658). - scsi: qedf: Fix firmware halt over suspend and resume (git-fixes). - scsi: qedf: Fix NULL dereference in error handling (git-fixes). - scsi: qedi: Fix firmware halt over suspend and resume (git-fixes). - scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928). - scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928). - scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928). - scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928). - scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes). - scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928). - scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928). - scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928). - scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928). - scsi: qla2xxx: Remove unused declarations (bsc#1214928). - scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928). - scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928). - scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes). - scsi: scsi_debug: Remove dead code (git-fixes). - scsi: snic: Fix double free in snic_tgt_create() (git-fixes). - scsi: snic: Fix possible memory leak if device_add() fails (git-fixes). - scsi: storvsc: Handle additional SRB status values (git-fixes). - scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941). - selftests: tracing: Fix to unmount tracefs for recovering environment (git-fixes). - SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes). - tcpm: Avoid soft reset when partner does not support get_status (git-fixes). - tracing: Fix race issue between cpu buffer write and swap (git-fixes). - tracing: Remove extra space at the end of hwlat_detector/mode (git-fixes). - tracing: Remove unnecessary copying of tr->current_trace (git-fixes). - uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes). - udf: Fix extension of the last extent in the file (bsc#1214964). - udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965). - udf: Fix off-by-one error when discarding preallocation (bsc#1214966). - udf: Fix uninitialized array access for some pathnames (bsc#1214967). - uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes). - usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes). - usb: ehci: move new member has_ci_pec_bug into hole (git-fixes). - usb: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes). - usb: serial: option: add Quectel EM05G variant (0x030e) (git-fixes). - usb: typec: tcpci: clear the fault status bit (git-fixes). - usb: typec: tcpci: move tcpci.h to include/linux/usb/ (git-fixes). - vhost_vdpa: fix the crash in unmap a large memory (git-fixes). - vhost-scsi: unbreak any layout for response (git-fixes). - vhost: allow batching hint without size (git-fixes). - vhost: fix hung thread due to erroneous iotlb entries (git-fixes). - vhost: handle error while adding split ranges to iotlb (git-fixes). - virtio_net: add checking sq is full inside xdp xmit (git-fixes). - virtio_net: Fix probe failed when modprobe virtio_net (git-fixes). - virtio_net: reorder some funcs (git-fixes). - virtio_net: separate the logic of checking whether sq is full (git-fixes). - virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes). - virtio-mmio: do not break lifecycle of vm_dev (git-fixes). - virtio-net: fix race between set queues and probe (git-fixes). - virtio-net: set queues after driver_ok (git-fixes). - virtio-rng: make device ready before making request (git-fixes). - virtio: acknowledge all features before access (git-fixes). - vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582). - watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (git-fixes). - word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729). - x86/alternative: Fix race in try_get_desc() (git-fixes). - x86/boot/e820: Fix typo in e820.c comment (git-fixes). - x86/bugs: Reset speculation control settings on init (git-fixes). - x86/cpu: Add Lunar Lake M (git-fixes). - x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes). - x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git-fixes). - x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git-fixes). - x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes). - x86/ioapic: Do not return 0 from arch_dynirq_lower_bound() (git-fixes). - x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes). - x86/mce: Retrieve poison range from hardware (git-fixes). - x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes). - x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes). - x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes). - x86/purgatory: remove PGO flags (git-fixes). - x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git-fixes). - x86/reboot: Disable virtualization in an emergency if SVM is supported (git-fixes). - x86/resctl: fix scheduler confusion with 'current' (git-fixes). - x86/resctrl: Fix task CLOSID/RMID update race (git-fixes). - x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes). - x86/rtc: Remove __init for runtime functions (git-fixes). - x86/sgx: Reduce delay and interference of enclave release (git-fixes). - x86/srso: Do not probe microcode in a guest (git-fixes). - x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes). - x86/srso: Fix srso_show_state() side effect (git-fixes). - x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes). - x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes). - xen: remove a confusing comment on auto-translated guest I/O (git-fixes). - xprtrdma: Remap Receive buffers after a reconnect (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4108-1 Released: Wed Oct 18 11:51:12 2023 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1215968,CVE-2023-43804 This update for python-urllib3 fixes the following issues: - CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if the user manually set the corresponding header (bsc#1215968). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4122-1 Released: Thu Oct 19 08:24:34 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4135-1 Released: Thu Oct 19 14:14:23 2023 Summary: Security update for suse-module-tools Type: security Severity: important References: 1205767,1210335,CVE-2023-1829,CVE-2023-23559 This update for suse-module-tools fixes the following issues: - Updated to version 15.4.18: - CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier module (bsc#1210335). - CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules (bsc#1205767, jsc#PED-5731). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4138-1 Released: Thu Oct 19 17:15:38 2023 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: This update for systemd-rpm-macros fixes the following issues: - Switch to `systemd-hwdb` tool when updating the HW database. It's been introduced in systemd v219 and replaces the deprecated command `udevadm hwdb`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4139-1 Released: Fri Oct 20 10:06:58 2023 Summary: Recommended update for containerd, runc Type: recommended Severity: moderate References: 1215323 This update for containerd, runc fixes the following issues: runc was updated to v1.1.9. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.9 containerd was updated to containerd v1.7.7 for Docker v24.0.6-ce. Upstream release notes: - https://github.com/containerd/containerd/releases/tag/v1.7.7 - https://github.com/containerd/containerd/releases/tag/v1.7.6 bsc#1215323 - Add `Provides: cri-runtime` to use containerd as container runtime in Factory Kubernetes packages ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4140-1 Released: Fri Oct 20 11:34:03 2023 Summary: Security update for grub2 Type: security Severity: important References: 1201300,1215935,1215936,CVE-2023-4692,CVE-2023-4693 This update for grub2 fixes the following issues: Security fixes: - CVE-2023-4692: Fixed an out-of-bounds write at fs/ntfs.c which may lead to unsigned code execution. (bsc#1215935) - CVE-2023-4693: Fixed an out-of-bounds read at fs/ntfs.c which may lead to leak sensitive information. (bsc#1215936) Other fixes: - Fix a boot delay issue in PowerPC PXE boot (bsc#1201300) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4153-1 Released: Fri Oct 20 19:27:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1215313 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:4194-1 Released: Wed Oct 25 11:01:41 2023 Summary: Feature update for python3 Type: feature Severity: low References: This feature update for python3 packages adds the following: - First batch of python3.11 modules (jsc#PED-68) - Rename sources of python3-kubernetes, python3-cryptography and python3-cryptography-vectors to accommodate the new 3.11 versions, this 3 packages have no code changes. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4217-1 Released: Thu Oct 26 12:20:27 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4225-1 Released: Fri Oct 27 11:02:14 2023 Summary: Security update for zchunk Type: security Severity: important References: 1216268,CVE-2023-46228 This update for zchunk fixes the following issues: - CVE-2023-46228: Fixed a handle overflow errors in malformed zchunk files. (bsc#1216268) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - containerd-ctr-1.7.7-150000.100.1 updated - containerd-1.7.7-150000.100.1 updated - curl-8.0.1-150400.5.32.1 updated - glibc-locale-base-2.31-150300.63.1 updated - glibc-locale-2.31-150300.63.1 updated - glibc-2.31-150300.63.1 updated - grub2-i386-pc-2.06-150400.11.38.1 updated - grub2-x86_64-efi-2.06-150400.11.38.1 updated - grub2-2.06-150400.11.38.1 updated - kernel-default-5.14.21-150400.24.92.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - libeconf0-0.5.2-150400.3.6.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libopenssl1_1-1.1.1l-150400.7.57.1 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libsystemd0-249.16-150400.8.35.5 updated - libudev1-249.16-150400.8.35.5 updated - libz1-1.2.11-150000.3.48.1 updated - libzck1-1.1.16-150400.3.7.1 updated - login_defs-4.8.1-150400.10.12.1 updated - openssl-1_1-1.1.1l-150400.7.57.1 updated - python3-cryptography-3.3.2-150400.20.3 updated - python3-ply-3.10-150000.3.5.1 updated - python3-urllib3-1.25.10-150300.4.6.1 updated - rpm-ndb-4.14.3-150400.59.3.1 updated - runc-1.1.9-150000.52.2 updated - samba-client-libs-4.15.13+git.691.3d3cea0641-150400.3.31.1 updated - shadow-4.8.1-150400.10.12.1 updated - suse-module-tools-15.4.18-150400.3.14.1 updated - systemd-rpm-macros-14-150000.7.36.1 updated - systemd-sysvinit-249.16-150400.8.35.5 updated - systemd-249.16-150400.8.35.5 updated - udev-249.16-150400.8.35.5 updated - vim-data-common-9.0.1894-150000.5.54.1 updated - vim-9.0.1894-150000.5.54.1 updated - xen-libs-4.16.5_06-150400.4.37.1 updated - zypper-1.14.64-150400.3.32.1 updated - samba-libs-4.15.13+git.663.9c654e06cdb-150400.3.28.1 removed From sle-updates at lists.suse.com Mon Oct 30 08:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Oct 2023 08:30:01 -0000 Subject: SUSE-RU-2023:4237-1: moderate: Recommended update for perl-Bootloader Message-ID: <169865460192.11876.12763952972551608668@smelt2.prg2.suse.org> # Recommended update for perl-Bootloader Announcement ID: SUSE-RU-2023:4237-1 Rating: moderate References: * bsc#1215064 Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that has one fix can now be installed. ## Description: This update for perl-Bootloader fixes the following issues: * `bootloader_entry` script can have an optional 'force-default' argument (bsc#1215064) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4237=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4237=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4237=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4237=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4237=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4237=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4237=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4237=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4237=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4237=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4237=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4237=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * perl-Bootloader-YAML-0.945-150300.3.12.1 * perl-Bootloader-0.945-150300.3.12.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * perl-Bootloader-YAML-0.945-150300.3.12.1 * perl-Bootloader-0.945-150300.3.12.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * perl-Bootloader-YAML-0.945-150300.3.12.1 * perl-Bootloader-0.945-150300.3.12.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * perl-Bootloader-YAML-0.945-150300.3.12.1 * perl-Bootloader-0.945-150300.3.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * perl-Bootloader-YAML-0.945-150300.3.12.1 * perl-Bootloader-0.945-150300.3.12.1 * SUSE Manager Proxy 4.2 (x86_64) * perl-Bootloader-0.945-150300.3.12.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * perl-Bootloader-0.945-150300.3.12.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * perl-Bootloader-0.945-150300.3.12.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * perl-Bootloader-YAML-0.945-150300.3.12.1 * perl-Bootloader-0.945-150300.3.12.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * perl-Bootloader-0.945-150300.3.12.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * perl-Bootloader-0.945-150300.3.12.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * perl-Bootloader-0.945-150300.3.12.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215064 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 30 08:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Oct 2023 08:30:04 -0000 Subject: SUSE-RU-2023:4236-1: important: Recommended update for gnu-compilers-hpc Message-ID: <169865460408.11876.15545720538712221748@smelt2.prg2.suse.org> # Recommended update for gnu-compilers-hpc Announcement ID: SUSE-RU-2023:4236-1 Rating: important References: * bsc#1212351 * bsc#1214816 * jsc#MSC-639 * jsc#PED-2834 Affected Products: * HPC Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that contains two features and has two fixes can now be installed. ## Description: This update for gnu-compilers-hpc fixes the following issues: * Fix GCC 12 support implementation that was missed in a previous update (ijsc#MSC-639, jsc#PED-2834) * Fix posttrans script (bsc#1212351, bsc#1214816) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * HPC Module 12 zypper in -t patch SUSE-SLE-Module-HPC-12-2023-4236=1 ## Package List: * HPC Module 12 (noarch) * gnu8-compilers-hpc-1.4-30.1 * gnu9-compilers-hpc-1.4-30.1 * gnu10-compilers-hpc-macros-devel-1.4-30.1 * gnu11-compilers-hpc-devel-1.4-30.1 * gnu11-compilers-hpc-macros-devel-1.4-30.1 * gnu12-compilers-hpc-1.4-30.1 * gnu-compilers-hpc-1.4-30.1 * gnu12-compilers-hpc-macros-devel-1.4-30.1 * gnu-compilers-hpc-devel-1.4-30.1 * gnu8-compilers-hpc-macros-devel-1.4-30.1 * gnu8-compilers-hpc-devel-1.4-30.1 * gnu9-compilers-hpc-macros-devel-1.4-30.1 * gnu10-compilers-hpc-1.4-30.1 * gnu12-compilers-hpc-devel-1.4-30.1 * gnu-compilers-hpc-macros-devel-1.4-30.1 * gnu9-compilers-hpc-devel-1.4-30.1 * gnu10-compilers-hpc-devel-1.4-30.1 * gnu11-compilers-hpc-1.4-30.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212351 * https://bugzilla.suse.com/show_bug.cgi?id=1214816 * https://jira.suse.com/browse/MSC-639 * https://jira.suse.com/browse/PED-2834 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 30 08:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Oct 2023 08:30:05 -0000 Subject: SUSE-RU-2023:4235-1: moderate: Recommended update for gnu-compilers-hpc Message-ID: <169865460552.11876.15039175926921706893@smelt2.prg2.suse.org> # Recommended update for gnu-compilers-hpc Announcement ID: SUSE-RU-2023:4235-1 Rating: moderate References: * bsc#1214816 * jsc#MSC-706 Affected Products: * HPC Module 15-SP4 * HPC Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that contains one feature and has one fix can now be installed. ## Description: This update for gnu-compilers-hpc fixes the following issues: * Address the failures from the scriplets in the package `gnu12-compilers-hpc- devel` (bsc#1214816) * Add `gnu12-compilers-hpc` to SUSE Linux Enterprise 15 Service Pack 3 LTSS ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4235=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4235=1 * HPC Module 15-SP4 zypper in -t patch SUSE-SLE-Module-HPC-15-SP4-2023-4235=1 * HPC Module 15-SP5 zypper in -t patch SUSE-SLE-Module-HPC-15-SP5-2023-4235=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4235=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4235=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4235=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4235=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4235=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4235=1 ## Package List: * openSUSE Leap 15.4 (noarch) * gnu11-compilers-hpc-devel-1.4-150100.3.28.1 * gnu11-compilers-hpc-macros-devel-1.4-150100.3.28.1 * gnu10-compilers-hpc-macros-devel-1.4-150100.3.28.1 * gnu-compilers-hpc-devel-1.4-150100.3.28.1 * gnu12-compilers-hpc-devel-1.4-150100.3.28.1 * gnu9-compilers-hpc-1.4-150100.3.28.1 * gnu9-compilers-hpc-devel-1.4-150100.3.28.1 * gnu9-compilers-hpc-macros-devel-1.4-150100.3.28.1 * gnu10-compilers-hpc-devel-1.4-150100.3.28.1 * gnu-compilers-hpc-1.4-150100.3.28.1 * gnu10-compilers-hpc-1.4-150100.3.28.1 * gnu12-compilers-hpc-macros-devel-1.4-150100.3.28.1 * gnu12-compilers-hpc-1.4-150100.3.28.1 * gnu11-compilers-hpc-1.4-150100.3.28.1 * gnu-compilers-hpc-macros-devel-1.4-150100.3.28.1 * openSUSE Leap 15.5 (noarch) * gnu11-compilers-hpc-devel-1.4-150100.3.28.1 * gnu11-compilers-hpc-macros-devel-1.4-150100.3.28.1 * gnu10-compilers-hpc-macros-devel-1.4-150100.3.28.1 * gnu-compilers-hpc-devel-1.4-150100.3.28.1 * gnu12-compilers-hpc-devel-1.4-150100.3.28.1 * gnu9-compilers-hpc-1.4-150100.3.28.1 * gnu9-compilers-hpc-devel-1.4-150100.3.28.1 * gnu9-compilers-hpc-macros-devel-1.4-150100.3.28.1 * gnu10-compilers-hpc-devel-1.4-150100.3.28.1 * gnu-compilers-hpc-1.4-150100.3.28.1 * gnu10-compilers-hpc-1.4-150100.3.28.1 * gnu12-compilers-hpc-macros-devel-1.4-150100.3.28.1 * gnu12-compilers-hpc-1.4-150100.3.28.1 * gnu11-compilers-hpc-1.4-150100.3.28.1 * gnu-compilers-hpc-macros-devel-1.4-150100.3.28.1 * HPC Module 15-SP4 (noarch) * gnu11-compilers-hpc-devel-1.4-150100.3.28.1 * gnu11-compilers-hpc-macros-devel-1.4-150100.3.28.1 * gnu-compilers-hpc-devel-1.4-150100.3.28.1 * gnu12-compilers-hpc-devel-1.4-150100.3.28.1 * gnu-compilers-hpc-1.4-150100.3.28.1 * gnu12-compilers-hpc-macros-devel-1.4-150100.3.28.1 * gnu12-compilers-hpc-1.4-150100.3.28.1 * gnu11-compilers-hpc-1.4-150100.3.28.1 * gnu-compilers-hpc-macros-devel-1.4-150100.3.28.1 * HPC Module 15-SP5 (noarch) * gnu-compilers-hpc-devel-1.4-150100.3.28.1 * gnu12-compilers-hpc-devel-1.4-150100.3.28.1 * gnu-compilers-hpc-1.4-150100.3.28.1 * gnu12-compilers-hpc-macros-devel-1.4-150100.3.28.1 * gnu12-compilers-hpc-1.4-150100.3.28.1 * gnu-compilers-hpc-macros-devel-1.4-150100.3.28.1 * SUSE Package Hub 15 15-SP4 (noarch) * gnu10-compilers-hpc-macros-devel-1.4-150100.3.28.1 * gnu-compilers-hpc-devel-1.4-150100.3.28.1 * gnu12-compilers-hpc-devel-1.4-150100.3.28.1 * gnu10-compilers-hpc-devel-1.4-150100.3.28.1 * gnu-compilers-hpc-1.4-150100.3.28.1 * gnu10-compilers-hpc-1.4-150100.3.28.1 * gnu12-compilers-hpc-macros-devel-1.4-150100.3.28.1 * gnu12-compilers-hpc-1.4-150100.3.28.1 * gnu-compilers-hpc-macros-devel-1.4-150100.3.28.1 * SUSE Package Hub 15 15-SP5 (noarch) * gnu10-compilers-hpc-macros-devel-1.4-150100.3.28.1 * gnu-compilers-hpc-devel-1.4-150100.3.28.1 * gnu12-compilers-hpc-devel-1.4-150100.3.28.1 * gnu10-compilers-hpc-devel-1.4-150100.3.28.1 * gnu-compilers-hpc-1.4-150100.3.28.1 * gnu10-compilers-hpc-1.4-150100.3.28.1 * gnu12-compilers-hpc-macros-devel-1.4-150100.3.28.1 * gnu12-compilers-hpc-1.4-150100.3.28.1 * gnu-compilers-hpc-macros-devel-1.4-150100.3.28.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * gnu9-compilers-hpc-1.4-150100.3.28.1 * gnu9-compilers-hpc-macros-devel-1.4-150100.3.28.1 * gnu-compilers-hpc-devel-1.4-150100.3.28.1 * gnu12-compilers-hpc-devel-1.4-150100.3.28.1 * gnu9-compilers-hpc-devel-1.4-150100.3.28.1 * gnu-compilers-hpc-1.4-150100.3.28.1 * gnu12-compilers-hpc-macros-devel-1.4-150100.3.28.1 * gnu12-compilers-hpc-1.4-150100.3.28.1 * gnu-compilers-hpc-macros-devel-1.4-150100.3.28.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * gnu11-compilers-hpc-devel-1.4-150100.3.28.1 * gnu11-compilers-hpc-macros-devel-1.4-150100.3.28.1 * gnu10-compilers-hpc-macros-devel-1.4-150100.3.28.1 * gnu-compilers-hpc-devel-1.4-150100.3.28.1 * gnu12-compilers-hpc-devel-1.4-150100.3.28.1 * gnu9-compilers-hpc-1.4-150100.3.28.1 * gnu9-compilers-hpc-devel-1.4-150100.3.28.1 * gnu9-compilers-hpc-macros-devel-1.4-150100.3.28.1 * gnu10-compilers-hpc-devel-1.4-150100.3.28.1 * gnu-compilers-hpc-1.4-150100.3.28.1 * gnu10-compilers-hpc-1.4-150100.3.28.1 * gnu12-compilers-hpc-macros-devel-1.4-150100.3.28.1 * gnu12-compilers-hpc-1.4-150100.3.28.1 * gnu11-compilers-hpc-1.4-150100.3.28.1 * gnu-compilers-hpc-macros-devel-1.4-150100.3.28.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * gnu11-compilers-hpc-devel-1.4-150100.3.28.1 * gnu11-compilers-hpc-macros-devel-1.4-150100.3.28.1 * gnu10-compilers-hpc-macros-devel-1.4-150100.3.28.1 * gnu-compilers-hpc-devel-1.4-150100.3.28.1 * gnu12-compilers-hpc-devel-1.4-150100.3.28.1 * gnu10-compilers-hpc-devel-1.4-150100.3.28.1 * gnu-compilers-hpc-1.4-150100.3.28.1 * gnu10-compilers-hpc-1.4-150100.3.28.1 * gnu12-compilers-hpc-macros-devel-1.4-150100.3.28.1 * gnu12-compilers-hpc-1.4-150100.3.28.1 * gnu11-compilers-hpc-1.4-150100.3.28.1 * gnu-compilers-hpc-macros-devel-1.4-150100.3.28.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * gnu11-compilers-hpc-devel-1.4-150100.3.28.1 * gnu11-compilers-hpc-macros-devel-1.4-150100.3.28.1 * gnu10-compilers-hpc-macros-devel-1.4-150100.3.28.1 * gnu-compilers-hpc-devel-1.4-150100.3.28.1 * gnu12-compilers-hpc-devel-1.4-150100.3.28.1 * gnu10-compilers-hpc-devel-1.4-150100.3.28.1 * gnu-compilers-hpc-1.4-150100.3.28.1 * gnu10-compilers-hpc-1.4-150100.3.28.1 * gnu12-compilers-hpc-macros-devel-1.4-150100.3.28.1 * gnu12-compilers-hpc-1.4-150100.3.28.1 * gnu11-compilers-hpc-1.4-150100.3.28.1 * gnu-compilers-hpc-macros-devel-1.4-150100.3.28.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214816 * https://jira.suse.com/browse/MSC-706 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 30 08:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Oct 2023 08:30:07 -0000 Subject: SUSE-FU-2023:4234-1: moderate: Feature update for jffi, jnr-a64asm, jnr-constants, jnr-ffi, jnr-posix, jnr-x86asm Message-ID: <169865460707.11876.4720042128088204929@smelt2.prg2.suse.org> # Feature update for jffi, jnr-a64asm, jnr-constants, jnr-ffi, jnr-posix, jnr-x86asm Announcement ID: SUSE-FU-2023:4234-1 Rating: moderate References: * jsc#PED-6377 Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for jffi, jnr-a64asm, jnr-constants, jnr-ffi, jnr-posix, jnr-x86asm fixes the following issues: * The following new package dependencies were implemented as requirements of future versions of jython (jsc#PED-6377): * jffi * jnr-a64asm * jnr-constants * jnr-ffi * jnr-posix * jnr-x86asm ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4234=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4234=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4234=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4234=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4234=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4234=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4234=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4234=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4234=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4234=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4234=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4234=1 ## Package List: * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * jffi-1.3.11-150200.5.3.12 * jffi-native-1.3.11-150200.5.3.12 * Development Tools Module 15-SP5 (noarch) * jnr-constants-0.10.4-150200.5.3.12 * jnr-posix-3.1.16-150200.5.3.12 * jnr-x86asm-1.0.2-150200.5.3.12 * jnr-a64asm-1.0.0-150200.5.3.12 * jnr-ffi-2.2.13-150200.5.3.12 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * jffi-1.3.11-150200.5.3.12 * jffi-native-1.3.11-150200.5.3.12 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * jnr-constants-0.10.4-150200.5.3.12 * jnr-posix-3.1.16-150200.5.3.12 * jnr-x86asm-1.0.2-150200.5.3.12 * jnr-a64asm-1.0.0-150200.5.3.12 * jnr-ffi-2.2.13-150200.5.3.12 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * jffi-1.3.11-150200.5.3.12 * jffi-native-1.3.11-150200.5.3.12 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * jnr-constants-0.10.4-150200.5.3.12 * jnr-posix-3.1.16-150200.5.3.12 * jnr-x86asm-1.0.2-150200.5.3.12 * jnr-a64asm-1.0.0-150200.5.3.12 * jnr-ffi-2.2.13-150200.5.3.12 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * jffi-1.3.11-150200.5.3.12 * jffi-native-1.3.11-150200.5.3.12 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * jnr-constants-0.10.4-150200.5.3.12 * jnr-posix-3.1.16-150200.5.3.12 * jnr-x86asm-1.0.2-150200.5.3.12 * jnr-a64asm-1.0.0-150200.5.3.12 * jnr-ffi-2.2.13-150200.5.3.12 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * jffi-1.3.11-150200.5.3.12 * jffi-native-1.3.11-150200.5.3.12 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * jnr-constants-0.10.4-150200.5.3.12 * jnr-posix-3.1.16-150200.5.3.12 * jnr-x86asm-1.0.2-150200.5.3.12 * jnr-a64asm-1.0.0-150200.5.3.12 * jnr-ffi-2.2.13-150200.5.3.12 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * jffi-1.3.11-150200.5.3.12 * jffi-native-1.3.11-150200.5.3.12 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * jnr-constants-0.10.4-150200.5.3.12 * jnr-posix-3.1.16-150200.5.3.12 * jnr-x86asm-1.0.2-150200.5.3.12 * jnr-a64asm-1.0.0-150200.5.3.12 * jnr-ffi-2.2.13-150200.5.3.12 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * jffi-1.3.11-150200.5.3.12 * jffi-native-1.3.11-150200.5.3.12 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * jnr-constants-0.10.4-150200.5.3.12 * jnr-posix-3.1.16-150200.5.3.12 * jnr-x86asm-1.0.2-150200.5.3.12 * jnr-a64asm-1.0.0-150200.5.3.12 * jnr-ffi-2.2.13-150200.5.3.12 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * jffi-1.3.11-150200.5.3.12 * jffi-native-1.3.11-150200.5.3.12 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * jnr-constants-0.10.4-150200.5.3.12 * jnr-posix-3.1.16-150200.5.3.12 * jnr-x86asm-1.0.2-150200.5.3.12 * jnr-a64asm-1.0.0-150200.5.3.12 * jnr-ffi-2.2.13-150200.5.3.12 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * jffi-1.3.11-150200.5.3.12 * jffi-native-1.3.11-150200.5.3.12 * SUSE Enterprise Storage 7.1 (noarch) * jnr-constants-0.10.4-150200.5.3.12 * jnr-posix-3.1.16-150200.5.3.12 * jnr-x86asm-1.0.2-150200.5.3.12 * jnr-a64asm-1.0.0-150200.5.3.12 * jnr-ffi-2.2.13-150200.5.3.12 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * jffi-1.3.11-150200.5.3.12 * jffi-native-1.3.11-150200.5.3.12 * openSUSE Leap 15.4 (noarch) * jnr-posix-javadoc-3.1.16-150200.5.3.12 * jnr-a64asm-javadoc-1.0.0-150200.5.3.12 * jnr-constants-0.10.4-150200.5.3.12 * jnr-x86asm-javadoc-1.0.2-150200.5.3.12 * jnr-posix-3.1.16-150200.5.3.12 * jnr-a64asm-1.0.0-150200.5.3.12 * jnr-x86asm-1.0.2-150200.5.3.12 * jnr-ffi-javadoc-2.2.13-150200.5.3.12 * jnr-ffi-2.2.13-150200.5.3.12 * jnr-constants-javadoc-0.10.4-150200.5.3.12 * jffi-javadoc-1.3.11-150200.5.3.12 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * jffi-1.3.11-150200.5.3.12 * jffi-native-1.3.11-150200.5.3.12 * openSUSE Leap 15.5 (noarch) * jnr-posix-javadoc-3.1.16-150200.5.3.12 * jnr-a64asm-javadoc-1.0.0-150200.5.3.12 * jnr-constants-0.10.4-150200.5.3.12 * jnr-x86asm-javadoc-1.0.2-150200.5.3.12 * jnr-posix-3.1.16-150200.5.3.12 * jnr-a64asm-1.0.0-150200.5.3.12 * jnr-x86asm-1.0.2-150200.5.3.12 * jnr-ffi-javadoc-2.2.13-150200.5.3.12 * jnr-ffi-2.2.13-150200.5.3.12 * jnr-constants-javadoc-0.10.4-150200.5.3.12 * jffi-javadoc-1.3.11-150200.5.3.12 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * jffi-1.3.11-150200.5.3.12 * jffi-native-1.3.11-150200.5.3.12 * Development Tools Module 15-SP4 (noarch) * jnr-constants-0.10.4-150200.5.3.12 * jnr-posix-3.1.16-150200.5.3.12 * jnr-x86asm-1.0.2-150200.5.3.12 * jnr-a64asm-1.0.0-150200.5.3.12 * jnr-ffi-2.2.13-150200.5.3.12 ## References: * https://jira.suse.com/browse/PED-6377 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 30 08:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Oct 2023 08:30:08 -0000 Subject: SUSE-RU-2023:4233-1: moderate: Recommended update for log4j Message-ID: <169865460875.11876.2827623825087529704@smelt2.prg2.suse.org> # Recommended update for log4j Announcement ID: SUSE-RU-2023:4233-1 Rating: moderate References: * jsc#PED-6376 * jsc#PED-6377 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that contains two features can now be installed. ## Description: This update for log4j fixes the following issues: * Build taglib, jmx-gui, bom, nosql and web modules, on platforms where we have the dependencies ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4233=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4233=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4233=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4233=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4233=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4233=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4233=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4233=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4233=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4233=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4233=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4233=1 ## Package List: * openSUSE Leap 15.4 (noarch) * log4j-jcl-2.17.2-150200.4.27.45 * log4j-slf4j-2.17.2-150200.4.27.45 * log4j-2.17.2-150200.4.27.45 * log4j-javadoc-2.17.2-150200.4.27.45 * openSUSE Leap 15.5 (noarch) * log4j-jcl-2.17.2-150200.4.27.45 * log4j-slf4j-2.17.2-150200.4.27.45 * log4j-2.17.2-150200.4.27.45 * log4j-javadoc-2.17.2-150200.4.27.45 * Basesystem Module 15-SP4 (noarch) * log4j-jcl-2.17.2-150200.4.27.45 * log4j-slf4j-2.17.2-150200.4.27.45 * log4j-2.17.2-150200.4.27.45 * log4j-javadoc-2.17.2-150200.4.27.45 * Basesystem Module 15-SP5 (noarch) * log4j-jcl-2.17.2-150200.4.27.45 * log4j-slf4j-2.17.2-150200.4.27.45 * log4j-2.17.2-150200.4.27.45 * log4j-javadoc-2.17.2-150200.4.27.45 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * log4j-jcl-2.17.2-150200.4.27.45 * log4j-slf4j-2.17.2-150200.4.27.45 * log4j-2.17.2-150200.4.27.45 * log4j-javadoc-2.17.2-150200.4.27.45 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * log4j-jcl-2.17.2-150200.4.27.45 * log4j-slf4j-2.17.2-150200.4.27.45 * log4j-2.17.2-150200.4.27.45 * log4j-javadoc-2.17.2-150200.4.27.45 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * log4j-jcl-2.17.2-150200.4.27.45 * log4j-slf4j-2.17.2-150200.4.27.45 * log4j-2.17.2-150200.4.27.45 * log4j-javadoc-2.17.2-150200.4.27.45 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * log4j-jcl-2.17.2-150200.4.27.45 * log4j-slf4j-2.17.2-150200.4.27.45 * log4j-2.17.2-150200.4.27.45 * log4j-javadoc-2.17.2-150200.4.27.45 * SUSE Manager Proxy 4.2 (noarch) * log4j-jcl-2.17.2-150200.4.27.45 * log4j-slf4j-2.17.2-150200.4.27.45 * log4j-2.17.2-150200.4.27.45 * log4j-javadoc-2.17.2-150200.4.27.45 * SUSE Manager Retail Branch Server 4.2 (noarch) * log4j-jcl-2.17.2-150200.4.27.45 * log4j-slf4j-2.17.2-150200.4.27.45 * log4j-2.17.2-150200.4.27.45 * log4j-javadoc-2.17.2-150200.4.27.45 * SUSE Manager Server 4.2 (noarch) * log4j-jcl-2.17.2-150200.4.27.45 * log4j-slf4j-2.17.2-150200.4.27.45 * log4j-2.17.2-150200.4.27.45 * log4j-javadoc-2.17.2-150200.4.27.45 * SUSE Enterprise Storage 7.1 (noarch) * log4j-jcl-2.17.2-150200.4.27.45 * log4j-slf4j-2.17.2-150200.4.27.45 * log4j-2.17.2-150200.4.27.45 * log4j-javadoc-2.17.2-150200.4.27.45 ## References: * https://jira.suse.com/browse/PED-6376 * https://jira.suse.com/browse/PED-6377 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 30 12:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Oct 2023 12:30:06 -0000 Subject: SUSE-SU-2023:4261-1: important: Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP3) Message-ID: <169866900609.5822.1278615159971868858@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP3) Announcement ID: SUSE-SU-2023:4261-1 Rating: important References: * bsc#1210619 * bsc#1214812 * bsc#1215440 Cross-References: * CVE-2023-1829 * CVE-2023-4004 * CVE-2023-4623 CVSS scores: * CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4004 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_133 fixes several issues. The following security issues were fixed: * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215440). * CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1214812). * CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210619). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4261=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-4261=1 ## Package List: * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_133-default-debuginfo-2-150300.2.2 * kernel-livepatch-SLE15-SP3_Update_36-debugsource-2-150300.2.2 * kernel-livepatch-5_3_18-150300_59_133-default-2-150300.2.2 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_133-preempt-debuginfo-2-150300.2.2 * kernel-livepatch-5_3_18-150300_59_133-preempt-2-150300.2.2 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_133-default-2-150300.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-1829.html * https://www.suse.com/security/cve/CVE-2023-4004.html * https://www.suse.com/security/cve/CVE-2023-4623.html * https://bugzilla.suse.com/show_bug.cgi?id=1210619 * https://bugzilla.suse.com/show_bug.cgi?id=1214812 * https://bugzilla.suse.com/show_bug.cgi?id=1215440 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 30 12:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Oct 2023 12:30:09 -0000 Subject: SUSE-SU-2023:4260-1: important: Security update for the Linux Kernel (Live Patch 35 for SLE 15 SP3) Message-ID: <169866900949.5822.7170262917802193004@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 35 for SLE 15 SP3) Announcement ID: SUSE-SU-2023:4260-1 Rating: important References: * bsc#1214812 * bsc#1215118 * bsc#1215440 Cross-References: * CVE-2023-4004 * CVE-2023-4147 * CVE-2023-4623 CVSS scores: * CVE-2023-4004 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4147 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4147 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_130 fixes several issues. The following security issues were fixed: * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215440). * CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1215118). * CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1214812). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4260=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-4260=1 ## Package List: * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP3_Update_35-debugsource-3-150300.2.2 * kernel-livepatch-5_3_18-150300_59_130-default-3-150300.2.2 * kernel-livepatch-5_3_18-150300_59_130-default-debuginfo-3-150300.2.2 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_130-preempt-debuginfo-3-150300.2.2 * kernel-livepatch-5_3_18-150300_59_130-preempt-3-150300.2.2 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_130-default-3-150300.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-4004.html * https://www.suse.com/security/cve/CVE-2023-4147.html * https://www.suse.com/security/cve/CVE-2023-4623.html * https://bugzilla.suse.com/show_bug.cgi?id=1214812 * https://bugzilla.suse.com/show_bug.cgi?id=1215118 * https://bugzilla.suse.com/show_bug.cgi?id=1215440 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 30 12:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Oct 2023 12:30:12 -0000 Subject: SUSE-SU-2023:4245-1: important: Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP2) Message-ID: <169866901268.5822.3021556553552256905@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP2) Announcement ID: SUSE-SU-2023:4245-1 Rating: important References: * bsc#1212934 * bsc#1215440 Cross-References: * CVE-2023-3390 * CVE-2023-4623 CVSS scores: * CVE-2023-3390 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3390 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150200_24_142 fixes several issues. The following security issues were fixed: * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215440). * CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212934). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-4245=1 SUSE-SLE- Module-Live-Patching-15-SP2-2023-4246=1 SUSE-SLE-Module-Live- Patching-15-SP2-2023-4247=1 SUSE-SLE-Module-Live-Patching-15-SP2-2023-4248=1 SUSE-SLE-Module-Live-Patching-15-SP2-2023-4254=1 SUSE-SLE-Module-Live- Patching-15-SP2-2023-4255=1 SUSE-SLE-Module-Live-Patching-15-SP2-2023-4265=1 SUSE-SLE-Module-Live-Patching-15-SP2-2023-4256=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP2_Update_31-debugsource-13-150200.2.3 * kernel-livepatch-SLE15-SP2_Update_35-debugsource-7-150200.2.1 * kernel-livepatch-5_3_18-150200_24_142-default-debuginfo-9-150200.2.3 * kernel-livepatch-5_3_18-150200_24_154-default-5-150200.2.1 * kernel-livepatch-5_3_18-150200_24_154-default-debuginfo-5-150200.2.1 * kernel-livepatch-5_3_18-150200_24_157-default-debuginfo-4-150200.2.1 * kernel-livepatch-5_3_18-150200_24_139-default-debuginfo-10-150200.2.3 * kernel-livepatch-SLE15-SP2_Update_36-debugsource-7-150200.2.1 * kernel-livepatch-SLE15-SP2_Update_33-debugsource-9-150200.2.3 * kernel-livepatch-5_3_18-150200_24_151-default-debuginfo-7-150200.2.1 * kernel-livepatch-5_3_18-150200_24_157-default-4-150200.2.1 * kernel-livepatch-SLE15-SP2_Update_30-debugsource-13-150200.2.3 * kernel-livepatch-SLE15-SP2_Update_38-debugsource-4-150200.2.1 * kernel-livepatch-5_3_18-150200_24_151-default-7-150200.2.1 * kernel-livepatch-5_3_18-150200_24_134-default-debuginfo-13-150200.2.3 * kernel-livepatch-5_3_18-150200_24_148-default-debuginfo-7-150200.2.1 * kernel-livepatch-SLE15-SP2_Update_32-debugsource-10-150200.2.3 * kernel-livepatch-5_3_18-150200_24_142-default-9-150200.2.3 * kernel-livepatch-5_3_18-150200_24_148-default-7-150200.2.1 * kernel-livepatch-5_3_18-150200_24_139-default-10-150200.2.3 * kernel-livepatch-5_3_18-150200_24_129-default-13-150200.2.3 * kernel-livepatch-SLE15-SP2_Update_37-debugsource-5-150200.2.1 * kernel-livepatch-5_3_18-150200_24_129-default-debuginfo-13-150200.2.3 * kernel-livepatch-5_3_18-150200_24_134-default-13-150200.2.3 ## References: * https://www.suse.com/security/cve/CVE-2023-3390.html * https://www.suse.com/security/cve/CVE-2023-4623.html * https://bugzilla.suse.com/show_bug.cgi?id=1212934 * https://bugzilla.suse.com/show_bug.cgi?id=1215440 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 30 12:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Oct 2023 12:30:14 -0000 Subject: SUSE-SU-2023:4244-1: important: Security update for the Linux Kernel (Live Patch 35 for SLE 15 SP1) Message-ID: <169866901495.5822.11626282876279530882@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 35 for SLE 15 SP1) Announcement ID: SUSE-SU-2023:4244-1 Rating: important References: * bsc#1215440 Cross-References: * CVE-2023-4623 CVSS scores: * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 4.12.14-150100_197_126 fixes one issue. The following security issue was fixed: * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215440). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-4244=1 * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-4253=1 SUSE-SLE- Module-Live-Patching-15-SP1-2023-4249=1 SUSE-SLE-Module-Live- Patching-15-SP1-2023-4250=1 * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-4262=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP2_Update_39-debugsource-3-150200.2.1 * kernel-livepatch-5_3_18-150200_24_160-default-3-150200.2.1 * kernel-livepatch-5_3_18-150200_24_160-default-debuginfo-3-150200.2.1 * SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64) * kernel-livepatch-4_12_14-150100_197_154-default-3-150100.2.2 * kernel-livepatch-4_12_14-150100_197_137-default-7-150100.2.2 * kernel-livepatch-4_12_14-150100_197_126-default-12-150100.2.3 * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_173-default-3-2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-4623.html * https://bugzilla.suse.com/show_bug.cgi?id=1215440 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 30 12:30:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Oct 2023 12:30:17 -0000 Subject: SUSE-SU-2023:4243-1: important: Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP2) Message-ID: <169866901760.5822.13719737281375538881@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP2) Announcement ID: SUSE-SU-2023:4243-1 Rating: important References: * bsc#1210619 * bsc#1215440 Cross-References: * CVE-2023-1829 * CVE-2023-4623 CVSS scores: * CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150200_24_163 fixes several issues. The following security issues were fixed: * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215440). * CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210619). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-4243=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP2_Update_40-debugsource-2-150200.2.1 * kernel-livepatch-5_3_18-150200_24_163-default-2-150200.2.1 * kernel-livepatch-5_3_18-150200_24_163-default-debuginfo-2-150200.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1829.html * https://www.suse.com/security/cve/CVE-2023-4623.html * https://bugzilla.suse.com/show_bug.cgi?id=1210619 * https://bugzilla.suse.com/show_bug.cgi?id=1215440 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 30 12:30:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Oct 2023 12:30:25 -0000 Subject: SUSE-SU-2023:4264-1: important: Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP2) Message-ID: <169866902541.5822.568156960006643786@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP2) Announcement ID: SUSE-SU-2023:4264-1 Rating: important References: * bsc#1210619 Cross-References: * CVE-2023-1829 CVSS scores: * CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150200_24_166 fixes one issue. The following security issue was fixed: * CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210619). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4264=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-4264=1 * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-4242=1 ## Package List: * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_138-default-debuginfo-2-150300.2.2 * kernel-livepatch-SLE15-SP3_Update_37-debugsource-2-150300.2.2 * kernel-livepatch-5_3_18-150300_59_138-default-2-150300.2.2 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_138-preempt-debuginfo-2-150300.2.2 * kernel-livepatch-5_3_18-150300_59_138-preempt-2-150300.2.2 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_138-default-2-150300.2.2 * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150200_24_166-default-debuginfo-2-150200.2.1 * kernel-livepatch-5_3_18-150200_24_166-default-2-150200.2.1 * kernel-livepatch-SLE15-SP2_Update_41-debugsource-2-150200.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1829.html * https://bugzilla.suse.com/show_bug.cgi?id=1210619 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 30 12:30:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Oct 2023 12:30:39 -0000 Subject: SUSE-SU-2023:4239-1: important: Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP3) Message-ID: <169866903992.5822.6078232818110124779@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP3) Announcement ID: SUSE-SU-2023:4239-1 Rating: important References: * bsc#1212934 * bsc#1214812 * bsc#1215118 * bsc#1215440 Cross-References: * CVE-2023-3390 * CVE-2023-4004 * CVE-2023-4147 * CVE-2023-4623 CVSS scores: * CVE-2023-3390 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3390 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4004 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4147 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4147 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_112 fixes several issues. The following security issues were fixed: * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215440). * CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1215118). * CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1214812). * CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212934). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4239=1 SUSE-2023-4240=1 SUSE-2023-4241=1 SUSE-2023-4252=1 SUSE-2023-4257=1 SUSE-2023-4266=1 SUSE-2023-4263=1 SUSE-2023-4258=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-4239=1 SUSE-SLE- Module-Live-Patching-15-SP3-2023-4240=1 SUSE-SLE-Module-Live- Patching-15-SP3-2023-4241=1 SUSE-SLE-Module-Live-Patching-15-SP3-2023-4252=1 SUSE-SLE-Module-Live-Patching-15-SP3-2023-4257=1 SUSE-SLE-Module-Live- Patching-15-SP3-2023-4266=1 SUSE-SLE-Module-Live-Patching-15-SP3-2023-4263=1 SUSE-SLE-Module-Live-Patching-15-SP3-2023-4258=1 ## Package List: * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_115-default-8-150300.2.2 * kernel-livepatch-5_3_18-150300_59_112-default-debuginfo-9-150300.2.4 * kernel-livepatch-SLE15-SP3_Update_31-debugsource-7-150300.2.2 * kernel-livepatch-5_3_18-150300_59_127-default-4-150300.2.2 * kernel-livepatch-SLE15-SP3_Update_29-debugsource-9-150300.2.4 * kernel-livepatch-5_3_18-150300_59_115-default-debuginfo-8-150300.2.2 * kernel-livepatch-5_3_18-150300_59_106-default-10-150300.2.4 * kernel-livepatch-5_3_18-150300_59_112-default-9-150300.2.4 * kernel-livepatch-5_3_18-150300_59_106-default-debuginfo-10-150300.2.4 * kernel-livepatch-5_3_18-150300_59_101-default-debuginfo-12-150300.2.4 * kernel-livepatch-SLE15-SP3_Update_27-debugsource-10-150300.2.4 * kernel-livepatch-SLE15-SP3_Update_28-debugsource-10-150300.2.4 * kernel-livepatch-5_3_18-150300_59_109-default-debuginfo-10-150300.2.4 * kernel-livepatch-5_3_18-150300_59_109-default-10-150300.2.4 * kernel-livepatch-5_3_18-150300_59_118-default-debuginfo-7-150300.2.2 * kernel-livepatch-5_3_18-150300_59_98-default-debuginfo-13-150300.2.3 * kernel-livepatch-SLE15-SP3_Update_26-debugsource-12-150300.2.4 * kernel-livepatch-5_3_18-150300_59_118-default-7-150300.2.2 * kernel-livepatch-5_3_18-150300_59_127-default-debuginfo-4-150300.2.2 * kernel-livepatch-SLE15-SP3_Update_30-debugsource-8-150300.2.2 * kernel-livepatch-5_3_18-150300_59_98-default-13-150300.2.3 * kernel-livepatch-SLE15-SP3_Update_25-debugsource-13-150300.2.3 * kernel-livepatch-SLE15-SP3_Update_34-debugsource-4-150300.2.2 * kernel-livepatch-5_3_18-150300_59_101-default-12-150300.2.4 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_115-preempt-debuginfo-8-150300.2.2 * kernel-livepatch-5_3_18-150300_59_101-preempt-12-150300.2.4 * kernel-livepatch-5_3_18-150300_59_112-preempt-debuginfo-9-150300.2.4 * kernel-livepatch-5_3_18-150300_59_118-preempt-debuginfo-7-150300.2.2 * kernel-livepatch-5_3_18-150300_59_127-preempt-debuginfo-4-150300.2.2 * kernel-livepatch-5_3_18-150300_59_115-preempt-8-150300.2.2 * kernel-livepatch-5_3_18-150300_59_127-preempt-4-150300.2.2 * kernel-livepatch-5_3_18-150300_59_98-preempt-debuginfo-13-150300.2.3 * kernel-livepatch-5_3_18-150300_59_118-preempt-7-150300.2.2 * kernel-livepatch-5_3_18-150300_59_109-preempt-10-150300.2.4 * kernel-livepatch-5_3_18-150300_59_112-preempt-9-150300.2.4 * kernel-livepatch-5_3_18-150300_59_109-preempt-debuginfo-10-150300.2.4 * kernel-livepatch-5_3_18-150300_59_101-preempt-debuginfo-12-150300.2.4 * kernel-livepatch-5_3_18-150300_59_106-preempt-10-150300.2.4 * kernel-livepatch-5_3_18-150300_59_98-preempt-13-150300.2.3 * kernel-livepatch-5_3_18-150300_59_106-preempt-debuginfo-10-150300.2.4 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_115-default-8-150300.2.2 * kernel-livepatch-5_3_18-150300_59_118-default-7-150300.2.2 * kernel-livepatch-5_3_18-150300_59_106-default-10-150300.2.4 * kernel-livepatch-5_3_18-150300_59_109-default-10-150300.2.4 * kernel-livepatch-5_3_18-150300_59_112-default-9-150300.2.4 * kernel-livepatch-5_3_18-150300_59_98-default-13-150300.2.3 * kernel-livepatch-5_3_18-150300_59_127-default-4-150300.2.2 * kernel-livepatch-5_3_18-150300_59_101-default-12-150300.2.4 ## References: * https://www.suse.com/security/cve/CVE-2023-3390.html * https://www.suse.com/security/cve/CVE-2023-4004.html * https://www.suse.com/security/cve/CVE-2023-4147.html * https://www.suse.com/security/cve/CVE-2023-4623.html * https://bugzilla.suse.com/show_bug.cgi?id=1212934 * https://bugzilla.suse.com/show_bug.cgi?id=1214812 * https://bugzilla.suse.com/show_bug.cgi?id=1215118 * https://bugzilla.suse.com/show_bug.cgi?id=1215440 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 30 12:30:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Oct 2023 12:30:43 -0000 Subject: SUSE-SU-2023:4259-1: important: Security update for nodejs12 Message-ID: <169866904345.5822.353898368353884030@smelt2.prg2.suse.org> # Security update for nodejs12 Announcement ID: SUSE-SU-2023:4259-1 Rating: important References: * bsc#1216190 * bsc#1216272 Cross-References: * CVE-2023-38552 * CVE-2023-44487 CVSS scores: * CVE-2023-38552 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-38552 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * Web and Scripting Module 12 An update that solves two vulnerabilities can now be installed. ## Description: This update for nodejs12 fixes the following issues: * CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190) * CVE-2023-38552: Fixed an integrity checks according to policies that could be circumvented. (bsc#1216272) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Web and Scripting Module 12 zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2023-4259=1 ## Package List: * Web and Scripting Module 12 (aarch64 ppc64le s390x x86_64) * nodejs14-debugsource-14.21.3-6.49.1 * npm14-14.21.3-6.49.1 * nodejs14-debuginfo-14.21.3-6.49.1 * nodejs14-14.21.3-6.49.1 * nodejs14-devel-14.21.3-6.49.1 * Web and Scripting Module 12 (noarch) * nodejs14-docs-14.21.3-6.49.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38552.html * https://www.suse.com/security/cve/CVE-2023-44487.html * https://bugzilla.suse.com/show_bug.cgi?id=1216190 * https://bugzilla.suse.com/show_bug.cgi?id=1216272 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 30 12:30:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Oct 2023 12:30:46 -0000 Subject: SUSE-SU-2023:4251-1: important: Security update for vorbis-tools Message-ID: <169866904611.5822.14316775524544805947@smelt2.prg2.suse.org> # Security update for vorbis-tools Announcement ID: SUSE-SU-2023:4251-1 Rating: important References: * bsc#1215942 Cross-References: * CVE-2023-43361 CVSS scores: * CVE-2023-43361 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2023-43361 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for vorbis-tools fixes the following issues: * CVE-2023-43361: Fixed a buffer overflow vulnerability during the conversion of wav files to ogg files. (bsc#1215942) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4251=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4251=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4251=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4251=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4251=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4251=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4251=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4251=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4251=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4251=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4251=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4251=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4251=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4251=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4251=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * vorbis-tools-1.4.0-150000.3.3.1 * vorbis-tools-debuginfo-1.4.0-150000.3.3.1 * vorbis-tools-debugsource-1.4.0-150000.3.3.1 * openSUSE Leap 15.5 (noarch) * vorbis-tools-lang-1.4.0-150000.3.3.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * vorbis-tools-1.4.0-150000.3.3.1 * vorbis-tools-debuginfo-1.4.0-150000.3.3.1 * vorbis-tools-debugsource-1.4.0-150000.3.3.1 * Desktop Applications Module 15-SP4 (noarch) * vorbis-tools-lang-1.4.0-150000.3.3.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * vorbis-tools-1.4.0-150000.3.3.1 * vorbis-tools-debuginfo-1.4.0-150000.3.3.1 * vorbis-tools-debugsource-1.4.0-150000.3.3.1 * Desktop Applications Module 15-SP5 (noarch) * vorbis-tools-lang-1.4.0-150000.3.3.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * vorbis-tools-1.4.0-150000.3.3.1 * vorbis-tools-debuginfo-1.4.0-150000.3.3.1 * vorbis-tools-debugsource-1.4.0-150000.3.3.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * vorbis-tools-lang-1.4.0-150000.3.3.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * vorbis-tools-1.4.0-150000.3.3.1 * vorbis-tools-debuginfo-1.4.0-150000.3.3.1 * vorbis-tools-debugsource-1.4.0-150000.3.3.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * vorbis-tools-lang-1.4.0-150000.3.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * vorbis-tools-1.4.0-150000.3.3.1 * vorbis-tools-debuginfo-1.4.0-150000.3.3.1 * vorbis-tools-debugsource-1.4.0-150000.3.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * vorbis-tools-lang-1.4.0-150000.3.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * vorbis-tools-1.4.0-150000.3.3.1 * vorbis-tools-debuginfo-1.4.0-150000.3.3.1 * vorbis-tools-debugsource-1.4.0-150000.3.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * vorbis-tools-lang-1.4.0-150000.3.3.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * vorbis-tools-1.4.0-150000.3.3.1 * vorbis-tools-debuginfo-1.4.0-150000.3.3.1 * vorbis-tools-debugsource-1.4.0-150000.3.3.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * vorbis-tools-lang-1.4.0-150000.3.3.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * vorbis-tools-1.4.0-150000.3.3.1 * vorbis-tools-debuginfo-1.4.0-150000.3.3.1 * vorbis-tools-debugsource-1.4.0-150000.3.3.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * vorbis-tools-lang-1.4.0-150000.3.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * vorbis-tools-1.4.0-150000.3.3.1 * vorbis-tools-debuginfo-1.4.0-150000.3.3.1 * vorbis-tools-debugsource-1.4.0-150000.3.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * vorbis-tools-lang-1.4.0-150000.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * vorbis-tools-1.4.0-150000.3.3.1 * vorbis-tools-debuginfo-1.4.0-150000.3.3.1 * vorbis-tools-debugsource-1.4.0-150000.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * vorbis-tools-lang-1.4.0-150000.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * vorbis-tools-1.4.0-150000.3.3.1 * vorbis-tools-debuginfo-1.4.0-150000.3.3.1 * vorbis-tools-debugsource-1.4.0-150000.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * vorbis-tools-lang-1.4.0-150000.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * vorbis-tools-1.4.0-150000.3.3.1 * vorbis-tools-debuginfo-1.4.0-150000.3.3.1 * vorbis-tools-debugsource-1.4.0-150000.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * vorbis-tools-lang-1.4.0-150000.3.3.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * vorbis-tools-1.4.0-150000.3.3.1 * vorbis-tools-debuginfo-1.4.0-150000.3.3.1 * vorbis-tools-debugsource-1.4.0-150000.3.3.1 * SUSE Enterprise Storage 7.1 (noarch) * vorbis-tools-lang-1.4.0-150000.3.3.1 * SUSE CaaS Platform 4.0 (x86_64) * vorbis-tools-1.4.0-150000.3.3.1 * vorbis-tools-debuginfo-1.4.0-150000.3.3.1 * vorbis-tools-debugsource-1.4.0-150000.3.3.1 * SUSE CaaS Platform 4.0 (noarch) * vorbis-tools-lang-1.4.0-150000.3.3.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * vorbis-tools-1.4.0-150000.3.3.1 * vorbis-tools-debuginfo-1.4.0-150000.3.3.1 * vorbis-tools-debugsource-1.4.0-150000.3.3.1 * openSUSE Leap 15.4 (noarch) * vorbis-tools-lang-1.4.0-150000.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-43361.html * https://bugzilla.suse.com/show_bug.cgi?id=1215942 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 30 14:48:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Oct 2023 15:48:55 +0100 (CET) Subject: SUSE-CU-2023:3617-1: Security update of bci/bci-micro Message-ID: <20231030144855.461A7F417@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3617-1 Container Tags : bci/bci-micro:15.4 , bci/bci-micro:15.4.23.3 Container Release : 23.3 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215286 1215891 CVE-2023-4039 CVE-2023-4813 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - glibc-2.31-150300.63.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated From sle-updates at lists.suse.com Mon Oct 30 14:49:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Oct 2023 15:49:07 +0100 (CET) Subject: SUSE-CU-2023:3618-1: Security update of bci/bci-minimal Message-ID: <20231030144907.9BAC9F417@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3618-1 Container Tags : bci/bci-minimal:15.4 , bci/bci-minimal:15.4.24.11 Container Release : 24.11 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215286 1215891 1216378 CVE-2023-4039 CVE-2023-45853 CVE-2023-4813 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4217-1 Released: Thu Oct 26 12:20:27 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - glibc-2.31-150300.63.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libz1-1.2.11-150000.3.48.1 updated - container:micro-image-15.4.0-23.3 updated From sle-updates at lists.suse.com Mon Oct 30 14:49:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Oct 2023 15:49:39 +0100 (CET) Subject: SUSE-CU-2023:3619-1: Security update of suse/sle15 Message-ID: <20231030144939.CADD8F417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3619-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.115 , suse/sle15:15.4 , suse/sle15:15.4.27.14.115 Container Release : 27.14.115 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1216123 1216174 1216268 1216378 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 CVE-2023-46228 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4217-1 Released: Thu Oct 26 12:20:27 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4225-1 Released: Fri Oct 27 11:02:14 2023 Summary: Security update for zchunk Type: security Severity: important References: 1216268,CVE-2023-46228 This update for zchunk fixes the following issues: - CVE-2023-46228: Fixed a handle overflow errors in malformed zchunk files. (bsc#1216268) The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libz1-1.2.11-150000.3.48.1 updated - libzck1-1.1.16-150400.3.7.1 updated From sle-updates at lists.suse.com Mon Oct 30 14:49:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Oct 2023 15:49:44 +0100 (CET) Subject: SUSE-CU-2023:3620-1: Security update of bci/bci-micro Message-ID: <20231030144944.B04D5F417@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3620-1 Container Tags : bci/bci-micro:15.5 , bci/bci-micro:15.5.12.3 , bci/bci-micro:latest Container Release : 12.3 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 CVE-2023-4039 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated From sle-updates at lists.suse.com Mon Oct 30 14:49:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Oct 2023 15:49:49 +0100 (CET) Subject: SUSE-CU-2023:3621-1: Security update of bci/bci-minimal Message-ID: <20231030144949.71CE7F417@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3621-1 Container Tags : bci/bci-minimal:15.5 , bci/bci-minimal:15.5.13.9 , bci/bci-minimal:latest Container Release : 13.9 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1216378 CVE-2023-4039 CVE-2023-45853 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libz1-1.2.13-150500.4.3.1 updated - container:micro-image-15.5.0-12.3 updated From sle-updates at lists.suse.com Mon Oct 30 14:49:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Oct 2023 15:49:58 +0100 (CET) Subject: SUSE-CU-2023:3622-1: Security update of suse/sle15 Message-ID: <20231030144958.EF5A9F417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3622-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.51 , suse/sle15:15.5 , suse/sle15:15.5.36.5.51 Container Release : 36.5.51 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1216123 1216174 1216268 1216378 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 CVE-2023-46228 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4225-1 Released: Fri Oct 27 11:02:14 2023 Summary: Security update for zchunk Type: security Severity: important References: 1216268,CVE-2023-46228 This update for zchunk fixes the following issues: - CVE-2023-46228: Fixed a handle overflow errors in malformed zchunk files. (bsc#1216268) The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libz1-1.2.13-150500.4.3.1 updated - libzck1-1.1.16-150400.3.7.1 updated From sle-updates at lists.suse.com Mon Oct 30 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Oct 2023 16:30:02 -0000 Subject: SUSE-SU-2023:4267-1: important: Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP4) Message-ID: <169868340257.24461.13181679403144377480@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:4267-1 Rating: important References: * bsc#1212934 * bsc#1214812 * bsc#1215118 * bsc#1215440 Cross-References: * CVE-2023-3390 * CVE-2023-4004 * CVE-2023-4147 * CVE-2023-4623 CVSS scores: * CVE-2023-3390 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3390 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4004 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4147 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4147 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_28 fixes several issues. The following security issues were fixed: * CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1215118). * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215440). * CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1214812). * CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212934). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4267=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4267=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_28-default-13-150400.2.3 * kernel-livepatch-SLE15-SP4_Update_4-debugsource-13-150400.2.3 * kernel-livepatch-5_14_21-150400_24_28-default-debuginfo-13-150400.2.3 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_28-default-13-150400.2.3 * kernel-livepatch-SLE15-SP4_Update_4-debugsource-13-150400.2.3 * kernel-livepatch-5_14_21-150400_24_28-default-debuginfo-13-150400.2.3 ## References: * https://www.suse.com/security/cve/CVE-2023-3390.html * https://www.suse.com/security/cve/CVE-2023-4004.html * https://www.suse.com/security/cve/CVE-2023-4147.html * https://www.suse.com/security/cve/CVE-2023-4623.html * https://bugzilla.suse.com/show_bug.cgi?id=1212934 * https://bugzilla.suse.com/show_bug.cgi?id=1214812 * https://bugzilla.suse.com/show_bug.cgi?id=1215118 * https://bugzilla.suse.com/show_bug.cgi?id=1215440 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 30 16:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Oct 2023 16:30:05 -0000 Subject: SUSE-RU-2023:4268-1: important: Recommended update for pciutils Message-ID: <169868340503.24461.15844536486735283559@smelt2.prg2.suse.org> # Recommended update for pciutils Announcement ID: SUSE-RU-2023:4268-1 Rating: important References: * bsc#1215265 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for pciutils fixes the following issues: * Buffer overflow error that would cause lspci to crash on systems with complex topologies (bsc#1215265) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4268=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4268=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4268=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4268=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4268=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4268=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4268=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4268=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4268=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4268=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4268=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4268=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4268=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4268=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4268=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4268=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4268=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4268=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4268=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4268=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4268=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4268=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4268=1 ## Package List: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * pciutils-devel-3.5.6-150300.13.6.1 * pciutils-3.5.6-150300.13.6.1 * libpci3-debuginfo-3.5.6-150300.13.6.1 * pciutils-debuginfo-3.5.6-150300.13.6.1 * libpci3-3.5.6-150300.13.6.1 * pciutils-debugsource-3.5.6-150300.13.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libpci3-32bit-3.5.6-150300.13.6.1 * libpci3-32bit-debuginfo-3.5.6-150300.13.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * pciutils-devel-3.5.6-150300.13.6.1 * pciutils-3.5.6-150300.13.6.1 * libpci3-debuginfo-3.5.6-150300.13.6.1 * pciutils-debuginfo-3.5.6-150300.13.6.1 * libpci3-3.5.6-150300.13.6.1 * pciutils-debugsource-3.5.6-150300.13.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libpci3-32bit-3.5.6-150300.13.6.1 * libpci3-32bit-debuginfo-3.5.6-150300.13.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * pciutils-devel-3.5.6-150300.13.6.1 * pciutils-3.5.6-150300.13.6.1 * libpci3-debuginfo-3.5.6-150300.13.6.1 * pciutils-debuginfo-3.5.6-150300.13.6.1 * libpci3-3.5.6-150300.13.6.1 * pciutils-debugsource-3.5.6-150300.13.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libpci3-32bit-3.5.6-150300.13.6.1 * libpci3-32bit-debuginfo-3.5.6-150300.13.6.1 * SUSE Manager Proxy 4.2 (x86_64) * pciutils-devel-3.5.6-150300.13.6.1 * pciutils-3.5.6-150300.13.6.1 * libpci3-debuginfo-3.5.6-150300.13.6.1 * pciutils-debuginfo-3.5.6-150300.13.6.1 * libpci3-32bit-3.5.6-150300.13.6.1 * libpci3-32bit-debuginfo-3.5.6-150300.13.6.1 * libpci3-3.5.6-150300.13.6.1 * pciutils-debugsource-3.5.6-150300.13.6.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * pciutils-devel-3.5.6-150300.13.6.1 * pciutils-3.5.6-150300.13.6.1 * libpci3-debuginfo-3.5.6-150300.13.6.1 * pciutils-debuginfo-3.5.6-150300.13.6.1 * libpci3-32bit-3.5.6-150300.13.6.1 * libpci3-32bit-debuginfo-3.5.6-150300.13.6.1 * libpci3-3.5.6-150300.13.6.1 * pciutils-debugsource-3.5.6-150300.13.6.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * pciutils-devel-3.5.6-150300.13.6.1 * pciutils-3.5.6-150300.13.6.1 * libpci3-debuginfo-3.5.6-150300.13.6.1 * pciutils-debuginfo-3.5.6-150300.13.6.1 * libpci3-3.5.6-150300.13.6.1 * pciutils-debugsource-3.5.6-150300.13.6.1 * SUSE Manager Server 4.2 (x86_64) * libpci3-32bit-3.5.6-150300.13.6.1 * libpci3-32bit-debuginfo-3.5.6-150300.13.6.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * pciutils-devel-3.5.6-150300.13.6.1 * pciutils-3.5.6-150300.13.6.1 * libpci3-debuginfo-3.5.6-150300.13.6.1 * pciutils-debuginfo-3.5.6-150300.13.6.1 * libpci3-3.5.6-150300.13.6.1 * pciutils-debugsource-3.5.6-150300.13.6.1 * SUSE Enterprise Storage 7.1 (x86_64) * libpci3-32bit-3.5.6-150300.13.6.1 * libpci3-32bit-debuginfo-3.5.6-150300.13.6.1 * SUSE Linux Enterprise Micro 5.1 (x86_64) * libpci3-debuginfo-3.5.6-150300.13.6.1 * pciutils-debuginfo-3.5.6-150300.13.6.1 * libpci3-3.5.6-150300.13.6.1 * pciutils-debugsource-3.5.6-150300.13.6.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * pciutils-3.5.6-150300.13.6.1 * libpci3-debuginfo-3.5.6-150300.13.6.1 * pciutils-debuginfo-3.5.6-150300.13.6.1 * libpci3-3.5.6-150300.13.6.1 * pciutils-debugsource-3.5.6-150300.13.6.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * pciutils-3.5.6-150300.13.6.1 * libpci3-debuginfo-3.5.6-150300.13.6.1 * pciutils-debuginfo-3.5.6-150300.13.6.1 * libpci3-3.5.6-150300.13.6.1 * pciutils-debugsource-3.5.6-150300.13.6.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * pciutils-devel-3.5.6-150300.13.6.1 * pciutils-3.5.6-150300.13.6.1 * libpci3-debuginfo-3.5.6-150300.13.6.1 * pciutils-debuginfo-3.5.6-150300.13.6.1 * libpci3-3.5.6-150300.13.6.1 * pciutils-debugsource-3.5.6-150300.13.6.1 * openSUSE Leap 15.3 (x86_64) * libpci3-32bit-3.5.6-150300.13.6.1 * pciutils-devel-32bit-3.5.6-150300.13.6.1 * libpci3-32bit-debuginfo-3.5.6-150300.13.6.1 * openSUSE Leap 15.3 (aarch64_ilp32) * libpci3-64bit-debuginfo-3.5.6-150300.13.6.1 * pciutils-devel-64bit-3.5.6-150300.13.6.1 * libpci3-64bit-3.5.6-150300.13.6.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * pciutils-3.5.6-150300.13.6.1 * libpci3-debuginfo-3.5.6-150300.13.6.1 * pciutils-debuginfo-3.5.6-150300.13.6.1 * libpci3-3.5.6-150300.13.6.1 * pciutils-debugsource-3.5.6-150300.13.6.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * pciutils-3.5.6-150300.13.6.1 * libpci3-debuginfo-3.5.6-150300.13.6.1 * pciutils-debuginfo-3.5.6-150300.13.6.1 * libpci3-3.5.6-150300.13.6.1 * pciutils-debugsource-3.5.6-150300.13.6.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * pciutils-devel-3.5.6-150300.13.6.1 * pciutils-3.5.6-150300.13.6.1 * libpci3-debuginfo-3.5.6-150300.13.6.1 * pciutils-debuginfo-3.5.6-150300.13.6.1 * libpci3-3.5.6-150300.13.6.1 * pciutils-debugsource-3.5.6-150300.13.6.1 * openSUSE Leap 15.4 (x86_64) * libpci3-32bit-3.5.6-150300.13.6.1 * pciutils-devel-32bit-3.5.6-150300.13.6.1 * libpci3-32bit-debuginfo-3.5.6-150300.13.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * pciutils-devel-3.5.6-150300.13.6.1 * pciutils-3.5.6-150300.13.6.1 * libpci3-debuginfo-3.5.6-150300.13.6.1 * pciutils-debuginfo-3.5.6-150300.13.6.1 * libpci3-3.5.6-150300.13.6.1 * pciutils-debugsource-3.5.6-150300.13.6.1 * openSUSE Leap 15.5 (x86_64) * libpci3-32bit-3.5.6-150300.13.6.1 * pciutils-devel-32bit-3.5.6-150300.13.6.1 * libpci3-32bit-debuginfo-3.5.6-150300.13.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * pciutils-3.5.6-150300.13.6.1 * libpci3-debuginfo-3.5.6-150300.13.6.1 * pciutils-debuginfo-3.5.6-150300.13.6.1 * libpci3-3.5.6-150300.13.6.1 * pciutils-debugsource-3.5.6-150300.13.6.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * pciutils-3.5.6-150300.13.6.1 * libpci3-debuginfo-3.5.6-150300.13.6.1 * pciutils-debuginfo-3.5.6-150300.13.6.1 * libpci3-3.5.6-150300.13.6.1 * pciutils-debugsource-3.5.6-150300.13.6.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * pciutils-3.5.6-150300.13.6.1 * libpci3-debuginfo-3.5.6-150300.13.6.1 * pciutils-debuginfo-3.5.6-150300.13.6.1 * libpci3-3.5.6-150300.13.6.1 * pciutils-debugsource-3.5.6-150300.13.6.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * pciutils-3.5.6-150300.13.6.1 * libpci3-debuginfo-3.5.6-150300.13.6.1 * pciutils-debuginfo-3.5.6-150300.13.6.1 * libpci3-3.5.6-150300.13.6.1 * pciutils-debugsource-3.5.6-150300.13.6.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * pciutils-3.5.6-150300.13.6.1 * libpci3-debuginfo-3.5.6-150300.13.6.1 * pciutils-debuginfo-3.5.6-150300.13.6.1 * libpci3-3.5.6-150300.13.6.1 * pciutils-debugsource-3.5.6-150300.13.6.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * pciutils-devel-3.5.6-150300.13.6.1 * pciutils-3.5.6-150300.13.6.1 * libpci3-debuginfo-3.5.6-150300.13.6.1 * pciutils-debuginfo-3.5.6-150300.13.6.1 * libpci3-3.5.6-150300.13.6.1 * pciutils-debugsource-3.5.6-150300.13.6.1 * Basesystem Module 15-SP4 (x86_64) * libpci3-32bit-3.5.6-150300.13.6.1 * libpci3-32bit-debuginfo-3.5.6-150300.13.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * pciutils-devel-3.5.6-150300.13.6.1 * pciutils-3.5.6-150300.13.6.1 * libpci3-debuginfo-3.5.6-150300.13.6.1 * pciutils-debuginfo-3.5.6-150300.13.6.1 * libpci3-3.5.6-150300.13.6.1 * pciutils-debugsource-3.5.6-150300.13.6.1 * Basesystem Module 15-SP5 (x86_64) * libpci3-32bit-3.5.6-150300.13.6.1 * libpci3-32bit-debuginfo-3.5.6-150300.13.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * pciutils-devel-3.5.6-150300.13.6.1 * pciutils-3.5.6-150300.13.6.1 * libpci3-debuginfo-3.5.6-150300.13.6.1 * pciutils-debuginfo-3.5.6-150300.13.6.1 * libpci3-3.5.6-150300.13.6.1 * pciutils-debugsource-3.5.6-150300.13.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libpci3-32bit-3.5.6-150300.13.6.1 * libpci3-32bit-debuginfo-3.5.6-150300.13.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215265 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 30 20:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Oct 2023 20:30:02 -0000 Subject: SUSE-SU-2023:4273-1: important: Security update for the Linux Kernel (Live Patch 48 for SLE 12 SP5) Message-ID: <169869780219.27732.725438370680985736@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 48 for SLE 12 SP5) Announcement ID: SUSE-SU-2023:4273-1 Rating: important References: * bsc#1209683 * bsc#1210619 * bsc#1215440 Cross-References: * CVE-2023-1281 * CVE-2023-1829 * CVE-2023-4623 CVSS scores: * CVE-2023-1281 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_176 fixes several issues. The following security issues were fixed: * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215440). * CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210619). * CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209683). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-4273=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_176-default-2-2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-1281.html * https://www.suse.com/security/cve/CVE-2023-1829.html * https://www.suse.com/security/cve/CVE-2023-4623.html * https://bugzilla.suse.com/show_bug.cgi?id=1209683 * https://bugzilla.suse.com/show_bug.cgi?id=1210619 * https://bugzilla.suse.com/show_bug.cgi?id=1215440 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 30 20:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Oct 2023 20:30:07 -0000 Subject: SUSE-SU-2023:3563-3: moderate: Security update for icu73_2 Message-ID: <169869780700.27732.16866059640448386848@smelt2.prg2.suse.org> # Security update for icu73_2 Announcement ID: SUSE-SU-2023:3563-3 Rating: moderate References: * bsc#1030253 * bsc#1095425 * bsc#1103893 * bsc#1112183 * bsc#1146907 * bsc#1158955 * bsc#1159131 * bsc#1161007 * bsc#1162882 * bsc#1166844 * bsc#1167603 * bsc#1182252 * bsc#1182645 * bsc#1192935 * bsc#1193951 * bsc#354372 * bsc#437293 * bsc#824262 * jsc#PED-4917 * jsc#SLE-11118 Cross-References: * CVE-2020-10531 * CVE-2020-21913 CVSS scores: * CVE-2020-10531 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2020-10531 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2020-21913 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2020-21913 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap Micro 5.2 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves two vulnerabilities, contains two features and has 16 security fixes can now be installed. ## Description: This update for icu73_2 fixes the following issues: * Update to release 73.2 * CLDR extends the support for ?short? Chinese sort orders to cover some additional, required characters for Level 2. This is carried over into ICU collation. * ICU has a modified character conversion table, mapping some GB18030 characters to Unicode characters that were encoded after GB18030-2005. * fixes builds where UCHAR_TYPE is re-defined such as libqt5-qtwebengine * Update to release 73.1 * Improved Japanese and Korean short-text line breaking * Reduction of C++ memory use in date formatting * Update to release 72.1 * Support for Unicode 15, including new characters, scripts, emoji, and corresponding API constants. * Support for CLDR 42 locale data with various additions and corrections. * Shift to tzdb 2022e. Pre-1970 data for a number of timezones has been removed. * bump library packagename to libicu71 to match the version. * update to 71.1: * updates to CLDR 41 locale data with various additions and corrections. * phrase-based line breaking for Japanese. Existing line breaking methods follow standards and conventions for body text but do not work well for short Japanese text, such as in titles and headings. This new feature is optimized for these use cases. * support for Hindi written in Latin letters (hi_Latn). The CLDR data for this increasingly popular locale has been significantly revised and expanded. Note that based on user expectations, hi_Latn incorporates a large amount of English, and can also be referred to as ?Hinglish?. * time zone data updated to version 2022a. Note that pre-1970 data for a number of time zones has been removed, as has been the case in the upstream tzdata release since 2021b. * ICU-21793 Fix ucptrietest golden diff [bsc#1192935] * Update to release 70.1: * Unicode 14 (new characters, scripts, emoji, and API constants) * CLDR 40 (many additions and corrections) * Fixes for measurement unit formatting * Can now be built with up to C++20 compilers * ICU-21613 Fix undefined behaviour in ComplexUnitsConverter::applyRounder * Update to release 69.1 * CLDR 39 * For Norwegian, "no" is back to being the canonical code, with "nb" treated as equivalent. This aligns handling of Norwegian with other macro language codes. * Binary prefixes in measurement units (KiB, MiB, etc.) * Time zone offsets from local time: New APIs BasicTimeZone::getOffsetFromLocal() (C++) and ucal_getTimeZoneOffsetFromLocal() * Backport ICU-21366 (bsc#1182645) * Update to release 68.2 * Fix memory problem in FormattedStringBuilder * Fix assertion when setKeywordValue w/ long value. * Fix UBSan breakage on 8bit of rbbi * fix int32_t overflow in listFormat * Fix memory handling in MemoryPool::operator=() * Fix memory leak in AliasReplacer * Add back icu.keyring, see https://unicode-org.atlassian.net/browse/ICU-21361 Update to release 68.1: * CLDR 38 * Measurement unit preferences * PluralRules selection for ranges of numbers * Locale ID canonicalization now conforms to the CLDR spec including edge cases * DateIntervalFormat supports output options such as capitalization * Measurement units are normalized in skeleton string output * Time zone data (tzdata) version 2020d * Add the provides for libicu to Make .Net core can install successfully. (bsc#1167603, bsc#1161007) Update to version 67.1: * Unicode 13 (ICU-20893, same as in ICU 66) * Total of 5930 new characters * 4 new scripts * 55 new emoji characters, plus additional new sequences * New CJK extension, first characters in plane 3: U+30000..U+3134A * CLDR 37 * New language at Modern coverage: Nigerian Pidgin * New languages at Basic coverage: Fulah (Adlam), Maithili, Manipuri, Santali, Sindhi (Devanagari), Sundanese * Region containment: EU no longer includes GB * Unicode 13 root collation data and Chinese data for collation and transliteration * DateTimePatternGenerator now obeys the "hc" preference in the locale identifier (ICU-20442) * Various other improvements for ECMA-402 conformance * Number skeletons have a new "concise" form that can be used in MessageFormat strings (ICU-20418) * Currency formatting options for formal and other currency display name variants (ICU-20854) * ListFormatter: new public API to select the style & type (ICU-12863) * ListFormatter now selects the proper ?and?/?or? form for Spanish & Hebrew (ICU-21016) * Locale ID canonicalization upgraded to implement the complete CLDR spec (ICU-20834, ICU-20272) * LocaleMatcher: New option to ignore one-way matches (ICU-20936), and other tweaks to the code (ICU-20916, ICU-20917) and data (from CLDR) * acceptLanguage() reimplemented via LocaleMatcher (ICU-20700) * Data build tool: tzdbNames.res moved from the "zone_tree" category to the "zone_supplemental" category (ICU-21073) * Fixed uses of u8"literals" broken by the C++20 introduction of the incompatible char8_t type (ICU-20972), * and added a few API overloads to reduce the need for reinterpret_cast (ICU-20984). * Support for manipulating CLDR 37 unit identifiers in MeasureUnit. * Fix potential integer overflow in UnicodeString:doAppend (bsc#1166844, CVE-2020-10531). Update to version 66.1: * Unicode 13 support * Fix uses of u8"literals" broken by C++20 introduction of incompatible char8_t type. (ICU-20972) * use LocalMemory for cmd to prevent use after free (bsc#1193951 CVE-2020-21913). * Remove /usr/lib(64)/icu/current [bsc#1158955]. Update to release 65.1 (jsc#SLE-11118): * Updated to CLDR 36 locale data with many additions and corrections, and some new measurement units. * The Java LocaleMatcher API is improved, and ported to C++. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3563=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3563=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3563=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3563=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3563=1 * openSUSE Leap Micro 5.2 zypper in -t patch SUSE-2023-3563=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3563=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3563=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3563=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3563=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3563=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3563=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3563=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3563=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3563=1 ## Package List: * SUSE Manager Retail Branch Server 4.2 (x86_64) * libicu73_2-debuginfo-73.2-150000.1.3.1 * icu73_2-debuginfo-73.2-150000.1.3.1 * libicu73_2-73.2-150000.1.3.1 * icu73_2-debugsource-73.2-150000.1.3.1 * libicu73_2-devel-73.2-150000.1.3.1 * libicu73_2-doc-73.2-150000.1.3.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * libicu73_2-ledata-73.2-150000.1.3.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libicu73_2-debuginfo-73.2-150000.1.3.1 * icu73_2-debuginfo-73.2-150000.1.3.1 * libicu73_2-73.2-150000.1.3.1 * icu73_2-debugsource-73.2-150000.1.3.1 * libicu73_2-devel-73.2-150000.1.3.1 * libicu73_2-doc-73.2-150000.1.3.1 * SUSE Manager Server 4.2 (noarch) * libicu73_2-bedata-73.2-150000.1.3.1 * libicu73_2-ledata-73.2-150000.1.3.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libicu73_2-73.2-150000.1.3.1 * libicu73_2-debuginfo-73.2-150000.1.3.1 * icu73_2-debugsource-73.2-150000.1.3.1 * icu73_2-debuginfo-73.2-150000.1.3.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * libicu73_2-bedata-73.2-150000.1.3.1 * libicu73_2-ledata-73.2-150000.1.3.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libicu73_2-73.2-150000.1.3.1 * libicu73_2-debuginfo-73.2-150000.1.3.1 * icu73_2-debugsource-73.2-150000.1.3.1 * icu73_2-debuginfo-73.2-150000.1.3.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * libicu73_2-bedata-73.2-150000.1.3.1 * libicu73_2-ledata-73.2-150000.1.3.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libicu73_2-73.2-150000.1.3.1 * libicu73_2-debuginfo-73.2-150000.1.3.1 * icu73_2-debugsource-73.2-150000.1.3.1 * icu73_2-debuginfo-73.2-150000.1.3.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * libicu73_2-bedata-73.2-150000.1.3.1 * libicu73_2-ledata-73.2-150000.1.3.1 * openSUSE Leap Micro 5.2 (aarch64 ppc64le s390x x86_64) * libicu73_2-73.2-150000.1.3.1 * icu73_2-debugsource-73.2-150000.1.3.1 * libicu73_2-debuginfo-73.2-150000.1.3.1 * openSUSE Leap Micro 5.2 (noarch) * libicu73_2-bedata-73.2-150000.1.3.1 * libicu73_2-ledata-73.2-150000.1.3.1 * openSUSE Leap Micro 5.3 (aarch64 ppc64le s390x x86_64) * libicu73_2-73.2-150000.1.3.1 * libicu73_2-debuginfo-73.2-150000.1.3.1 * icu73_2-debugsource-73.2-150000.1.3.1 * icu73_2-debuginfo-73.2-150000.1.3.1 * openSUSE Leap Micro 5.3 (noarch) * libicu73_2-bedata-73.2-150000.1.3.1 * libicu73_2-ledata-73.2-150000.1.3.1 * openSUSE Leap Micro 5.4 (aarch64 ppc64le s390x x86_64) * libicu73_2-73.2-150000.1.3.1 * libicu73_2-debuginfo-73.2-150000.1.3.1 * icu73_2-debugsource-73.2-150000.1.3.1 * icu73_2-debuginfo-73.2-150000.1.3.1 * openSUSE Leap Micro 5.4 (noarch) * libicu73_2-bedata-73.2-150000.1.3.1 * libicu73_2-ledata-73.2-150000.1.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libicu73_2-73.2-150000.1.3.1 * libicu73_2-debuginfo-73.2-150000.1.3.1 * icu73_2-debugsource-73.2-150000.1.3.1 * icu73_2-debuginfo-73.2-150000.1.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * libicu73_2-bedata-73.2-150000.1.3.1 * libicu73_2-ledata-73.2-150000.1.3.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libicu73_2-73.2-150000.1.3.1 * libicu73_2-debuginfo-73.2-150000.1.3.1 * icu73_2-debugsource-73.2-150000.1.3.1 * icu73_2-debuginfo-73.2-150000.1.3.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * libicu73_2-bedata-73.2-150000.1.3.1 * libicu73_2-ledata-73.2-150000.1.3.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libicu73_2-73.2-150000.1.3.1 * libicu73_2-debuginfo-73.2-150000.1.3.1 * icu73_2-debugsource-73.2-150000.1.3.1 * icu73_2-debuginfo-73.2-150000.1.3.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * libicu73_2-bedata-73.2-150000.1.3.1 * libicu73_2-ledata-73.2-150000.1.3.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libicu73_2-73.2-150000.1.3.1 * libicu73_2-debuginfo-73.2-150000.1.3.1 * icu73_2-debugsource-73.2-150000.1.3.1 * icu73_2-debuginfo-73.2-150000.1.3.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * libicu73_2-bedata-73.2-150000.1.3.1 * libicu73_2-ledata-73.2-150000.1.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libicu73_2-debuginfo-73.2-150000.1.3.1 * icu73_2-debuginfo-73.2-150000.1.3.1 * libicu73_2-73.2-150000.1.3.1 * icu73_2-debugsource-73.2-150000.1.3.1 * libicu73_2-devel-73.2-150000.1.3.1 * libicu73_2-doc-73.2-150000.1.3.1 * Basesystem Module 15-SP4 (noarch) * libicu73_2-bedata-73.2-150000.1.3.1 * libicu73_2-ledata-73.2-150000.1.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libicu73_2-debuginfo-73.2-150000.1.3.1 * icu73_2-debuginfo-73.2-150000.1.3.1 * libicu73_2-73.2-150000.1.3.1 * icu73_2-debugsource-73.2-150000.1.3.1 * libicu73_2-devel-73.2-150000.1.3.1 * libicu73_2-doc-73.2-150000.1.3.1 * Basesystem Module 15-SP5 (noarch) * libicu73_2-bedata-73.2-150000.1.3.1 * libicu73_2-ledata-73.2-150000.1.3.1 * SUSE Manager Proxy 4.2 (x86_64) * libicu73_2-debuginfo-73.2-150000.1.3.1 * icu73_2-debuginfo-73.2-150000.1.3.1 * libicu73_2-73.2-150000.1.3.1 * icu73_2-debugsource-73.2-150000.1.3.1 * libicu73_2-devel-73.2-150000.1.3.1 * libicu73_2-doc-73.2-150000.1.3.1 * SUSE Manager Proxy 4.2 (noarch) * libicu73_2-ledata-73.2-150000.1.3.1 ## References: * https://www.suse.com/security/cve/CVE-2020-10531.html * https://www.suse.com/security/cve/CVE-2020-21913.html * https://bugzilla.suse.com/show_bug.cgi?id=1030253 * https://bugzilla.suse.com/show_bug.cgi?id=1095425 * https://bugzilla.suse.com/show_bug.cgi?id=1103893 * https://bugzilla.suse.com/show_bug.cgi?id=1112183 * https://bugzilla.suse.com/show_bug.cgi?id=1146907 * https://bugzilla.suse.com/show_bug.cgi?id=1158955 * https://bugzilla.suse.com/show_bug.cgi?id=1159131 * https://bugzilla.suse.com/show_bug.cgi?id=1161007 * https://bugzilla.suse.com/show_bug.cgi?id=1162882 * https://bugzilla.suse.com/show_bug.cgi?id=1166844 * https://bugzilla.suse.com/show_bug.cgi?id=1167603 * https://bugzilla.suse.com/show_bug.cgi?id=1182252 * https://bugzilla.suse.com/show_bug.cgi?id=1182645 * https://bugzilla.suse.com/show_bug.cgi?id=1192935 * https://bugzilla.suse.com/show_bug.cgi?id=1193951 * https://bugzilla.suse.com/show_bug.cgi?id=354372 * https://bugzilla.suse.com/show_bug.cgi?id=437293 * https://bugzilla.suse.com/show_bug.cgi?id=824262 * https://jira.suse.com/browse/PED-4917 * https://jira.suse.com/browse/SLE-11118 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 30 20:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Oct 2023 20:30:09 -0000 Subject: SUSE-SU-2023:4272-1: important: Security update for xorg-x11-server Message-ID: <169869780980.27732.8283627362664388071@smelt2.prg2.suse.org> # Security update for xorg-x11-server Announcement ID: SUSE-SU-2023:4272-1 Rating: important References: * bsc#1216133 * bsc#1216135 * bsc#1216261 Cross-References: * CVE-2023-5367 * CVE-2023-5380 * CVE-2023-5574 CVSS scores: * CVE-2023-5367 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5367 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5380 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5380 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5574 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5574 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP5 * Development Tools Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for xorg-x11-server fixes the following issues: * CVE-2023-5574: Fixed a privilege escalation issue that could be triggered via the Damage extension protocol (bsc#1216261). * CVE-2023-5380: Fixed a memory safety issue that could be triggered when using multiple protocol screens (bsc#1216133). * CVE-2023-5367: Fixed a memory safety issue in both the XI2 and RandR protocols (bsc#1216135). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4272=1 openSUSE-SLE-15.5-2023-4272=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4272=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4272=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * xorg-x11-server-source-21.1.4-150500.7.7.1 * xorg-x11-server-Xvfb-21.1.4-150500.7.7.1 * xorg-x11-server-Xvfb-debuginfo-21.1.4-150500.7.7.1 * xorg-x11-server-debuginfo-21.1.4-150500.7.7.1 * xorg-x11-server-extra-debuginfo-21.1.4-150500.7.7.1 * xorg-x11-server-sdk-21.1.4-150500.7.7.1 * xorg-x11-server-extra-21.1.4-150500.7.7.1 * xorg-x11-server-debugsource-21.1.4-150500.7.7.1 * xorg-x11-server-21.1.4-150500.7.7.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-Xvfb-21.1.4-150500.7.7.1 * xorg-x11-server-Xvfb-debuginfo-21.1.4-150500.7.7.1 * xorg-x11-server-debuginfo-21.1.4-150500.7.7.1 * xorg-x11-server-extra-debuginfo-21.1.4-150500.7.7.1 * xorg-x11-server-extra-21.1.4-150500.7.7.1 * xorg-x11-server-debugsource-21.1.4-150500.7.7.1 * xorg-x11-server-21.1.4-150500.7.7.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-sdk-21.1.4-150500.7.7.1 * xorg-x11-server-debugsource-21.1.4-150500.7.7.1 * xorg-x11-server-debuginfo-21.1.4-150500.7.7.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5367.html * https://www.suse.com/security/cve/CVE-2023-5380.html * https://www.suse.com/security/cve/CVE-2023-5574.html * https://bugzilla.suse.com/show_bug.cgi?id=1216133 * https://bugzilla.suse.com/show_bug.cgi?id=1216135 * https://bugzilla.suse.com/show_bug.cgi?id=1216261 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 30 20:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Oct 2023 20:30:12 -0000 Subject: SUSE-SU-2023:4271-1: important: Security update for gstreamer-plugins-bad Message-ID: <169869781224.27732.10290414971720502400@smelt2.prg2.suse.org> # Security update for gstreamer-plugins-bad Announcement ID: SUSE-SU-2023:4271-1 Rating: important References: * bsc#1215793 Cross-References: * CVE-2023-40474 CVSS scores: * CVE-2023-40474 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for gstreamer-plugins-bad fixes the following issues: * CVE-2023-40474: Fixed a remote code execution issue due to improper parsing of H265 encoded video files (bsc#1215793). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4271=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4271=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4271=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4271=1 ## Package List: * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libgstisoff-1_0-0-debuginfo-1.22.0-150500.3.6.1 * libgsttranscoder-1_0-0-1.22.0-150500.3.6.1 * typelib-1_0-GstBadAudio-1_0-1.22.0-150500.3.6.1 * typelib-1_0-GstMpegts-1_0-1.22.0-150500.3.6.1 * gstreamer-plugins-bad-debugsource-1.22.0-150500.3.6.1 * libgstwayland-1_0-0-1.22.0-150500.3.6.1 * libgstva-1_0-0-1.22.0-150500.3.6.1 * libgstvulkan-1_0-0-1.22.0-150500.3.6.1 * libgstcodecparsers-1_0-0-debuginfo-1.22.0-150500.3.6.1 * typelib-1_0-GstInsertBin-1_0-1.22.0-150500.3.6.1 * libgstmpegts-1_0-0-1.22.0-150500.3.6.1 * gstreamer-plugins-bad-devel-1.22.0-150500.3.6.1 * gstreamer-plugins-bad-chromaprint-1.22.0-150500.3.6.1 * libgstwebrtc-1_0-0-debuginfo-1.22.0-150500.3.6.1 * libgstwayland-1_0-0-debuginfo-1.22.0-150500.3.6.1 * libgstvulkan-1_0-0-debuginfo-1.22.0-150500.3.6.1 * libgstbasecamerabinsrc-1_0-0-1.22.0-150500.3.6.1 * libgstcodecparsers-1_0-0-1.22.0-150500.3.6.1 * typelib-1_0-CudaGst-1_0-1.22.0-150500.3.6.1 * libgstadaptivedemux-1_0-0-1.22.0-150500.3.6.1 * libgstcuda-1_0-0-debuginfo-1.22.0-150500.3.6.1 * libgsturidownloader-1_0-0-debuginfo-1.22.0-150500.3.6.1 * libgstbadaudio-1_0-0-debuginfo-1.22.0-150500.3.6.1 * typelib-1_0-GstCuda-1_0-1.22.0-150500.3.6.1 * libgstmpegts-1_0-0-debuginfo-1.22.0-150500.3.6.1 * libgstcuda-1_0-0-1.22.0-150500.3.6.1 * libgstwebrtcnice-1_0-0-1.22.0-150500.3.6.1 * typelib-1_0-GstPlay-1_0-1.22.0-150500.3.6.1 * libgsttranscoder-1_0-0-debuginfo-1.22.0-150500.3.6.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.22.0-150500.3.6.1 * libgsturidownloader-1_0-0-1.22.0-150500.3.6.1 * gstreamer-plugins-bad-1.22.0-150500.3.6.1 * typelib-1_0-GstCodecs-1_0-1.22.0-150500.3.6.1 * typelib-1_0-GstPlayer-1_0-1.22.0-150500.3.6.1 * libgstwebrtcnice-1_0-0-debuginfo-1.22.0-150500.3.6.1 * libgstadaptivedemux-1_0-0-debuginfo-1.22.0-150500.3.6.1 * typelib-1_0-GstVa-1_0-1.22.0-150500.3.6.1 * typelib-1_0-GstWebRTC-1_0-1.22.0-150500.3.6.1 * gstreamer-plugins-bad-debuginfo-1.22.0-150500.3.6.1 * libgstcodecs-1_0-0-1.22.0-150500.3.6.1 * libgstinsertbin-1_0-0-1.22.0-150500.3.6.1 * libgstinsertbin-1_0-0-debuginfo-1.22.0-150500.3.6.1 * libgstva-1_0-0-debuginfo-1.22.0-150500.3.6.1 * libgstwebrtc-1_0-0-1.22.0-150500.3.6.1 * libgstcodecs-1_0-0-debuginfo-1.22.0-150500.3.6.1 * libgstbadaudio-1_0-0-1.22.0-150500.3.6.1 * libgstisoff-1_0-0-1.22.0-150500.3.6.1 * libgstsctp-1_0-0-1.22.0-150500.3.6.1 * libgstsctp-1_0-0-debuginfo-1.22.0-150500.3.6.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.22.0-150500.3.6.1 * Desktop Applications Module 15-SP5 (noarch) * gstreamer-plugins-bad-lang-1.22.0-150500.3.6.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * gstreamer-plugins-bad-debugsource-1.22.0-150500.3.6.1 * gstreamer-plugins-bad-debuginfo-1.22.0-150500.3.6.1 * libgsttranscoder-1_0-0-1.22.0-150500.3.6.1 * libgsttranscoder-1_0-0-debuginfo-1.22.0-150500.3.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libgstisoff-1_0-0-debuginfo-1.22.0-150500.3.6.1 * libgsttranscoder-1_0-0-1.22.0-150500.3.6.1 * typelib-1_0-GstBadAudio-1_0-1.22.0-150500.3.6.1 * typelib-1_0-GstMpegts-1_0-1.22.0-150500.3.6.1 * gstreamer-plugins-bad-debugsource-1.22.0-150500.3.6.1 * libgstwayland-1_0-0-1.22.0-150500.3.6.1 * libgstva-1_0-0-1.22.0-150500.3.6.1 * libgstvulkan-1_0-0-1.22.0-150500.3.6.1 * libgstcodecparsers-1_0-0-debuginfo-1.22.0-150500.3.6.1 * typelib-1_0-GstInsertBin-1_0-1.22.0-150500.3.6.1 * libgstmpegts-1_0-0-1.22.0-150500.3.6.1 * gstreamer-plugins-bad-devel-1.22.0-150500.3.6.1 * libgstplay-1_0-0-1.22.0-150500.3.6.1 * gstreamer-plugins-bad-chromaprint-1.22.0-150500.3.6.1 * libgstwebrtc-1_0-0-debuginfo-1.22.0-150500.3.6.1 * libgstwayland-1_0-0-debuginfo-1.22.0-150500.3.6.1 * libgstvulkan-1_0-0-debuginfo-1.22.0-150500.3.6.1 * libgstbasecamerabinsrc-1_0-0-1.22.0-150500.3.6.1 * libgstcodecparsers-1_0-0-1.22.0-150500.3.6.1 * typelib-1_0-GstVulkan-1_0-1.22.0-150500.3.6.1 * typelib-1_0-CudaGst-1_0-1.22.0-150500.3.6.1 * libgstadaptivedemux-1_0-0-1.22.0-150500.3.6.1 * libgstcuda-1_0-0-debuginfo-1.22.0-150500.3.6.1 * libgsturidownloader-1_0-0-debuginfo-1.22.0-150500.3.6.1 * typelib-1_0-GstVulkanWayland-1_0-1.22.0-150500.3.6.1 * libgstbadaudio-1_0-0-debuginfo-1.22.0-150500.3.6.1 * typelib-1_0-GstCuda-1_0-1.22.0-150500.3.6.1 * libgstplay-1_0-0-debuginfo-1.22.0-150500.3.6.1 * libgstmpegts-1_0-0-debuginfo-1.22.0-150500.3.6.1 * libgstcuda-1_0-0-1.22.0-150500.3.6.1 * libgstwebrtcnice-1_0-0-1.22.0-150500.3.6.1 * typelib-1_0-GstPlay-1_0-1.22.0-150500.3.6.1 * libgsttranscoder-1_0-0-debuginfo-1.22.0-150500.3.6.1 * typelib-1_0-GstVulkanXCB-1_0-1.22.0-150500.3.6.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.22.0-150500.3.6.1 * libgsturidownloader-1_0-0-1.22.0-150500.3.6.1 * gstreamer-plugins-bad-1.22.0-150500.3.6.1 * typelib-1_0-GstCodecs-1_0-1.22.0-150500.3.6.1 * typelib-1_0-GstPlayer-1_0-1.22.0-150500.3.6.1 * libgstwebrtcnice-1_0-0-debuginfo-1.22.0-150500.3.6.1 * libgstadaptivedemux-1_0-0-debuginfo-1.22.0-150500.3.6.1 * typelib-1_0-GstVa-1_0-1.22.0-150500.3.6.1 * libgstplayer-1_0-0-1.22.0-150500.3.6.1 * typelib-1_0-GstWebRTC-1_0-1.22.0-150500.3.6.1 * gstreamer-plugins-bad-debuginfo-1.22.0-150500.3.6.1 * libgstcodecs-1_0-0-1.22.0-150500.3.6.1 * libgstinsertbin-1_0-0-1.22.0-150500.3.6.1 * gstreamer-transcoder-1.22.0-150500.3.6.1 * libgstinsertbin-1_0-0-debuginfo-1.22.0-150500.3.6.1 * libgstva-1_0-0-debuginfo-1.22.0-150500.3.6.1 * libgstwebrtc-1_0-0-1.22.0-150500.3.6.1 * libgstphotography-1_0-0-1.22.0-150500.3.6.1 * gstreamer-transcoder-devel-1.22.0-150500.3.6.1 * libgstcodecs-1_0-0-debuginfo-1.22.0-150500.3.6.1 * libgstbadaudio-1_0-0-1.22.0-150500.3.6.1 * libgstisoff-1_0-0-1.22.0-150500.3.6.1 * gstreamer-transcoder-debuginfo-1.22.0-150500.3.6.1 * libgstphotography-1_0-0-debuginfo-1.22.0-150500.3.6.1 * libgstplayer-1_0-0-debuginfo-1.22.0-150500.3.6.1 * libgstsctp-1_0-0-1.22.0-150500.3.6.1 * libgstsctp-1_0-0-debuginfo-1.22.0-150500.3.6.1 * typelib-1_0-GstTranscoder-1_0-1.22.0-150500.3.6.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.22.0-150500.3.6.1 * openSUSE Leap 15.5 (x86_64) * libgstisoff-1_0-0-32bit-1.22.0-150500.3.6.1 * libgstvulkan-1_0-0-32bit-1.22.0-150500.3.6.1 * libgstmpegts-1_0-0-32bit-debuginfo-1.22.0-150500.3.6.1 * gstreamer-plugins-bad-32bit-debuginfo-1.22.0-150500.3.6.1 * libgstadaptivedemux-1_0-0-32bit-1.22.0-150500.3.6.1 * libgstinsertbin-1_0-0-32bit-1.22.0-150500.3.6.1 * libgstbasecamerabinsrc-1_0-0-32bit-1.22.0-150500.3.6.1 * libgstwayland-1_0-0-32bit-1.22.0-150500.3.6.1 * libgstwebrtc-1_0-0-32bit-1.22.0-150500.3.6.1 * libgstwayland-1_0-0-32bit-debuginfo-1.22.0-150500.3.6.1 * gstreamer-plugins-bad-32bit-1.22.0-150500.3.6.1 * libgstplayer-1_0-0-32bit-1.22.0-150500.3.6.1 * libgstva-1_0-0-32bit-1.22.0-150500.3.6.1 * libgstsctp-1_0-0-32bit-1.22.0-150500.3.6.1 * libgsturidownloader-1_0-0-32bit-debuginfo-1.22.0-150500.3.6.1 * libgstadaptivedemux-1_0-0-32bit-debuginfo-1.22.0-150500.3.6.1 * libgstcodecs-1_0-0-32bit-1.22.0-150500.3.6.1 * libgstwebrtcnice-1_0-0-32bit-1.22.0-150500.3.6.1 * libgsturidownloader-1_0-0-32bit-1.22.0-150500.3.6.1 * libgstvulkan-1_0-0-32bit-debuginfo-1.22.0-150500.3.6.1 * libgstplayer-1_0-0-32bit-debuginfo-1.22.0-150500.3.6.1 * libgstbadaudio-1_0-0-32bit-1.22.0-150500.3.6.1 * libgstsctp-1_0-0-32bit-debuginfo-1.22.0-150500.3.6.1 * libgstplay-1_0-0-32bit-1.22.0-150500.3.6.1 * libgstwebrtcnice-1_0-0-32bit-debuginfo-1.22.0-150500.3.6.1 * libgstplay-1_0-0-32bit-debuginfo-1.22.0-150500.3.6.1 * libgstcodecparsers-1_0-0-32bit-1.22.0-150500.3.6.1 * libgstcuda-1_0-0-32bit-1.22.0-150500.3.6.1 * libgstphotography-1_0-0-32bit-debuginfo-1.22.0-150500.3.6.1 * libgstcuda-1_0-0-32bit-debuginfo-1.22.0-150500.3.6.1 * libgstinsertbin-1_0-0-32bit-debuginfo-1.22.0-150500.3.6.1 * libgstwebrtc-1_0-0-32bit-debuginfo-1.22.0-150500.3.6.1 * libgstcodecs-1_0-0-32bit-debuginfo-1.22.0-150500.3.6.1 * libgstphotography-1_0-0-32bit-1.22.0-150500.3.6.1 * libgstbadaudio-1_0-0-32bit-debuginfo-1.22.0-150500.3.6.1 * libgstbasecamerabinsrc-1_0-0-32bit-debuginfo-1.22.0-150500.3.6.1 * gstreamer-plugins-bad-chromaprint-32bit-debuginfo-1.22.0-150500.3.6.1 * gstreamer-plugins-bad-chromaprint-32bit-1.22.0-150500.3.6.1 * libgstcodecparsers-1_0-0-32bit-debuginfo-1.22.0-150500.3.6.1 * libgstisoff-1_0-0-32bit-debuginfo-1.22.0-150500.3.6.1 * libgstva-1_0-0-32bit-debuginfo-1.22.0-150500.3.6.1 * libgstmpegts-1_0-0-32bit-1.22.0-150500.3.6.1 * openSUSE Leap 15.5 (noarch) * gstreamer-plugins-bad-lang-1.22.0-150500.3.6.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libgstva-1_0-0-64bit-1.22.0-150500.3.6.1 * libgstisoff-1_0-0-64bit-1.22.0-150500.3.6.1 * libgstsctp-1_0-0-64bit-debuginfo-1.22.0-150500.3.6.1 * gstreamer-plugins-bad-64bit-debuginfo-1.22.0-150500.3.6.1 * libgstbadaudio-1_0-0-64bit-debuginfo-1.22.0-150500.3.6.1 * libgstcuda-1_0-0-64bit-1.22.0-150500.3.6.1 * libgstsctp-1_0-0-64bit-1.22.0-150500.3.6.1 * libgstmpegts-1_0-0-64bit-1.22.0-150500.3.6.1 * libgstwayland-1_0-0-64bit-debuginfo-1.22.0-150500.3.6.1 * libgstbasecamerabinsrc-1_0-0-64bit-1.22.0-150500.3.6.1 * libgstisoff-1_0-0-64bit-debuginfo-1.22.0-150500.3.6.1 * libgstmpegts-1_0-0-64bit-debuginfo-1.22.0-150500.3.6.1 * libgstwebrtc-1_0-0-64bit-1.22.0-150500.3.6.1 * libgsturidownloader-1_0-0-64bit-1.22.0-150500.3.6.1 * libgstvulkan-1_0-0-64bit-debuginfo-1.22.0-150500.3.6.1 * libgstadaptivedemux-1_0-0-64bit-1.22.0-150500.3.6.1 * libgstcodecs-1_0-0-64bit-debuginfo-1.22.0-150500.3.6.1 * libgstvulkan-1_0-0-64bit-1.22.0-150500.3.6.1 * libgstbadaudio-1_0-0-64bit-1.22.0-150500.3.6.1 * libgstplayer-1_0-0-64bit-1.22.0-150500.3.6.1 * gstreamer-plugins-bad-chromaprint-64bit-debuginfo-1.22.0-150500.3.6.1 * gstreamer-plugins-bad-64bit-1.22.0-150500.3.6.1 * libgstinsertbin-1_0-0-64bit-debuginfo-1.22.0-150500.3.6.1 * libgstwebrtc-1_0-0-64bit-debuginfo-1.22.0-150500.3.6.1 * libgstwebrtcnice-1_0-0-64bit-debuginfo-1.22.0-150500.3.6.1 * libgstbasecamerabinsrc-1_0-0-64bit-debuginfo-1.22.0-150500.3.6.1 * libgstcodecparsers-1_0-0-64bit-debuginfo-1.22.0-150500.3.6.1 * libgstplay-1_0-0-64bit-1.22.0-150500.3.6.1 * libgstphotography-1_0-0-64bit-debuginfo-1.22.0-150500.3.6.1 * libgstwebrtcnice-1_0-0-64bit-1.22.0-150500.3.6.1 * gstreamer-plugins-bad-chromaprint-64bit-1.22.0-150500.3.6.1 * libgstcodecs-1_0-0-64bit-1.22.0-150500.3.6.1 * libgsturidownloader-1_0-0-64bit-debuginfo-1.22.0-150500.3.6.1 * libgstva-1_0-0-64bit-debuginfo-1.22.0-150500.3.6.1 * libgstwayland-1_0-0-64bit-1.22.0-150500.3.6.1 * libgstadaptivedemux-1_0-0-64bit-debuginfo-1.22.0-150500.3.6.1 * libgstplayer-1_0-0-64bit-debuginfo-1.22.0-150500.3.6.1 * libgstcodecparsers-1_0-0-64bit-1.22.0-150500.3.6.1 * libgstinsertbin-1_0-0-64bit-1.22.0-150500.3.6.1 * libgstphotography-1_0-0-64bit-1.22.0-150500.3.6.1 * libgstcuda-1_0-0-64bit-debuginfo-1.22.0-150500.3.6.1 * libgstplay-1_0-0-64bit-debuginfo-1.22.0-150500.3.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libgstplayer-1_0-0-1.22.0-150500.3.6.1 * gstreamer-plugins-bad-debuginfo-1.22.0-150500.3.6.1 * libgstplay-1_0-0-debuginfo-1.22.0-150500.3.6.1 * gstreamer-plugins-bad-debugsource-1.22.0-150500.3.6.1 * libgstphotography-1_0-0-1.22.0-150500.3.6.1 * libgstphotography-1_0-0-debuginfo-1.22.0-150500.3.6.1 * libgstplayer-1_0-0-debuginfo-1.22.0-150500.3.6.1 * libgstplay-1_0-0-1.22.0-150500.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40474.html * https://bugzilla.suse.com/show_bug.cgi?id=1215793 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 30 20:30:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Oct 2023 20:30:20 -0000 Subject: SUSE-SU-2023:4270-1: moderate: Security update for poppler Message-ID: <169869782066.27732.7130322569651915338@smelt2.prg2.suse.org> # Security update for poppler Announcement ID: SUSE-SU-2023:4270-1 Rating: moderate References: * bsc#1128114 * bsc#1214726 Cross-References: * CVE-2019-9545 * CVE-2022-37052 CVSS scores: * CVE-2019-9545 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2019-9545 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-37052 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 An update that solves two vulnerabilities can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2019-9545: Fixed an uncontrolled recursion issue that could cause a crash (bsc#1128114). * CVE-2022-37052: Fixed a crash that could be triggered when opening a crafted file (bsc#1214726). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4270=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libpoppler73-0.62.0-150000.4.31.1 * libpoppler73-debuginfo-0.62.0-150000.4.31.1 * openSUSE Leap 15.4 (x86_64) * libpoppler73-32bit-debuginfo-0.62.0-150000.4.31.1 * libpoppler73-32bit-0.62.0-150000.4.31.1 ## References: * https://www.suse.com/security/cve/CVE-2019-9545.html * https://www.suse.com/security/cve/CVE-2022-37052.html * https://bugzilla.suse.com/show_bug.cgi?id=1128114 * https://bugzilla.suse.com/show_bug.cgi?id=1214726 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Oct 30 20:30:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Oct 2023 20:30:27 -0000 Subject: SUSE-SU-2023:4269-1: important: Security update for xorg-x11-server Message-ID: <169869782799.27732.16311439840259999393@smelt2.prg2.suse.org> # Security update for xorg-x11-server Announcement ID: SUSE-SU-2023:4269-1 Rating: important References: * bsc#1216133 * bsc#1216135 * bsc#1216261 Cross-References: * CVE-2023-5367 * CVE-2023-5380 * CVE-2023-5574 CVSS scores: * CVE-2023-5367 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5367 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5380 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5380 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5574 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5574 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for xorg-x11-server fixes the following issues: * CVE-2023-5574: Fixed a privilege escalation issue that could be triggered via the Damage extension protocol (bsc#1216261). * CVE-2023-5380: Fixed a memory safety issue that could be triggered when using multiple protocol screens (bsc#1216133). * CVE-2023-5367: Fixed a memory safety issue in both the XI2 and RandR protocols (bsc#1216135). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4269=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4269=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4269=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4269=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-debugsource-1.19.6-10.56.1 * xorg-x11-server-sdk-1.19.6-10.56.1 * xorg-x11-server-debuginfo-1.19.6-10.56.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * xorg-x11-server-extra-1.19.6-10.56.1 * xorg-x11-server-extra-debuginfo-1.19.6-10.56.1 * xorg-x11-server-1.19.6-10.56.1 * xorg-x11-server-debuginfo-1.19.6-10.56.1 * xorg-x11-server-debugsource-1.19.6-10.56.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-extra-1.19.6-10.56.1 * xorg-x11-server-extra-debuginfo-1.19.6-10.56.1 * xorg-x11-server-1.19.6-10.56.1 * xorg-x11-server-debuginfo-1.19.6-10.56.1 * xorg-x11-server-debugsource-1.19.6-10.56.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * xorg-x11-server-extra-1.19.6-10.56.1 * xorg-x11-server-extra-debuginfo-1.19.6-10.56.1 * xorg-x11-server-1.19.6-10.56.1 * xorg-x11-server-debuginfo-1.19.6-10.56.1 * xorg-x11-server-debugsource-1.19.6-10.56.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5367.html * https://www.suse.com/security/cve/CVE-2023-5380.html * https://www.suse.com/security/cve/CVE-2023-5574.html * https://bugzilla.suse.com/show_bug.cgi?id=1216133 * https://bugzilla.suse.com/show_bug.cgi?id=1216135 * https://bugzilla.suse.com/show_bug.cgi?id=1216261 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 31 08:02:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Oct 2023 09:02:43 +0100 (CET) Subject: SUSE-CU-2023:3624-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20231031080243.A6CB4F417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3624-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.247 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.247 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1216123 1216174 1216268 1216378 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 CVE-2023-46228 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4217-1 Released: Thu Oct 26 12:20:27 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4225-1 Released: Fri Oct 27 11:02:14 2023 Summary: Security update for zchunk Type: security Severity: important References: 1216268,CVE-2023-46228 This update for zchunk fixes the following issues: - CVE-2023-46228: Fixed a handle overflow errors in malformed zchunk files. (bsc#1216268) The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libz1-1.2.11-150000.3.48.1 updated - libzck1-1.1.16-150400.3.7.1 updated - container:sles15-image-15.0.0-27.14.115 updated From sle-updates at lists.suse.com Tue Oct 31 08:03:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Oct 2023 09:03:32 +0100 (CET) Subject: SUSE-CU-2023:3626-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20231031080332.51E36F417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3626-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.144 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.144 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1216123 1216174 1216268 1216378 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 CVE-2023-46228 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4217-1 Released: Thu Oct 26 12:20:27 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4225-1 Released: Fri Oct 27 11:02:14 2023 Summary: Security update for zchunk Type: security Severity: important References: 1216268,CVE-2023-46228 This update for zchunk fixes the following issues: - CVE-2023-46228: Fixed a handle overflow errors in malformed zchunk files. (bsc#1216268) The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libz1-1.2.11-150000.3.48.1 updated - libzck1-1.1.16-150400.3.7.1 updated - container:sles15-image-15.0.0-27.14.115 updated From sle-updates at lists.suse.com Tue Oct 31 08:03:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Oct 2023 09:03:42 +0100 (CET) Subject: SUSE-CU-2023:3627-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20231031080342.3BA9EF417@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3627-1 Container Tags : suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.89 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.89 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1216123 1216174 1216268 1216378 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 CVE-2023-46228 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4225-1 Released: Fri Oct 27 11:02:14 2023 Summary: Security update for zchunk Type: security Severity: important References: 1216268,CVE-2023-46228 This update for zchunk fixes the following issues: - CVE-2023-46228: Fixed a handle overflow errors in malformed zchunk files. (bsc#1216268) The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - libz1-1.2.13-150500.4.3.1 updated - libzck1-1.1.16-150400.3.7.1 updated - container:sles15-image-15.0.0-36.5.51 updated From sle-updates at lists.suse.com Tue Oct 31 08:30:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Oct 2023 08:30:43 -0000 Subject: SUSE-SU-2023:4285-1: important: Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP4) Message-ID: <169874104388.10475.14081577887745598069@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:4285-1 Rating: important References: * bsc#1212934 * bsc#1214812 * bsc#1215118 * bsc#1215440 Cross-References: * CVE-2023-3390 * CVE-2023-4004 * CVE-2023-4147 * CVE-2023-4623 CVSS scores: * CVE-2023-3390 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3390 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4004 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4147 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4147 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_41 fixes several issues. The following security issues were fixed: * CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1215118). * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215440). * CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1214812). * CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212934). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4282=1 SUSE-2023-4285=1 SUSE-2023-4283=1 SUSE-2023-4284=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4282=1 SUSE-SLE- Module-Live-Patching-15-SP4-2023-4285=1 SUSE-SLE-Module-Live- Patching-15-SP4-2023-4283=1 SUSE-SLE-Module-Live-Patching-15-SP4-2023-4284=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4281=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-4281=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_63-default-7-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_6-debugsource-11-150400.2.3 * kernel-livepatch-5_14_21-150400_24_38-default-11-150400.2.3 * kernel-livepatch-5_14_21-150400_24_60-default-debuginfo-7-150400.2.1 * kernel-livepatch-5_14_21-150400_24_63-default-debuginfo-7-150400.2.1 * kernel-livepatch-5_14_21-150400_24_38-default-debuginfo-11-150400.2.3 * kernel-livepatch-5_14_21-150400_24_41-default-debuginfo-10-150400.2.3 * kernel-livepatch-5_14_21-150400_24_60-default-7-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_11-debugsource-7-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_12-debugsource-7-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_7-debugsource-10-150400.2.3 * kernel-livepatch-5_14_21-150400_24_41-default-10-150400.2.3 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_63-default-7-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_6-debugsource-11-150400.2.3 * kernel-livepatch-5_14_21-150400_24_38-default-11-150400.2.3 * kernel-livepatch-5_14_21-150400_24_60-default-debuginfo-7-150400.2.1 * kernel-livepatch-5_14_21-150400_24_63-default-debuginfo-7-150400.2.1 * kernel-livepatch-5_14_21-150400_24_38-default-debuginfo-11-150400.2.3 * kernel-livepatch-5_14_21-150400_24_41-default-debuginfo-10-150400.2.3 * kernel-livepatch-5_14_21-150400_24_60-default-7-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_11-debugsource-7-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_12-debugsource-7-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_7-debugsource-10-150400.2.3 * kernel-livepatch-5_14_21-150400_24_41-default-10-150400.2.3 * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_121-default-7-150300.2.2 * kernel-livepatch-SLE15-SP3_Update_32-debugsource-7-150300.2.2 * kernel-livepatch-5_3_18-150300_59_121-default-debuginfo-7-150300.2.2 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_121-preempt-7-150300.2.2 * kernel-livepatch-5_3_18-150300_59_121-preempt-debuginfo-7-150300.2.2 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_121-default-7-150300.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-3390.html * https://www.suse.com/security/cve/CVE-2023-4004.html * https://www.suse.com/security/cve/CVE-2023-4147.html * https://www.suse.com/security/cve/CVE-2023-4623.html * https://bugzilla.suse.com/show_bug.cgi?id=1212934 * https://bugzilla.suse.com/show_bug.cgi?id=1214812 * https://bugzilla.suse.com/show_bug.cgi?id=1215118 * https://bugzilla.suse.com/show_bug.cgi?id=1215440 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 31 08:30:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Oct 2023 08:30:46 -0000 Subject: SUSE-SU-2023:4280-1: important: Security update for the Linux Kernel (Live Patch 44 for SLE 15 SP1) Message-ID: <169874104663.10475.12272811189222270758@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 44 for SLE 15 SP1) Announcement ID: SUSE-SU-2023:4280-1 Rating: important References: * bsc#1209683 * bsc#1210619 * bsc#1215440 Cross-References: * CVE-2023-1281 * CVE-2023-1829 * CVE-2023-4623 CVSS scores: * CVE-2023-1281 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-150100_197_157 fixes several issues. The following security issues were fixed: * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215440). * CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210619). * CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209683). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-4280=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64) * kernel-livepatch-4_12_14-150100_197_157-default-2-150100.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-1281.html * https://www.suse.com/security/cve/CVE-2023-1829.html * https://www.suse.com/security/cve/CVE-2023-4623.html * https://bugzilla.suse.com/show_bug.cgi?id=1209683 * https://bugzilla.suse.com/show_bug.cgi?id=1210619 * https://bugzilla.suse.com/show_bug.cgi?id=1215440 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 31 08:30:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Oct 2023 08:30:48 -0000 Subject: SUSE-SU-2023:4279-1: important: Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP2) Message-ID: <169874104896.10475.546532425771687919@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP2) Announcement ID: SUSE-SU-2023:4279-1 Rating: important References: * bsc#1212934 * bsc#1215440 Cross-References: * CVE-2023-3390 * CVE-2023-4623 CVSS scores: * CVE-2023-3390 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3390 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150200_24_145 fixes several issues. The following security issues were fixed: * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215440). * CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212934). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-4279=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150200_24_145-default-8-150200.2.1 * kernel-livepatch-SLE15-SP2_Update_34-debugsource-8-150200.2.1 * kernel-livepatch-5_3_18-150200_24_145-default-debuginfo-8-150200.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3390.html * https://www.suse.com/security/cve/CVE-2023-4623.html * https://bugzilla.suse.com/show_bug.cgi?id=1212934 * https://bugzilla.suse.com/show_bug.cgi?id=1215440 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 31 08:30:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Oct 2023 08:30:51 -0000 Subject: SUSE-SU-2023:4278-1: important: Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP1) Message-ID: <169874105107.10475.8890639206314150928@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP1) Announcement ID: SUSE-SU-2023:4278-1 Rating: important References: * bsc#1215440 Cross-References: * CVE-2023-4623 CVSS scores: * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 4.12.14-150100_197_134 fixes one issue. The following security issue was fixed: * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215440). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-4278=1 SUSE-SLE- Module-Live-Patching-15-SP1-2023-4277=1 SUSE-SLE-Module-Live- Patching-15-SP1-2023-4276=1 SUSE-SLE-Module-Live-Patching-15-SP1-2023-4274=1 SUSE-SLE-Module-Live-Patching-15-SP1-2023-4275=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64) * kernel-livepatch-4_12_14-150100_197_148-default-5-150100.2.2 * kernel-livepatch-4_12_14-150100_197_134-default-9-150100.2.3 * kernel-livepatch-4_12_14-150100_197_142-default-7-150100.2.2 * kernel-livepatch-4_12_14-150100_197_123-default-12-150100.2.3 * kernel-livepatch-4_12_14-150100_197_145-default-7-150100.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-4623.html * https://bugzilla.suse.com/show_bug.cgi?id=1215440 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 31 08:30:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Oct 2023 08:30:52 -0000 Subject: SUSE-RU-2023:4286-1: moderate: Recommended update for nbdkit Message-ID: <169874105282.10475.7865280757842953512@smelt2.prg2.suse.org> # Recommended update for nbdkit Announcement ID: SUSE-RU-2023:4286-1 Rating: moderate References: Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 An update that can now be installed. ## Description: This update for nbdkit fixes the following issues: * Update to version 1.36.1: * python: Document nbdkit.disconnect(force) helper function * python: List helper functions in alphabetical order * python: Clarify possible handle values returned by open() method * tests: Fix incorrect comment in tests * docs: Remove references to -U - when it is implicit * evil: Fix typo in man page * tests: Rename test-curl-options.sh and add more tests * docs: Finalize release notes for release tomorrow * curl: Use new curl_multi_get_handles API to simplify code * curl: Store pointer from curl easy handle to our struct curl_handle * README: Recommend new syntax for ASAN_OPTIONS * fuzzing/README: Remove advice to set ASAN_OPTIONS * docs: Small tweaks to the release notes * docs: Add outline release notes for forthcoming nbdkit 1.36 * tests: Add some consistency checks of the tests themselves * tests/test-evil-cosmic.sh: Use requires_nbdcopy * tests/test-nozero.sh: Test uses nbdsh -u but does not declare requirement * tests: Fix a couple more tests that are missing requires_run * docs: Expand Network Block Device (for NBD) in title ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4286=1 openSUSE-SLE-15.4-2023-4286=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4286=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * nbdkit-xz-filter-debuginfo-1.36.1-150400.3.6.1 * nbdkit-curl-plugin-debuginfo-1.36.1-150400.3.6.1 * nbdkit-basic-plugins-debuginfo-1.36.1-150400.3.6.1 * nbdkit-server-1.36.1-150400.3.6.1 * nbdkit-tmpdisk-plugin-debuginfo-1.36.1-150400.3.6.1 * nbdkit-python-plugin-debuginfo-1.36.1-150400.3.6.1 * nbdkit-1.36.1-150400.3.6.1 * nbdkit-debugsource-1.36.1-150400.3.6.1 * nbdkit-gzip-filter-debuginfo-1.36.1-150400.3.6.1 * nbdkit-example-plugins-1.36.1-150400.3.6.1 * nbdkit-tmpdisk-plugin-1.36.1-150400.3.6.1 * nbdkit-curl-plugin-1.36.1-150400.3.6.1 * nbdkit-tar-filter-1.36.1-150400.3.6.1 * nbdkit-xz-filter-1.36.1-150400.3.6.1 * nbdkit-linuxdisk-plugin-debuginfo-1.36.1-150400.3.6.1 * nbdkit-server-debuginfo-1.36.1-150400.3.6.1 * nbdkit-ssh-plugin-debuginfo-1.36.1-150400.3.6.1 * nbdkit-example-plugins-debuginfo-1.36.1-150400.3.6.1 * nbdkit-basic-filters-1.36.1-150400.3.6.1 * nbdkit-ssh-plugin-1.36.1-150400.3.6.1 * nbdkit-basic-filters-debuginfo-1.36.1-150400.3.6.1 * nbdkit-devel-1.36.1-150400.3.6.1 * nbdkit-linuxdisk-plugin-1.36.1-150400.3.6.1 * nbdkit-debuginfo-1.36.1-150400.3.6.1 * nbdkit-nbd-plugin-1.36.1-150400.3.6.1 * nbdkit-python-plugin-1.36.1-150400.3.6.1 * nbdkit-nbd-plugin-debuginfo-1.36.1-150400.3.6.1 * nbdkit-basic-plugins-1.36.1-150400.3.6.1 * nbdkit-gzip-filter-1.36.1-150400.3.6.1 * nbdkit-tar-filter-debuginfo-1.36.1-150400.3.6.1 * openSUSE Leap 15.4 (noarch) * nbdkit-bash-completion-1.36.1-150400.3.6.1 * openSUSE Leap 15.4 (x86_64) * nbdkit-vddk-plugin-debuginfo-1.36.1-150400.3.6.1 * nbdkit-vddk-plugin-1.36.1-150400.3.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * nbdkit-xz-filter-debuginfo-1.36.1-150400.3.6.1 * nbdkit-curl-plugin-debuginfo-1.36.1-150400.3.6.1 * nbdkit-basic-plugins-debuginfo-1.36.1-150400.3.6.1 * nbdkit-server-1.36.1-150400.3.6.1 * nbdkit-tmpdisk-plugin-debuginfo-1.36.1-150400.3.6.1 * nbdkit-python-plugin-debuginfo-1.36.1-150400.3.6.1 * nbdkit-1.36.1-150400.3.6.1 * nbdkit-debugsource-1.36.1-150400.3.6.1 * nbdkit-gzip-filter-debuginfo-1.36.1-150400.3.6.1 * nbdkit-example-plugins-1.36.1-150400.3.6.1 * nbdkit-tmpdisk-plugin-1.36.1-150400.3.6.1 * nbdkit-curl-plugin-1.36.1-150400.3.6.1 * nbdkit-tar-filter-1.36.1-150400.3.6.1 * nbdkit-xz-filter-1.36.1-150400.3.6.1 * nbdkit-linuxdisk-plugin-debuginfo-1.36.1-150400.3.6.1 * nbdkit-server-debuginfo-1.36.1-150400.3.6.1 * nbdkit-ssh-plugin-debuginfo-1.36.1-150400.3.6.1 * nbdkit-example-plugins-debuginfo-1.36.1-150400.3.6.1 * nbdkit-basic-filters-1.36.1-150400.3.6.1 * nbdkit-ssh-plugin-1.36.1-150400.3.6.1 * nbdkit-basic-filters-debuginfo-1.36.1-150400.3.6.1 * nbdkit-devel-1.36.1-150400.3.6.1 * nbdkit-linuxdisk-plugin-1.36.1-150400.3.6.1 * nbdkit-debuginfo-1.36.1-150400.3.6.1 * nbdkit-nbd-plugin-1.36.1-150400.3.6.1 * nbdkit-python-plugin-1.36.1-150400.3.6.1 * nbdkit-nbd-plugin-debuginfo-1.36.1-150400.3.6.1 * nbdkit-basic-plugins-1.36.1-150400.3.6.1 * nbdkit-gzip-filter-1.36.1-150400.3.6.1 * nbdkit-tar-filter-debuginfo-1.36.1-150400.3.6.1 * openSUSE Leap 15.5 (noarch) * nbdkit-bash-completion-1.36.1-150400.3.6.1 * openSUSE Leap 15.5 (x86_64) * nbdkit-vddk-plugin-debuginfo-1.36.1-150400.3.6.1 * nbdkit-vddk-plugin-1.36.1-150400.3.6.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 31 12:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Oct 2023 12:30:04 -0000 Subject: SUSE-SU-2023:4301-1: important: Security update for the Linux Kernel (Live Patch 16 for SLE 15 SP4) Message-ID: <169875540446.7875.11222285360307986669@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 16 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:4301-1 Rating: important References: * bsc#1215118 * bsc#1215440 Cross-References: * CVE-2023-4147 * CVE-2023-4623 CVSS scores: * CVE-2023-4147 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4147 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_81 fixes several issues. The following security issues were fixed: * CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1215118). * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215440). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4301=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4301=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_81-default-3-150400.2.1 * kernel-livepatch-5_14_21-150400_24_81-default-debuginfo-3-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_16-debugsource-3-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_81-default-3-150400.2.1 * kernel-livepatch-5_14_21-150400_24_81-default-debuginfo-3-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_16-debugsource-3-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4147.html * https://www.suse.com/security/cve/CVE-2023-4623.html * https://bugzilla.suse.com/show_bug.cgi?id=1215118 * https://bugzilla.suse.com/show_bug.cgi?id=1215440 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 31 12:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Oct 2023 12:30:08 -0000 Subject: SUSE-SU-2023:4300-1: important: Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP5) Message-ID: <169875540832.7875.16790955808120207517@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP5) Announcement ID: SUSE-SU-2023:4300-1 Rating: important References: * bsc#1215440 Cross-References: * CVE-2023-4623 CVSS scores: * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_147 fixes one issue. The following security issue was fixed: * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215440). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-4300=1 SUSE-SLE-Live- Patching-12-SP5-2023-4298=1 SUSE-SLE-Live-Patching-12-SP5-2023-4299=1 * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-4305=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_147-default-9-2.3 * kgraft-patch-4_12_14-122_156-default-7-2.2 * kgraft-patch-4_12_14-122_144-default-10-2.3 * SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64) * kernel-livepatch-4_12_14-150100_197_131-default-10-150100.2.3 ## References: * https://www.suse.com/security/cve/CVE-2023-4623.html * https://bugzilla.suse.com/show_bug.cgi?id=1215440 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 31 12:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Oct 2023 12:30:11 -0000 Subject: SUSE-SU-2023:4306-1: important: Security update for xwayland Message-ID: <169875541104.7875.10128554416768320727@smelt2.prg2.suse.org> # Security update for xwayland Announcement ID: SUSE-SU-2023:4306-1 Rating: important References: * bsc#1216135 * bsc#1216261 Cross-References: * CVE-2023-5367 * CVE-2023-5574 CVSS scores: * CVE-2023-5367 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5367 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5574 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5574 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for xwayland fixes the following issues: * CVE-2023-5574: Fixed a privilege escalation issue that could be triggered via the Damage extension protocol (bsc#1216261). * CVE-2023-5367: Fixed a memory safety issue in both the XI2 and RandR protocols (bsc#1216135). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4306=1 openSUSE-SLE-15.5-2023-4306=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4306=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * xwayland-22.1.5-150500.7.5.1 * xwayland-debuginfo-22.1.5-150500.7.5.1 * xwayland-debugsource-22.1.5-150500.7.5.1 * xwayland-devel-22.1.5-150500.7.5.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * xwayland-22.1.5-150500.7.5.1 * xwayland-debuginfo-22.1.5-150500.7.5.1 * xwayland-debugsource-22.1.5-150500.7.5.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5367.html * https://www.suse.com/security/cve/CVE-2023-5574.html * https://bugzilla.suse.com/show_bug.cgi?id=1216135 * https://bugzilla.suse.com/show_bug.cgi?id=1216261 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 31 12:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Oct 2023 12:30:14 -0000 Subject: SUSE-RU-2023:4304-1: moderate: Recommended update for cloud-regionsrv-client Message-ID: <169875541461.7875.4725804195579623795@smelt2.prg2.suse.org> # Recommended update for cloud-regionsrv-client Announcement ID: SUSE-RU-2023:4304-1 Rating: moderate References: * bsc#1214801 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for cloud-regionsrv-client fixes the following issues: * Update to version 10.1.3 (bsc#1214801): * Fixes an issue when it is unable to register a 'payg' instance. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4304=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4304=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4304=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4304=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4304=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4304=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4304=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4304=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4304=1 * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-4304=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-4304=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-4304=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-4304=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-4304=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.99.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.99.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.99.1 * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.99.1 * cloud-regionsrv-client-10.1.3-150000.6.99.1 * cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.99.1 * openSUSE Leap Micro 5.4 (noarch) * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.99.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.99.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.99.1 * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.99.1 * cloud-regionsrv-client-10.1.3-150000.6.99.1 * cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.99.1 * openSUSE Leap 15.4 (noarch) * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.99.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.99.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.99.1 * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.99.1 * cloud-regionsrv-client-10.1.3-150000.6.99.1 * cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.99.1 * openSUSE Leap 15.5 (noarch) * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.99.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.99.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.99.1 * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.99.1 * cloud-regionsrv-client-10.1.3-150000.6.99.1 * cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.99.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.99.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.99.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.99.1 * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.99.1 * cloud-regionsrv-client-10.1.3-150000.6.99.1 * cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.99.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.99.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.99.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.99.1 * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.99.1 * cloud-regionsrv-client-10.1.3-150000.6.99.1 * cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.99.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.99.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.99.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.99.1 * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.99.1 * cloud-regionsrv-client-10.1.3-150000.6.99.1 * cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.99.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.99.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.99.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.99.1 * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.99.1 * cloud-regionsrv-client-10.1.3-150000.6.99.1 * cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.99.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.99.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.99.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.99.1 * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.99.1 * cloud-regionsrv-client-10.1.3-150000.6.99.1 * cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.99.1 * Public Cloud Module 15-SP1 (noarch) * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.99.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.99.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.99.1 * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.99.1 * cloud-regionsrv-client-10.1.3-150000.6.99.1 * cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.99.1 * Public Cloud Module 15-SP2 (noarch) * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.99.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.99.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.99.1 * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.99.1 * cloud-regionsrv-client-10.1.3-150000.6.99.1 * cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.99.1 * Public Cloud Module 15-SP3 (noarch) * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.99.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.99.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.99.1 * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.99.1 * cloud-regionsrv-client-10.1.3-150000.6.99.1 * cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.99.1 * Public Cloud Module 15-SP4 (noarch) * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.99.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.99.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.99.1 * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.99.1 * cloud-regionsrv-client-10.1.3-150000.6.99.1 * cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.99.1 * Public Cloud Module 15-SP5 (noarch) * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.99.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.99.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.99.1 * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.99.1 * cloud-regionsrv-client-10.1.3-150000.6.99.1 * cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.99.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214801 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 31 12:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Oct 2023 12:30:16 -0000 Subject: SUSE-RU-2023:4303-1: moderate: Recommended update for timezone Message-ID: <169875541656.7875.11949750058167981902@smelt2.prg2.suse.org> # Recommended update for timezone Announcement ID: SUSE-RU-2023:4303-1 Rating: moderate References: * jsc#PED-5565 Affected Products: * SUSE Linux Enterprise Server 11 SP4 * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 An update that contains one feature can now be installed. ## Description: * This update has no source changes just adding the timezone package to the LTSS Extreme Core channel. (jsc#PED-5565) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2023-4303=1 * SUSE Linux Enterprise Server 11 SP4 zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2023-4303=1 ## Package List: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 (x86_64) * timezone-2023c-0.52.45.1 * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 (noarch) * timezone-java-2023c-0.52.45.1 * SUSE Linux Enterprise Server 11 SP4 (x86_64) * timezone-2023c-0.52.45.1 * SUSE Linux Enterprise Server 11 SP4 (noarch) * timezone-java-2023c-0.52.45.1 ## References: * https://jira.suse.com/browse/PED-5565 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 31 12:30:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Oct 2023 12:30:18 -0000 Subject: SUSE-SU-2023:4302-1: important: Security update for MozillaThunderbird Message-ID: <169875541836.7875.5832259859522578543@smelt2.prg2.suse.org> # Security update for MozillaThunderbird Announcement ID: SUSE-SU-2023:4302-1 Rating: important References: * bsc#1216338 Cross-References: * CVE-2023-5721 * CVE-2023-5724 * CVE-2023-5725 * CVE-2023-5726 * CVE-2023-5727 * CVE-2023-5728 * CVE-2023-5730 * CVE-2023-5732 CVSS scores: * CVE-2023-5721 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-5724 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5725 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5726 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5727 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5728 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5730 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-5732 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves eight vulnerabilities can now be installed. ## Description: This update for MozillaThunderbird fixes the following issues: * Updated to version 115.4.1: * CVE-2023-5721: Fixed a potential clickjack via queued up rendering. * CVE-2023-5732: Fixed an address bar spoofing via bidirectional characters * CVE-2023-5724: Fixed a crash due to a large WebGL draw. * CVE-2023-5725: Fixed an issue where WebExtensions could open arbitrary URLs. * CVE-2023-5726: Fixed an issue where fullscreen notifications would be obscured by file the open dialog on macOS. * CVE-2023-5727: Fixed a download protection bypass on on Windows. * CVE-2023-5728: Fixed a crash caused by improper object tracking during GC in the JavaScript engine. * CVE-2023-5730: Fixed multiple memory safety issues. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4302=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4302=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4302=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4302=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-4302=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4302=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * MozillaThunderbird-115.4.1-150200.8.136.1 * MozillaThunderbird-translations-common-115.4.1-150200.8.136.1 * MozillaThunderbird-translations-other-115.4.1-150200.8.136.1 * MozillaThunderbird-debuginfo-115.4.1-150200.8.136.1 * MozillaThunderbird-debugsource-115.4.1-150200.8.136.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * MozillaThunderbird-115.4.1-150200.8.136.1 * MozillaThunderbird-translations-common-115.4.1-150200.8.136.1 * MozillaThunderbird-translations-other-115.4.1-150200.8.136.1 * MozillaThunderbird-debuginfo-115.4.1-150200.8.136.1 * MozillaThunderbird-debugsource-115.4.1-150200.8.136.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x) * MozillaThunderbird-115.4.1-150200.8.136.1 * MozillaThunderbird-translations-common-115.4.1-150200.8.136.1 * MozillaThunderbird-translations-other-115.4.1-150200.8.136.1 * MozillaThunderbird-debuginfo-115.4.1-150200.8.136.1 * MozillaThunderbird-debugsource-115.4.1-150200.8.136.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x) * MozillaThunderbird-115.4.1-150200.8.136.1 * MozillaThunderbird-translations-common-115.4.1-150200.8.136.1 * MozillaThunderbird-translations-other-115.4.1-150200.8.136.1 * MozillaThunderbird-debuginfo-115.4.1-150200.8.136.1 * MozillaThunderbird-debugsource-115.4.1-150200.8.136.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * MozillaThunderbird-115.4.1-150200.8.136.1 * MozillaThunderbird-translations-common-115.4.1-150200.8.136.1 * MozillaThunderbird-translations-other-115.4.1-150200.8.136.1 * MozillaThunderbird-debuginfo-115.4.1-150200.8.136.1 * MozillaThunderbird-debugsource-115.4.1-150200.8.136.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * MozillaThunderbird-115.4.1-150200.8.136.1 * MozillaThunderbird-translations-common-115.4.1-150200.8.136.1 * MozillaThunderbird-translations-other-115.4.1-150200.8.136.1 * MozillaThunderbird-debuginfo-115.4.1-150200.8.136.1 * MozillaThunderbird-debugsource-115.4.1-150200.8.136.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5721.html * https://www.suse.com/security/cve/CVE-2023-5724.html * https://www.suse.com/security/cve/CVE-2023-5725.html * https://www.suse.com/security/cve/CVE-2023-5726.html * https://www.suse.com/security/cve/CVE-2023-5727.html * https://www.suse.com/security/cve/CVE-2023-5728.html * https://www.suse.com/security/cve/CVE-2023-5730.html * https://www.suse.com/security/cve/CVE-2023-5732.html * https://bugzilla.suse.com/show_bug.cgi?id=1216338 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 31 12:30:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Oct 2023 12:30:21 -0000 Subject: SUSE-SU-2023:4297-1: important: Security update for clamav Message-ID: <169875542136.7875.11138834314745029745@smelt2.prg2.suse.org> # Security update for clamav Announcement ID: SUSE-SU-2023:4297-1 Rating: important References: * bsc#1216625 Cross-References: * CVE-2023-40477 CVSS scores: Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for clamav fixes the following issues: * Updated to version 0.103.11: * CVE-2023-40477: Updated libclamunrar dependency to version 6.2.12 (bsc#1216625). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4297=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4297=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4297=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * clamav-debugsource-0.103.11-3.30.1 * clamav-0.103.11-3.30.1 * clamav-debuginfo-0.103.11-3.30.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * clamav-debugsource-0.103.11-3.30.1 * clamav-0.103.11-3.30.1 * clamav-debuginfo-0.103.11-3.30.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * clamav-debugsource-0.103.11-3.30.1 * clamav-0.103.11-3.30.1 * clamav-debuginfo-0.103.11-3.30.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40477.html * https://bugzilla.suse.com/show_bug.cgi?id=1216625 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 31 12:30:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Oct 2023 12:30:24 -0000 Subject: SUSE-SU-2023:4295-1: important: Security update for nodejs10 Message-ID: <169875542452.7875.5016163292720636473@smelt2.prg2.suse.org> # Security update for nodejs10 Announcement ID: SUSE-SU-2023:4295-1 Rating: important References: * bsc#1216190 Cross-References: * CVE-2023-44487 CVSS scores: * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability can now be installed. ## Description: This update for nodejs10 fixes the following issues: * CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4295=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4295=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4295=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4295=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4295=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4295=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4295=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * npm10-10.24.1-150000.1.62.3 * nodejs10-debuginfo-10.24.1-150000.1.62.3 * nodejs10-debugsource-10.24.1-150000.1.62.3 * nodejs10-devel-10.24.1-150000.1.62.3 * nodejs10-10.24.1-150000.1.62.3 * openSUSE Leap 15.4 (noarch) * nodejs10-docs-10.24.1-150000.1.62.3 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * npm10-10.24.1-150000.1.62.3 * nodejs10-debuginfo-10.24.1-150000.1.62.3 * nodejs10-debugsource-10.24.1-150000.1.62.3 * nodejs10-devel-10.24.1-150000.1.62.3 * nodejs10-10.24.1-150000.1.62.3 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * nodejs10-docs-10.24.1-150000.1.62.3 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * npm10-10.24.1-150000.1.62.3 * nodejs10-debuginfo-10.24.1-150000.1.62.3 * nodejs10-debugsource-10.24.1-150000.1.62.3 * nodejs10-devel-10.24.1-150000.1.62.3 * nodejs10-10.24.1-150000.1.62.3 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * nodejs10-docs-10.24.1-150000.1.62.3 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * npm10-10.24.1-150000.1.62.3 * nodejs10-debuginfo-10.24.1-150000.1.62.3 * nodejs10-debugsource-10.24.1-150000.1.62.3 * nodejs10-devel-10.24.1-150000.1.62.3 * nodejs10-10.24.1-150000.1.62.3 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * nodejs10-docs-10.24.1-150000.1.62.3 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * npm10-10.24.1-150000.1.62.3 * nodejs10-debuginfo-10.24.1-150000.1.62.3 * nodejs10-debugsource-10.24.1-150000.1.62.3 * nodejs10-devel-10.24.1-150000.1.62.3 * nodejs10-10.24.1-150000.1.62.3 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * nodejs10-docs-10.24.1-150000.1.62.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * npm10-10.24.1-150000.1.62.3 * nodejs10-debuginfo-10.24.1-150000.1.62.3 * nodejs10-debugsource-10.24.1-150000.1.62.3 * nodejs10-devel-10.24.1-150000.1.62.3 * nodejs10-10.24.1-150000.1.62.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * nodejs10-docs-10.24.1-150000.1.62.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * npm10-10.24.1-150000.1.62.3 * nodejs10-debuginfo-10.24.1-150000.1.62.3 * nodejs10-debugsource-10.24.1-150000.1.62.3 * nodejs10-devel-10.24.1-150000.1.62.3 * nodejs10-10.24.1-150000.1.62.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * nodejs10-docs-10.24.1-150000.1.62.3 * SUSE CaaS Platform 4.0 (x86_64) * npm10-10.24.1-150000.1.62.3 * nodejs10-debuginfo-10.24.1-150000.1.62.3 * nodejs10-debugsource-10.24.1-150000.1.62.3 * nodejs10-devel-10.24.1-150000.1.62.3 * nodejs10-10.24.1-150000.1.62.3 * SUSE CaaS Platform 4.0 (noarch) * nodejs10-docs-10.24.1-150000.1.62.3 ## References: * https://www.suse.com/security/cve/CVE-2023-44487.html * https://bugzilla.suse.com/show_bug.cgi?id=1216190 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 31 12:30:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Oct 2023 12:30:29 -0000 Subject: SUSE-SU-2023:4294-1: important: Security update for webkit2gtk3 Message-ID: <169875542931.7875.263349765919811193@smelt2.prg2.suse.org> # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2023:4294-1 Rating: important References: * bsc#1214093 * bsc#1214640 * bsc#1214835 * bsc#1215072 * bsc#1215661 * bsc#1215866 * bsc#1215867 * bsc#1215868 * bsc#1215869 * bsc#1215870 * bsc#1216483 Cross-References: * CVE-2023-35074 * CVE-2023-39434 * CVE-2023-39928 * CVE-2023-40451 * CVE-2023-41074 * CVE-2023-41993 CVSS scores: * CVE-2023-35074 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-35074 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-39434 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-39434 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-39928 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-39928 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-40451 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-40451 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-41074 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-41074 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-41993 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L * CVE-2023-41993 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves six vulnerabilities and has five security fixes can now be installed. ## Description: This update for webkit2gtk3 ships missing Lang packages to SUSE Linux Enterprise 15 SP4 and SP5. Security fixes: * CVE-2023-41993: Fixed an issue where processing malicious web content could have lead to arbitrary code execution (bsc#1215661). * CVE-2023-39928: Fixed a use-after-free that could be exploited to execute arbitrary code when visiting a malicious webpage (bsc#1215868). * CVE-2023-41074: Fixed an issue where processing malicious web content could have lead to arbitrary code execution (bsc#1215870). Other fixes: * Fixed missing package dependencies (bsc#1215072). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4294=1 openSUSE-SLE-15.4-2023-4294=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4294=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4294=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4294=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4294=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4294=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4294=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4294=1 ## Package List: * openSUSE Leap 15.4 (noarch) * WebKitGTK-4.0-lang-2.42.1-150400.4.57.2 * WebKitGTK-6.0-lang-2.42.1-150400.4.57.3 * WebKitGTK-4.1-lang-2.42.1-150400.4.57.2 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * typelib-1_0-WebKit2-4_0-2.42.1-150400.4.57.2 * webkit2gtk4-minibrowser-debuginfo-2.42.1-150400.4.57.3 * libjavascriptcoregtk-6_0-1-2.42.1-150400.4.57.3 * webkit2gtk3-devel-2.42.1-150400.4.57.2 * libwebkit2gtk-4_1-0-2.42.1-150400.4.57.2 * typelib-1_0-WebKit2WebExtension-4_1-2.42.1-150400.4.57.2 * webkitgtk-6_0-injected-bundles-debuginfo-2.42.1-150400.4.57.3 * libjavascriptcoregtk-4_1-0-debuginfo-2.42.1-150400.4.57.2 * webkit-jsc-6.0-2.42.1-150400.4.57.3 * libwebkit2gtk-4_1-0-debuginfo-2.42.1-150400.4.57.2 * libjavascriptcoregtk-4_1-0-2.42.1-150400.4.57.2 * typelib-1_0-JavaScriptCore-6_0-2.42.1-150400.4.57.3 * libwebkitgtk-6_0-4-debuginfo-2.42.1-150400.4.57.3 * webkit2gtk-4_1-injected-bundles-2.42.1-150400.4.57.2 * webkit2gtk4-minibrowser-2.42.1-150400.4.57.3 * webkit-jsc-4-debuginfo-2.42.1-150400.4.57.2 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.1-150400.4.57.2 * typelib-1_0-WebKit-6_0-2.42.1-150400.4.57.3 * libjavascriptcoregtk-6_0-1-debuginfo-2.42.1-150400.4.57.3 * typelib-1_0-JavaScriptCore-4_0-2.42.1-150400.4.57.2 * webkit2gtk4-devel-2.42.1-150400.4.57.3 * webkit2gtk3-soup2-minibrowser-2.42.1-150400.4.57.2 * webkit-jsc-4-2.42.1-150400.4.57.2 * webkit2gtk3-debugsource-2.42.1-150400.4.57.2 * libjavascriptcoregtk-4_0-18-2.42.1-150400.4.57.2 * webkitgtk-6_0-injected-bundles-2.42.1-150400.4.57.3 * typelib-1_0-WebKitWebProcessExtension-6_0-2.42.1-150400.4.57.3 * libwebkitgtk-6_0-4-2.42.1-150400.4.57.3 * libwebkit2gtk-4_0-37-2.42.1-150400.4.57.2 * webkit2gtk-4_1-injected-bundles-debuginfo-2.42.1-150400.4.57.2 * webkit-jsc-4.1-debuginfo-2.42.1-150400.4.57.2 * typelib-1_0-JavaScriptCore-4_1-2.42.1-150400.4.57.2 * webkit2gtk-4_0-injected-bundles-2.42.1-150400.4.57.2 * webkit2gtk3-soup2-minibrowser-debuginfo-2.42.1-150400.4.57.2 * typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150400.4.57.2 * webkit2gtk3-minibrowser-2.42.1-150400.4.57.2 * webkit2gtk3-soup2-devel-2.42.1-150400.4.57.2 * webkit2gtk4-debugsource-2.42.1-150400.4.57.3 * webkit2gtk3-soup2-debugsource-2.42.1-150400.4.57.2 * libwebkit2gtk-4_0-37-debuginfo-2.42.1-150400.4.57.2 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.1-150400.4.57.2 * webkit-jsc-6.0-debuginfo-2.42.1-150400.4.57.3 * webkit-jsc-4.1-2.42.1-150400.4.57.2 * webkit2gtk3-minibrowser-debuginfo-2.42.1-150400.4.57.2 * typelib-1_0-WebKit2-4_1-2.42.1-150400.4.57.2 * openSUSE Leap 15.4 (x86_64) * libjavascriptcoregtk-4_1-0-32bit-2.42.1-150400.4.57.2 * libwebkit2gtk-4_1-0-32bit-2.42.1-150400.4.57.2 * libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.42.1-150400.4.57.2 * libjavascriptcoregtk-4_0-18-32bit-2.42.1-150400.4.57.2 * libwebkit2gtk-4_0-37-32bit-2.42.1-150400.4.57.2 * libwebkit2gtk-4_1-0-32bit-debuginfo-2.42.1-150400.4.57.2 * libwebkit2gtk-4_0-37-32bit-debuginfo-2.42.1-150400.4.57.2 * libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.42.1-150400.4.57.2 * openSUSE Leap 15.4 (aarch64_ilp32) * libjavascriptcoregtk-4_1-0-64bit-2.42.1-150400.4.57.2 * libjavascriptcoregtk-4_1-0-64bit-debuginfo-2.42.1-150400.4.57.2 * libwebkit2gtk-4_0-37-64bit-debuginfo-2.42.1-150400.4.57.2 * libjavascriptcoregtk-4_0-18-64bit-debuginfo-2.42.1-150400.4.57.2 * libjavascriptcoregtk-4_0-18-64bit-2.42.1-150400.4.57.2 * libwebkit2gtk-4_1-0-64bit-2.42.1-150400.4.57.2 * libwebkit2gtk-4_1-0-64bit-debuginfo-2.42.1-150400.4.57.2 * libwebkit2gtk-4_0-37-64bit-2.42.1-150400.4.57.2 * openSUSE Leap 15.5 (noarch) * WebKitGTK-4.0-lang-2.42.1-150400.4.57.2 * WebKitGTK-6.0-lang-2.42.1-150400.4.57.3 * WebKitGTK-4.1-lang-2.42.1-150400.4.57.2 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * typelib-1_0-WebKit2-4_0-2.42.1-150400.4.57.2 * webkit2gtk4-minibrowser-debuginfo-2.42.1-150400.4.57.3 * libjavascriptcoregtk-6_0-1-2.42.1-150400.4.57.3 * webkit2gtk3-devel-2.42.1-150400.4.57.2 * libwebkit2gtk-4_1-0-2.42.1-150400.4.57.2 * typelib-1_0-WebKit2WebExtension-4_1-2.42.1-150400.4.57.2 * webkitgtk-6_0-injected-bundles-debuginfo-2.42.1-150400.4.57.3 * libjavascriptcoregtk-4_1-0-debuginfo-2.42.1-150400.4.57.2 * webkit-jsc-6.0-2.42.1-150400.4.57.3 * libwebkit2gtk-4_1-0-debuginfo-2.42.1-150400.4.57.2 * libjavascriptcoregtk-4_1-0-2.42.1-150400.4.57.2 * typelib-1_0-JavaScriptCore-6_0-2.42.1-150400.4.57.3 * libwebkitgtk-6_0-4-debuginfo-2.42.1-150400.4.57.3 * webkit2gtk-4_1-injected-bundles-2.42.1-150400.4.57.2 * webkit2gtk4-minibrowser-2.42.1-150400.4.57.3 * webkit-jsc-4-debuginfo-2.42.1-150400.4.57.2 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.1-150400.4.57.2 * typelib-1_0-WebKit-6_0-2.42.1-150400.4.57.3 * libjavascriptcoregtk-6_0-1-debuginfo-2.42.1-150400.4.57.3 * typelib-1_0-JavaScriptCore-4_0-2.42.1-150400.4.57.2 * webkit2gtk4-devel-2.42.1-150400.4.57.3 * webkit2gtk3-soup2-minibrowser-2.42.1-150400.4.57.2 * webkit-jsc-4-2.42.1-150400.4.57.2 * libjavascriptcoregtk-4_0-18-2.42.1-150400.4.57.2 * webkit2gtk3-debugsource-2.42.1-150400.4.57.2 * webkitgtk-6_0-injected-bundles-2.42.1-150400.4.57.3 * typelib-1_0-WebKitWebProcessExtension-6_0-2.42.1-150400.4.57.3 * libwebkitgtk-6_0-4-2.42.1-150400.4.57.3 * libwebkit2gtk-4_0-37-2.42.1-150400.4.57.2 * webkit2gtk-4_1-injected-bundles-debuginfo-2.42.1-150400.4.57.2 * webkit-jsc-4.1-debuginfo-2.42.1-150400.4.57.2 * typelib-1_0-JavaScriptCore-4_1-2.42.1-150400.4.57.2 * webkit2gtk-4_0-injected-bundles-2.42.1-150400.4.57.2 * webkit2gtk3-soup2-minibrowser-debuginfo-2.42.1-150400.4.57.2 * typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150400.4.57.2 * webkit2gtk3-minibrowser-2.42.1-150400.4.57.2 * webkit2gtk3-soup2-devel-2.42.1-150400.4.57.2 * webkit2gtk4-debugsource-2.42.1-150400.4.57.3 * webkit2gtk3-soup2-debugsource-2.42.1-150400.4.57.2 * libwebkit2gtk-4_0-37-debuginfo-2.42.1-150400.4.57.2 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.1-150400.4.57.2 * webkit-jsc-6.0-debuginfo-2.42.1-150400.4.57.3 * webkit-jsc-4.1-2.42.1-150400.4.57.2 * webkit2gtk3-minibrowser-debuginfo-2.42.1-150400.4.57.2 * typelib-1_0-WebKit2-4_1-2.42.1-150400.4.57.2 * openSUSE Leap 15.5 (x86_64) * libjavascriptcoregtk-4_1-0-32bit-2.42.1-150400.4.57.2 * libwebkit2gtk-4_1-0-32bit-2.42.1-150400.4.57.2 * libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.42.1-150400.4.57.2 * libjavascriptcoregtk-4_0-18-32bit-2.42.1-150400.4.57.2 * libwebkit2gtk-4_1-0-32bit-debuginfo-2.42.1-150400.4.57.2 * libwebkit2gtk-4_0-37-32bit-debuginfo-2.42.1-150400.4.57.2 * libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.42.1-150400.4.57.2 * libwebkit2gtk-4_0-37-32bit-2.42.1-150400.4.57.2 * openSUSE Leap 15.5 (aarch64_ilp32) * libjavascriptcoregtk-4_1-0-64bit-2.42.1-150400.4.57.2 * libjavascriptcoregtk-4_1-0-64bit-debuginfo-2.42.1-150400.4.57.2 * libwebkit2gtk-4_0-37-64bit-debuginfo-2.42.1-150400.4.57.2 * libjavascriptcoregtk-4_0-18-64bit-debuginfo-2.42.1-150400.4.57.2 * libjavascriptcoregtk-4_0-18-64bit-2.42.1-150400.4.57.2 * libwebkit2gtk-4_1-0-64bit-2.42.1-150400.4.57.2 * libwebkit2gtk-4_1-0-64bit-debuginfo-2.42.1-150400.4.57.2 * libwebkit2gtk-4_0-37-64bit-2.42.1-150400.4.57.2 * Basesystem Module 15-SP4 (noarch) * WebKitGTK-4.0-lang-2.42.1-150400.4.57.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * typelib-1_0-WebKit2-4_0-2.42.1-150400.4.57.2 * typelib-1_0-JavaScriptCore-4_0-2.42.1-150400.4.57.2 * typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150400.4.57.2 * webkit2gtk3-soup2-devel-2.42.1-150400.4.57.2 * libjavascriptcoregtk-4_0-18-2.42.1-150400.4.57.2 * webkit2gtk3-soup2-debugsource-2.42.1-150400.4.57.2 * libwebkit2gtk-4_0-37-debuginfo-2.42.1-150400.4.57.2 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.1-150400.4.57.2 * libwebkit2gtk-4_0-37-2.42.1-150400.4.57.2 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.1-150400.4.57.2 * webkit2gtk-4_0-injected-bundles-2.42.1-150400.4.57.2 * Basesystem Module 15-SP5 (noarch) * WebKitGTK-4.0-lang-2.42.1-150400.4.57.2 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * typelib-1_0-WebKit2-4_0-2.42.1-150400.4.57.2 * typelib-1_0-JavaScriptCore-4_0-2.42.1-150400.4.57.2 * typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150400.4.57.2 * webkit2gtk3-soup2-devel-2.42.1-150400.4.57.2 * libjavascriptcoregtk-4_0-18-2.42.1-150400.4.57.2 * webkit2gtk3-soup2-debugsource-2.42.1-150400.4.57.2 * libwebkit2gtk-4_0-37-debuginfo-2.42.1-150400.4.57.2 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.1-150400.4.57.2 * libwebkit2gtk-4_0-37-2.42.1-150400.4.57.2 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.1-150400.4.57.2 * webkit2gtk-4_0-injected-bundles-2.42.1-150400.4.57.2 * Desktop Applications Module 15-SP4 (noarch) * WebKitGTK-4.1-lang-2.42.1-150400.4.57.2 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * webkit2gtk3-debugsource-2.42.1-150400.4.57.2 * webkit2gtk3-devel-2.42.1-150400.4.57.2 * libwebkit2gtk-4_1-0-2.42.1-150400.4.57.2 * typelib-1_0-WebKit2WebExtension-4_1-2.42.1-150400.4.57.2 * libjavascriptcoregtk-4_1-0-2.42.1-150400.4.57.2 * webkit2gtk-4_1-injected-bundles-2.42.1-150400.4.57.2 * libjavascriptcoregtk-4_1-0-debuginfo-2.42.1-150400.4.57.2 * webkit2gtk-4_1-injected-bundles-debuginfo-2.42.1-150400.4.57.2 * libwebkit2gtk-4_1-0-debuginfo-2.42.1-150400.4.57.2 * typelib-1_0-JavaScriptCore-4_1-2.42.1-150400.4.57.2 * typelib-1_0-WebKit2-4_1-2.42.1-150400.4.57.2 * Desktop Applications Module 15-SP5 (noarch) * WebKitGTK-4.1-lang-2.42.1-150400.4.57.2 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * webkit2gtk3-debugsource-2.42.1-150400.4.57.2 * webkit2gtk3-devel-2.42.1-150400.4.57.2 * libwebkit2gtk-4_1-0-2.42.1-150400.4.57.2 * typelib-1_0-WebKit2WebExtension-4_1-2.42.1-150400.4.57.2 * libjavascriptcoregtk-4_1-0-2.42.1-150400.4.57.2 * webkit2gtk-4_1-injected-bundles-2.42.1-150400.4.57.2 * libjavascriptcoregtk-4_1-0-debuginfo-2.42.1-150400.4.57.2 * webkit2gtk-4_1-injected-bundles-debuginfo-2.42.1-150400.4.57.2 * libwebkit2gtk-4_1-0-debuginfo-2.42.1-150400.4.57.2 * typelib-1_0-JavaScriptCore-4_1-2.42.1-150400.4.57.2 * typelib-1_0-WebKit2-4_1-2.42.1-150400.4.57.2 * Development Tools Module 15-SP4 (noarch) * WebKitGTK-6.0-lang-2.42.1-150400.4.57.3 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libjavascriptcoregtk-6_0-1-debuginfo-2.42.1-150400.4.57.3 * libjavascriptcoregtk-6_0-1-2.42.1-150400.4.57.3 * webkit2gtk4-debugsource-2.42.1-150400.4.57.3 * libwebkitgtk-6_0-4-debuginfo-2.42.1-150400.4.57.3 * webkitgtk-6_0-injected-bundles-2.42.1-150400.4.57.3 * libwebkitgtk-6_0-4-2.42.1-150400.4.57.3 * Development Tools Module 15-SP5 (noarch) * WebKitGTK-6.0-lang-2.42.1-150400.4.57.3 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libjavascriptcoregtk-6_0-1-debuginfo-2.42.1-150400.4.57.3 * libjavascriptcoregtk-6_0-1-2.42.1-150400.4.57.3 * webkit2gtk4-debugsource-2.42.1-150400.4.57.3 * libwebkitgtk-6_0-4-debuginfo-2.42.1-150400.4.57.3 * webkitgtk-6_0-injected-bundles-2.42.1-150400.4.57.3 * libwebkitgtk-6_0-4-2.42.1-150400.4.57.3 ## References: * https://www.suse.com/security/cve/CVE-2023-35074.html * https://www.suse.com/security/cve/CVE-2023-39434.html * https://www.suse.com/security/cve/CVE-2023-39928.html * https://www.suse.com/security/cve/CVE-2023-40451.html * https://www.suse.com/security/cve/CVE-2023-41074.html * https://www.suse.com/security/cve/CVE-2023-41993.html * https://bugzilla.suse.com/show_bug.cgi?id=1214093 * https://bugzilla.suse.com/show_bug.cgi?id=1214640 * https://bugzilla.suse.com/show_bug.cgi?id=1214835 * https://bugzilla.suse.com/show_bug.cgi?id=1215072 * https://bugzilla.suse.com/show_bug.cgi?id=1215661 * https://bugzilla.suse.com/show_bug.cgi?id=1215866 * https://bugzilla.suse.com/show_bug.cgi?id=1215867 * https://bugzilla.suse.com/show_bug.cgi?id=1215868 * https://bugzilla.suse.com/show_bug.cgi?id=1215869 * https://bugzilla.suse.com/show_bug.cgi?id=1215870 * https://bugzilla.suse.com/show_bug.cgi?id=1216483 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 31 12:30:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Oct 2023 12:30:33 -0000 Subject: SUSE-SU-2023:4293-1: important: Security update for xwayland Message-ID: <169875543385.7875.16122280433694428486@smelt2.prg2.suse.org> # Security update for xwayland Announcement ID: SUSE-SU-2023:4293-1 Rating: important References: * bsc#1216135 * bsc#1216261 Cross-References: * CVE-2023-5367 * CVE-2023-5574 CVSS scores: * CVE-2023-5367 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5367 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5574 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5574 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP4 An update that solves two vulnerabilities can now be installed. ## Description: This update for xwayland fixes the following issues: * CVE-2023-5574: Fixed a privilege escalation issue that could be triggered via the Damage extension protocol (bsc#1216261). * CVE-2023-5367: Fixed a memory safety issue in both the XI2 and RandR protocols (bsc#1216135). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4293=1 openSUSE-SLE-15.4-2023-4293=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-4293=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * xwayland-21.1.4-150400.3.20.1 * xwayland-devel-21.1.4-150400.3.20.1 * xwayland-debugsource-21.1.4-150400.3.20.1 * xwayland-debuginfo-21.1.4-150400.3.20.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * xwayland-21.1.4-150400.3.20.1 * xwayland-debugsource-21.1.4-150400.3.20.1 * xwayland-debuginfo-21.1.4-150400.3.20.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5367.html * https://www.suse.com/security/cve/CVE-2023-5574.html * https://bugzilla.suse.com/show_bug.cgi?id=1216135 * https://bugzilla.suse.com/show_bug.cgi?id=1216261 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 31 12:30:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Oct 2023 12:30:38 -0000 Subject: SUSE-SU-2023:4292-1: important: Security update for xorg-x11-server Message-ID: <169875543866.7875.15063965595783988414@smelt2.prg2.suse.org> # Security update for xorg-x11-server Announcement ID: SUSE-SU-2023:4292-1 Rating: important References: * bsc#1216133 * bsc#1216135 * bsc#1216261 Cross-References: * CVE-2023-5367 * CVE-2023-5380 * CVE-2023-5574 CVSS scores: * CVE-2023-5367 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5367 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5380 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5380 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5574 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5574 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves three vulnerabilities can now be installed. ## Description: This update for xorg-x11-server fixes the following issues: * CVE-2023-5574: Fixed a privilege escalation issue that could be triggered via the Damage extension protocol (bsc#1216261). * CVE-2023-5380: Fixed a memory safety issue that could be triggered when using multiple protocol screens (bsc#1216133). * CVE-2023-5367: Fixed a memory safety issue in both the XI2 and RandR protocols (bsc#1216135). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4292=1 openSUSE-SLE-15.4-2023-4292=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4292=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4292=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * xorg-x11-server-extra-debuginfo-1.20.3-150400.38.29.1 * xorg-x11-server-extra-1.20.3-150400.38.29.1 * xorg-x11-server-debugsource-1.20.3-150400.38.29.1 * xorg-x11-server-sdk-1.20.3-150400.38.29.1 * xorg-x11-server-debuginfo-1.20.3-150400.38.29.1 * xorg-x11-server-1.20.3-150400.38.29.1 * xorg-x11-server-source-1.20.3-150400.38.29.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150400.38.29.1 * xorg-x11-server-extra-1.20.3-150400.38.29.1 * xorg-x11-server-debugsource-1.20.3-150400.38.29.1 * xorg-x11-server-debuginfo-1.20.3-150400.38.29.1 * xorg-x11-server-1.20.3-150400.38.29.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-sdk-1.20.3-150400.38.29.1 * xorg-x11-server-debuginfo-1.20.3-150400.38.29.1 * xorg-x11-server-debugsource-1.20.3-150400.38.29.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5367.html * https://www.suse.com/security/cve/CVE-2023-5380.html * https://www.suse.com/security/cve/CVE-2023-5574.html * https://bugzilla.suse.com/show_bug.cgi?id=1216133 * https://bugzilla.suse.com/show_bug.cgi?id=1216135 * https://bugzilla.suse.com/show_bug.cgi?id=1216261 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 31 12:30:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Oct 2023 12:30:41 -0000 Subject: SUSE-SU-2023:4291-1: moderate: Security update for poppler Message-ID: <169875544179.7875.8334385305443094496@smelt2.prg2.suse.org> # Security update for poppler Announcement ID: SUSE-SU-2023:4291-1 Rating: moderate References: * bsc#1213888 Cross-References: * CVE-2023-34872 CVSS scores: * CVE-2023-34872 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-34872 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2023-34872: Fixed a remote denial-of-service in Outline.cc. (bsc#1213888) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4291=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4291=1 openSUSE-SLE-15.5-2023-4291=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4291=1 ## Package List: * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * poppler-debugsource-23.01.0-150500.3.5.2 * libpoppler-cpp0-23.01.0-150500.3.5.2 * poppler-qt5-debugsource-23.01.0-150500.3.5.1 * libpoppler-qt5-1-debuginfo-23.01.0-150500.3.5.1 * libpoppler-qt5-devel-23.01.0-150500.3.5.1 * libpoppler-qt5-1-23.01.0-150500.3.5.1 * libpoppler-devel-23.01.0-150500.3.5.2 * libpoppler-cpp0-debuginfo-23.01.0-150500.3.5.2 * SUSE Package Hub 15 15-SP5 (x86_64) * libpoppler-glib8-32bit-debuginfo-23.01.0-150500.3.5.2 * libpoppler126-32bit-23.01.0-150500.3.5.2 * libpoppler126-32bit-debuginfo-23.01.0-150500.3.5.2 * libpoppler-glib8-32bit-23.01.0-150500.3.5.2 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libpoppler-glib-devel-23.01.0-150500.3.5.2 * poppler-tools-debuginfo-23.01.0-150500.3.5.2 * libpoppler-glib8-23.01.0-150500.3.5.2 * libpoppler126-debuginfo-23.01.0-150500.3.5.2 * poppler-tools-23.01.0-150500.3.5.2 * libpoppler-qt6-3-23.01.0-150500.3.5.1 * poppler-debugsource-23.01.0-150500.3.5.2 * libpoppler-cpp0-23.01.0-150500.3.5.2 * poppler-qt5-debugsource-23.01.0-150500.3.5.1 * libpoppler-glib8-debuginfo-23.01.0-150500.3.5.2 * libpoppler-qt5-1-debuginfo-23.01.0-150500.3.5.1 * libpoppler-qt5-devel-23.01.0-150500.3.5.1 * typelib-1_0-Poppler-0_18-23.01.0-150500.3.5.2 * libpoppler-qt6-3-debuginfo-23.01.0-150500.3.5.1 * libpoppler-qt6-devel-23.01.0-150500.3.5.1 * libpoppler126-23.01.0-150500.3.5.2 * poppler-qt6-debugsource-23.01.0-150500.3.5.1 * libpoppler-qt5-1-23.01.0-150500.3.5.1 * libpoppler-devel-23.01.0-150500.3.5.2 * libpoppler-cpp0-debuginfo-23.01.0-150500.3.5.2 * openSUSE Leap 15.5 (x86_64) * libpoppler-qt5-1-32bit-debuginfo-23.01.0-150500.3.5.1 * libpoppler-glib8-32bit-debuginfo-23.01.0-150500.3.5.2 * libpoppler126-32bit-23.01.0-150500.3.5.2 * libpoppler-cpp0-32bit-debuginfo-23.01.0-150500.3.5.2 * libpoppler126-32bit-debuginfo-23.01.0-150500.3.5.2 * libpoppler-glib8-32bit-23.01.0-150500.3.5.2 * libpoppler-qt5-1-32bit-23.01.0-150500.3.5.1 * libpoppler-cpp0-32bit-23.01.0-150500.3.5.2 * openSUSE Leap 15.5 (aarch64_ilp32) * libpoppler126-64bit-23.01.0-150500.3.5.2 * libpoppler-cpp0-64bit-debuginfo-23.01.0-150500.3.5.2 * libpoppler126-64bit-debuginfo-23.01.0-150500.3.5.2 * libpoppler-qt5-1-64bit-debuginfo-23.01.0-150500.3.5.1 * libpoppler-glib8-64bit-debuginfo-23.01.0-150500.3.5.2 * libpoppler-glib8-64bit-23.01.0-150500.3.5.2 * libpoppler-cpp0-64bit-23.01.0-150500.3.5.2 * libpoppler-qt5-1-64bit-23.01.0-150500.3.5.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libpoppler-glib-devel-23.01.0-150500.3.5.2 * poppler-tools-debuginfo-23.01.0-150500.3.5.2 * libpoppler-glib8-23.01.0-150500.3.5.2 * libpoppler126-debuginfo-23.01.0-150500.3.5.2 * poppler-tools-23.01.0-150500.3.5.2 * poppler-debugsource-23.01.0-150500.3.5.2 * libpoppler-cpp0-23.01.0-150500.3.5.2 * libpoppler-glib8-debuginfo-23.01.0-150500.3.5.2 * typelib-1_0-Poppler-0_18-23.01.0-150500.3.5.2 * libpoppler126-23.01.0-150500.3.5.2 * libpoppler-devel-23.01.0-150500.3.5.2 * libpoppler-cpp0-debuginfo-23.01.0-150500.3.5.2 ## References: * https://www.suse.com/security/cve/CVE-2023-34872.html * https://bugzilla.suse.com/show_bug.cgi?id=1213888 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 31 12:30:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Oct 2023 12:30:45 -0000 Subject: SUSE-SU-2023:4290-1: important: Security update for redis Message-ID: <169875544527.7875.17713422472193263855@smelt2.prg2.suse.org> # Security update for redis Announcement ID: SUSE-SU-2023:4290-1 Rating: important References: * bsc#1216376 Cross-References: * CVE-2023-45145 CVSS scores: * CVE-2023-45145 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45145 ( NVD ): 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for redis fixes the following issues: * CVE-2023-45145: Fixed a potential permission bypass due to a race condition during UNIX socket creation (bsc#1216376). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4290=1 openSUSE-SLE-15.4-2023-4290=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4290=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4290=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4290=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * redis-debuginfo-6.2.6-150400.3.25.1 * redis-debugsource-6.2.6-150400.3.25.1 * redis-6.2.6-150400.3.25.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * redis-debuginfo-6.2.6-150400.3.25.1 * redis-debugsource-6.2.6-150400.3.25.1 * redis-6.2.6-150400.3.25.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * redis-debuginfo-6.2.6-150400.3.25.1 * redis-debugsource-6.2.6-150400.3.25.1 * redis-6.2.6-150400.3.25.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * redis-debuginfo-6.2.6-150400.3.25.1 * redis-debugsource-6.2.6-150400.3.25.1 * redis-6.2.6-150400.3.25.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45145.html * https://bugzilla.suse.com/show_bug.cgi?id=1216376 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 31 12:30:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Oct 2023 12:30:48 -0000 Subject: SUSE-SU-2023:4289-1: important: Security update for java-17-openjdk Message-ID: <169875544849.7875.3958719493438234366@smelt2.prg2.suse.org> # Security update for java-17-openjdk Announcement ID: SUSE-SU-2023:4289-1 Rating: important References: * bsc#1214790 * bsc#1216339 * bsc#1216374 Cross-References: * CVE-2023-22025 * CVE-2023-22081 CVSS scores: * CVE-2023-22025 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22025 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22081 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-22081 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for java-17-openjdk fixes the following issues: * Updated to JDK 17.0.9+9 (October 2023 CPU): * CVE-2023-22081: Fixed a partial denial of service issue that could be triggered via HTTPS (bsc#1216374). * CVE-2023-22025: Fixed a memory corruption issue in applications using AVX-512 (bsc#1216339). Please visit the Oracle Release Notes page for the full changelog: https://www.oracle.com/java/technologies/javase/17all-relnotes.html ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4289=1 openSUSE-SLE-15.4-2023-4289=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4289=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4289=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4289=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * java-17-openjdk-headless-debuginfo-17.0.9.0-150400.3.33.1 * java-17-openjdk-demo-17.0.9.0-150400.3.33.1 * java-17-openjdk-devel-debuginfo-17.0.9.0-150400.3.33.1 * java-17-openjdk-debugsource-17.0.9.0-150400.3.33.1 * java-17-openjdk-headless-17.0.9.0-150400.3.33.1 * java-17-openjdk-src-17.0.9.0-150400.3.33.1 * java-17-openjdk-jmods-17.0.9.0-150400.3.33.1 * java-17-openjdk-debuginfo-17.0.9.0-150400.3.33.1 * java-17-openjdk-devel-17.0.9.0-150400.3.33.1 * java-17-openjdk-17.0.9.0-150400.3.33.1 * openSUSE Leap 15.4 (noarch) * java-17-openjdk-javadoc-17.0.9.0-150400.3.33.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * java-17-openjdk-headless-debuginfo-17.0.9.0-150400.3.33.1 * java-17-openjdk-demo-17.0.9.0-150400.3.33.1 * java-17-openjdk-devel-debuginfo-17.0.9.0-150400.3.33.1 * java-17-openjdk-debugsource-17.0.9.0-150400.3.33.1 * java-17-openjdk-headless-17.0.9.0-150400.3.33.1 * java-17-openjdk-src-17.0.9.0-150400.3.33.1 * java-17-openjdk-jmods-17.0.9.0-150400.3.33.1 * java-17-openjdk-debuginfo-17.0.9.0-150400.3.33.1 * java-17-openjdk-devel-17.0.9.0-150400.3.33.1 * java-17-openjdk-17.0.9.0-150400.3.33.1 * openSUSE Leap 15.5 (noarch) * java-17-openjdk-javadoc-17.0.9.0-150400.3.33.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * java-17-openjdk-headless-debuginfo-17.0.9.0-150400.3.33.1 * java-17-openjdk-demo-17.0.9.0-150400.3.33.1 * java-17-openjdk-devel-debuginfo-17.0.9.0-150400.3.33.1 * java-17-openjdk-debugsource-17.0.9.0-150400.3.33.1 * java-17-openjdk-headless-17.0.9.0-150400.3.33.1 * java-17-openjdk-debuginfo-17.0.9.0-150400.3.33.1 * java-17-openjdk-devel-17.0.9.0-150400.3.33.1 * java-17-openjdk-17.0.9.0-150400.3.33.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * java-17-openjdk-headless-debuginfo-17.0.9.0-150400.3.33.1 * java-17-openjdk-demo-17.0.9.0-150400.3.33.1 * java-17-openjdk-devel-debuginfo-17.0.9.0-150400.3.33.1 * java-17-openjdk-debugsource-17.0.9.0-150400.3.33.1 * java-17-openjdk-headless-17.0.9.0-150400.3.33.1 * java-17-openjdk-debuginfo-17.0.9.0-150400.3.33.1 * java-17-openjdk-devel-17.0.9.0-150400.3.33.1 * java-17-openjdk-17.0.9.0-150400.3.33.1 ## References: * https://www.suse.com/security/cve/CVE-2023-22025.html * https://www.suse.com/security/cve/CVE-2023-22081.html * https://bugzilla.suse.com/show_bug.cgi?id=1214790 * https://bugzilla.suse.com/show_bug.cgi?id=1216339 * https://bugzilla.suse.com/show_bug.cgi?id=1216374 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 31 12:30:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Oct 2023 12:30:51 -0000 Subject: SUSE-SU-2023:4288-1: important: Security update for python-Werkzeug Message-ID: <169875545182.7875.11336031606343714796@smelt2.prg2.suse.org> # Security update for python-Werkzeug Announcement ID: SUSE-SU-2023:4288-1 Rating: important References: * bsc#1216581 Cross-References: * CVE-2023-46136 CVSS scores: * CVE-2023-46136 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46136 ( NVD ): 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Python 3 Module 15-SP4 * Python 3 Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python-Werkzeug fixes the following issues: * CVE-2023-46136: Fixed a potential denial of service via large multipart file uploads (bsc#1216581). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4288=1 openSUSE-SLE-15.4-2023-4288=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4288=1 * Python 3 Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Python3-15-SP4-2023-4288=1 * Python 3 Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Python3-15-SP5-2023-4288=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python311-Werkzeug-2.3.6-150400.6.6.1 * openSUSE Leap 15.5 (noarch) * python311-Werkzeug-2.3.6-150400.6.6.1 * Python 3 Module 15-SP4 (noarch) * python311-Werkzeug-2.3.6-150400.6.6.1 * Python 3 Module 15-SP5 (noarch) * python311-Werkzeug-2.3.6-150400.6.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46136.html * https://bugzilla.suse.com/show_bug.cgi?id=1216581 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 31 12:30:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Oct 2023 12:30:56 -0000 Subject: SUSE-SU-2023:4287-1: important: Security update for gcc13 Message-ID: <169875545695.7875.13685158204616763849@smelt2.prg2.suse.org> # Security update for gcc13 Announcement ID: SUSE-SU-2023:4287-1 Rating: important References: * bsc#1206480 * bsc#1206684 * bsc#1210557 * bsc#1211427 * bsc#1212101 * bsc#1213915 * bsc#1214052 * bsc#1214460 * jsc#PED-153 * jsc#PED-2005 * jsc#PED-252 * jsc#PED-253 * jsc#PED-6584 Cross-References: * CVE-2023-4039 CVSS scores: * CVE-2023-4039 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4039 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * Toolchain Module 12 An update that solves one vulnerability, contains five features and has seven security fixes can now be installed. ## Description: This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the "Development Tools" module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: * install "gcc13" or "gcc13-c++" or one of the other "gcc13-COMPILER" frontend packages. * override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) * Turn cross compiler to s390x to a glibc cross. [bsc#1214460] * Also handle -static-pie in the default-PIE specs * Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] * Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] * Add new x86-related intrinsics (amxcomplexintrin.h). * RISC-V: Add support for inlining subword atomic operations * Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. * Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. * Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. * Bump included newlib to version 4.3.0. * Also package libhwasan_preinit.o on aarch64. * Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. * Package libhwasan_preinit.o on x86_64. * Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] * Enable PRU flavour for gcc13 * update floatn fixinclude pickup to check each header separately (bsc#1206480) * Redo floatn fixinclude pick-up to simply keep what is there. * Bump libgo SONAME to libgo22. * Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. * Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. * Depend on at least LLVM 13 for GCN cross compiler. * Update embedded newlib to version 4.2.0 * Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Toolchain Module 12 zypper in -t patch SUSE-SLE-Module-Toolchain-12-2023-4287=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4287=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4287=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4287=1 ## Package List: * Toolchain Module 12 (aarch64 ppc64le s390x x86_64) * libstdc++6-devel-gcc13-13.2.1+git7813-1.6.1 * gcc13-13.2.1+git7813-1.6.1 * gcc13-c++-13.2.1+git7813-1.6.1 * gcc13-PIE-13.2.1+git7813-1.6.1 * gcc13-fortran-13.2.1+git7813-1.6.1 * cpp13-debuginfo-13.2.1+git7813-1.6.1 * gcc13-debuginfo-13.2.1+git7813-1.6.1 * gcc13-debugsource-13.2.1+git7813-1.6.1 * gcc13-locale-13.2.1+git7813-1.6.1 * cpp13-13.2.1+git7813-1.6.1 * gcc13-fortran-debuginfo-13.2.1+git7813-1.6.1 * gcc13-c++-debuginfo-13.2.1+git7813-1.6.1 * Toolchain Module 12 (noarch) * gcc13-info-13.2.1+git7813-1.6.1 * Toolchain Module 12 (s390x x86_64) * gcc13-32bit-13.2.1+git7813-1.6.1 * gcc13-c++-32bit-13.2.1+git7813-1.6.1 * gcc13-fortran-32bit-13.2.1+git7813-1.6.1 * libstdc++6-devel-gcc13-32bit-13.2.1+git7813-1.6.1 * Toolchain Module 12 (x86_64) * cross-nvptx-gcc13-debugsource-13.2.1+git7813-1.6.1 * cross-nvptx-gcc13-13.2.1+git7813-1.6.1 * cross-nvptx-newlib13-devel-13.2.1+git7813-1.6.1 * cross-nvptx-gcc13-debuginfo-13.2.1+git7813-1.6.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * liblsan0-debuginfo-13.2.1+git7813-1.6.1 * libstdc++6-locale-13.2.1+git7813-1.6.1 * libhwasan0-13.2.1+git7813-1.6.1 * libubsan1-13.2.1+git7813-1.6.1 * libhwasan0-debuginfo-13.2.1+git7813-1.6.1 * libubsan1-debuginfo-13.2.1+git7813-1.6.1 * libstdc++6-13.2.1+git7813-1.6.1 * libtsan2-13.2.1+git7813-1.6.1 * libgomp1-debuginfo-13.2.1+git7813-1.6.1 * libatomic1-13.2.1+git7813-1.6.1 * libobjc4-13.2.1+git7813-1.6.1 * libobjc4-debuginfo-13.2.1+git7813-1.6.1 * libtsan2-debuginfo-13.2.1+git7813-1.6.1 * libitm1-debuginfo-13.2.1+git7813-1.6.1 * libgomp1-13.2.1+git7813-1.6.1 * libatomic1-debuginfo-13.2.1+git7813-1.6.1 * libasan8-13.2.1+git7813-1.6.1 * liblsan0-13.2.1+git7813-1.6.1 * libitm1-13.2.1+git7813-1.6.1 * libasan8-debuginfo-13.2.1+git7813-1.6.1 * libgcc_s1-debuginfo-13.2.1+git7813-1.6.1 * libgfortran5-13.2.1+git7813-1.6.1 * libstdc++6-pp-13.2.1+git7813-1.6.1 * libgcc_s1-13.2.1+git7813-1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-1.6.1 * libgfortran5-debuginfo-13.2.1+git7813-1.6.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libstdc++6-32bit-13.2.1+git7813-1.6.1 * libubsan1-32bit-13.2.1+git7813-1.6.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-1.6.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-1.6.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-1.6.1 * libquadmath0-13.2.1+git7813-1.6.1 * libgcc_s1-32bit-13.2.1+git7813-1.6.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-1.6.1 * libatomic1-32bit-13.2.1+git7813-1.6.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-1.6.1 * libgfortran5-32bit-debuginfo-13.2.1+git7813-1.6.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-1.6.1 * libquadmath0-32bit-13.2.1+git7813-1.6.1 * libgfortran5-32bit-13.2.1+git7813-1.6.1 * libstdc++6-pp-32bit-13.2.1+git7813-1.6.1 * libitm1-32bit-13.2.1+git7813-1.6.1 * libgomp1-32bit-13.2.1+git7813-1.6.1 * libasan8-32bit-13.2.1+git7813-1.6.1 * libitm1-32bit-debuginfo-13.2.1+git7813-1.6.1 * libquadmath0-32bit-debuginfo-13.2.1+git7813-1.6.1 * libobjc4-32bit-13.2.1+git7813-1.6.1 * libquadmath0-debuginfo-13.2.1+git7813-1.6.1 * libasan8-32bit-debuginfo-13.2.1+git7813-1.6.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * liblsan0-debuginfo-13.2.1+git7813-1.6.1 * libstdc++6-locale-13.2.1+git7813-1.6.1 * libubsan1-13.2.1+git7813-1.6.1 * libubsan1-debuginfo-13.2.1+git7813-1.6.1 * libstdc++6-13.2.1+git7813-1.6.1 * libtsan2-13.2.1+git7813-1.6.1 * libgomp1-debuginfo-13.2.1+git7813-1.6.1 * libatomic1-13.2.1+git7813-1.6.1 * libobjc4-13.2.1+git7813-1.6.1 * libobjc4-debuginfo-13.2.1+git7813-1.6.1 * libtsan2-debuginfo-13.2.1+git7813-1.6.1 * libitm1-debuginfo-13.2.1+git7813-1.6.1 * libgomp1-13.2.1+git7813-1.6.1 * libatomic1-debuginfo-13.2.1+git7813-1.6.1 * libasan8-13.2.1+git7813-1.6.1 * liblsan0-13.2.1+git7813-1.6.1 * libitm1-13.2.1+git7813-1.6.1 * libasan8-debuginfo-13.2.1+git7813-1.6.1 * libgcc_s1-debuginfo-13.2.1+git7813-1.6.1 * libgfortran5-13.2.1+git7813-1.6.1 * libstdc++6-pp-13.2.1+git7813-1.6.1 * libgcc_s1-13.2.1+git7813-1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-1.6.1 * libgfortran5-debuginfo-13.2.1+git7813-1.6.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 x86_64) * libhwasan0-13.2.1+git7813-1.6.1 * libhwasan0-debuginfo-13.2.1+git7813-1.6.1 * SUSE Linux Enterprise Server 12 SP5 (ppc64le x86_64) * libquadmath0-debuginfo-13.2.1+git7813-1.6.1 * libquadmath0-13.2.1+git7813-1.6.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libubsan1-32bit-debuginfo-13.2.1+git7813-1.6.1 * libstdc++6-32bit-13.2.1+git7813-1.6.1 * libgfortran5-32bit-debuginfo-13.2.1+git7813-1.6.1 * libitm1-32bit-13.2.1+git7813-1.6.1 * libgomp1-32bit-13.2.1+git7813-1.6.1 * libubsan1-32bit-13.2.1+git7813-1.6.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-1.6.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-1.6.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-1.6.1 * libobjc4-32bit-13.2.1+git7813-1.6.1 * libasan8-32bit-13.2.1+git7813-1.6.1 * libgcc_s1-32bit-13.2.1+git7813-1.6.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-1.6.1 * libgfortran5-32bit-13.2.1+git7813-1.6.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-1.6.1 * libstdc++6-pp-32bit-13.2.1+git7813-1.6.1 * libatomic1-32bit-13.2.1+git7813-1.6.1 * libasan8-32bit-debuginfo-13.2.1+git7813-1.6.1 * libitm1-32bit-debuginfo-13.2.1+git7813-1.6.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * libquadmath0-32bit-debuginfo-13.2.1+git7813-1.6.1 * libquadmath0-32bit-13.2.1+git7813-1.6.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * liblsan0-debuginfo-13.2.1+git7813-1.6.1 * libstdc++6-locale-13.2.1+git7813-1.6.1 * libquadmath0-13.2.1+git7813-1.6.1 * libubsan1-13.2.1+git7813-1.6.1 * libubsan1-debuginfo-13.2.1+git7813-1.6.1 * libstdc++6-13.2.1+git7813-1.6.1 * libtsan2-13.2.1+git7813-1.6.1 * libgomp1-debuginfo-13.2.1+git7813-1.6.1 * libatomic1-13.2.1+git7813-1.6.1 * libobjc4-13.2.1+git7813-1.6.1 * libobjc4-debuginfo-13.2.1+git7813-1.6.1 * libtsan2-debuginfo-13.2.1+git7813-1.6.1 * libitm1-debuginfo-13.2.1+git7813-1.6.1 * libgomp1-13.2.1+git7813-1.6.1 * libatomic1-debuginfo-13.2.1+git7813-1.6.1 * libasan8-13.2.1+git7813-1.6.1 * liblsan0-13.2.1+git7813-1.6.1 * libitm1-13.2.1+git7813-1.6.1 * libasan8-debuginfo-13.2.1+git7813-1.6.1 * libgcc_s1-debuginfo-13.2.1+git7813-1.6.1 * libgfortran5-13.2.1+git7813-1.6.1 * libstdc++6-pp-13.2.1+git7813-1.6.1 * libgcc_s1-13.2.1+git7813-1.6.1 * libquadmath0-debuginfo-13.2.1+git7813-1.6.1 * libstdc++6-debuginfo-13.2.1+git7813-1.6.1 * libgfortran5-debuginfo-13.2.1+git7813-1.6.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libstdc++6-32bit-13.2.1+git7813-1.6.1 * libubsan1-32bit-13.2.1+git7813-1.6.1 * libgcc_s1-32bit-debuginfo-13.2.1+git7813-1.6.1 * libatomic1-32bit-debuginfo-13.2.1+git7813-1.6.1 * libhwasan0-13.2.1+git7813-1.6.1 * libstdc++6-32bit-debuginfo-13.2.1+git7813-1.6.1 * libgcc_s1-32bit-13.2.1+git7813-1.6.1 * libhwasan0-debuginfo-13.2.1+git7813-1.6.1 * libgomp1-32bit-debuginfo-13.2.1+git7813-1.6.1 * libatomic1-32bit-13.2.1+git7813-1.6.1 * libubsan1-32bit-debuginfo-13.2.1+git7813-1.6.1 * libgfortran5-32bit-debuginfo-13.2.1+git7813-1.6.1 * libobjc4-32bit-debuginfo-13.2.1+git7813-1.6.1 * libquadmath0-32bit-13.2.1+git7813-1.6.1 * libgfortran5-32bit-13.2.1+git7813-1.6.1 * libstdc++6-pp-32bit-13.2.1+git7813-1.6.1 * libitm1-32bit-13.2.1+git7813-1.6.1 * libgomp1-32bit-13.2.1+git7813-1.6.1 * libasan8-32bit-13.2.1+git7813-1.6.1 * libitm1-32bit-debuginfo-13.2.1+git7813-1.6.1 * libquadmath0-32bit-debuginfo-13.2.1+git7813-1.6.1 * libobjc4-32bit-13.2.1+git7813-1.6.1 * libasan8-32bit-debuginfo-13.2.1+git7813-1.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4039.html * https://bugzilla.suse.com/show_bug.cgi?id=1206480 * https://bugzilla.suse.com/show_bug.cgi?id=1206684 * https://bugzilla.suse.com/show_bug.cgi?id=1210557 * https://bugzilla.suse.com/show_bug.cgi?id=1211427 * https://bugzilla.suse.com/show_bug.cgi?id=1212101 * https://bugzilla.suse.com/show_bug.cgi?id=1213915 * https://bugzilla.suse.com/show_bug.cgi?id=1214052 * https://bugzilla.suse.com/show_bug.cgi?id=1214460 * https://jira.suse.com/browse/PED-153 * https://jira.suse.com/browse/PED-2005 * https://jira.suse.com/browse/PED-252 * https://jira.suse.com/browse/PED-253 * https://jira.suse.com/browse/PED-6584 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 31 16:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Oct 2023 16:30:08 -0000 Subject: SUSE-SU-2023:4308-1: important: Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP4) Message-ID: <169876980812.466.11666650162639177904@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:4308-1 Rating: important References: * bsc#1212934 * bsc#1214812 * bsc#1215118 * bsc#1215440 Cross-References: * CVE-2023-3390 * CVE-2023-4004 * CVE-2023-4147 * CVE-2023-4623 CVSS scores: * CVE-2023-3390 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3390 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4004 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4147 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4147 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_46 fixes several issues. The following security issues were fixed: * CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1215118). * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215440). * CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1214812). * CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212934). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4316=1 SUSE-SLE- Module-Live-Patching-15-SP4-2023-4315=1 SUSE-SLE-Module-Live- Patching-15-SP4-2023-4311=1 SUSE-SLE-Module-Live-Patching-15-SP4-2023-4314=1 SUSE-SLE-Module-Live-Patching-15-SP4-2023-4317=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4315=1 SUSE-2023-4311=1 SUSE-2023-4314=1 SUSE-2023-4317=1 SUSE-2023-4316=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4308=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4308=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_33-default-12-150400.2.3 * kernel-livepatch-SLE15-SP4_Update_5-debugsource-12-150400.2.3 * kernel-livepatch-SLE15-SP4_Update_8-debugsource-9-150400.2.3 * kernel-livepatch-5_14_21-150400_24_66-default-debuginfo-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_69-default-debuginfo-4-150400.2.1 * kernel-livepatch-5_14_21-150400_24_33-default-debuginfo-12-150400.2.3 * kernel-livepatch-5_14_21-150400_24_55-default-debuginfo-8-150400.2.1 * kernel-livepatch-5_14_21-150400_24_46-default-9-150400.2.3 * kernel-livepatch-5_14_21-150400_24_55-default-8-150400.2.1 * kernel-livepatch-5_14_21-150400_24_69-default-4-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_10-debugsource-8-150400.2.1 * kernel-livepatch-5_14_21-150400_24_46-default-debuginfo-9-150400.2.3 * kernel-livepatch-SLE15-SP4_Update_13-debugsource-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_66-default-5-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_14-debugsource-4-150400.2.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_33-default-12-150400.2.3 * kernel-livepatch-SLE15-SP4_Update_8-debugsource-9-150400.2.3 * kernel-livepatch-5_14_21-150400_24_66-default-debuginfo-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_69-default-debuginfo-4-150400.2.1 * kernel-livepatch-5_14_21-150400_24_33-default-debuginfo-12-150400.2.3 * kernel-livepatch-5_14_21-150400_24_66-default-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_55-default-debuginfo-8-150400.2.1 * kernel-livepatch-5_14_21-150400_24_46-default-9-150400.2.3 * kernel-livepatch-5_14_21-150400_24_55-default-8-150400.2.1 * kernel-livepatch-5_14_21-150400_24_69-default-4-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_10-debugsource-8-150400.2.1 * kernel-livepatch-5_14_21-150400_24_46-default-debuginfo-9-150400.2.3 * kernel-livepatch-SLE15-SP4_Update_13-debugsource-5-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_5-debugsource-12-150400.2.3 * kernel-livepatch-SLE15-SP4_Update_14-debugsource-4-150400.2.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_7-default-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_7-default-debuginfo-4-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_1-debugsource-4-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_7-default-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_7-default-debuginfo-4-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_1-debugsource-4-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3390.html * https://www.suse.com/security/cve/CVE-2023-4004.html * https://www.suse.com/security/cve/CVE-2023-4147.html * https://www.suse.com/security/cve/CVE-2023-4623.html * https://bugzilla.suse.com/show_bug.cgi?id=1212934 * https://bugzilla.suse.com/show_bug.cgi?id=1214812 * https://bugzilla.suse.com/show_bug.cgi?id=1215118 * https://bugzilla.suse.com/show_bug.cgi?id=1215440 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 31 16:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Oct 2023 16:30:10 -0000 Subject: SUSE-SU-2023:4313-1: important: Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP5) Message-ID: <169876981055.466.6177041860510730030@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP5) Announcement ID: SUSE-SU-2023:4313-1 Rating: important References: * bsc#1215440 Cross-References: * CVE-2023-4623 CVSS scores: * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_150 fixes one issue. The following security issue was fixed: * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215440). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-4313=1 SUSE-SLE-Live- Patching-12-SP5-2023-4307=1 SUSE-SLE-Live-Patching-12-SP5-2023-4312=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_150-default-9-2.3 * kgraft-patch-4_12_14-122_165-default-4-2.2 * kgraft-patch-4_12_14-122_153-default-7-2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-4623.html * https://bugzilla.suse.com/show_bug.cgi?id=1215440 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 31 16:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Oct 2023 16:30:12 -0000 Subject: SUSE-RU-2023:4310-1: moderate: Recommended update for libtirpc Message-ID: <169876981288.466.17655115790608111567@smelt2.prg2.suse.org> # Recommended update for libtirpc Announcement ID: SUSE-RU-2023:4310-1 Rating: moderate References: * bsc#1196647 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports * replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc * replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr * replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first * preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4310=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4310=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4310=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4310=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4310=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4310=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4310=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4310=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4310=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4310=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4310=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4310=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4310=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4310=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4310=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4310=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4310=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4310=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4310=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4310=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4310=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4310=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4310=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * libtirpc3-debuginfo-1.3.4-150300.3.20.1 * libtirpc-netconfig-1.3.4-150300.3.20.1 * libtirpc-debugsource-1.3.4-150300.3.20.1 * libtirpc-devel-1.3.4-150300.3.20.1 * libtirpc3-1.3.4-150300.3.20.1 * openSUSE Leap 15.3 (x86_64) * libtirpc3-32bit-1.3.4-150300.3.20.1 * libtirpc3-32bit-debuginfo-1.3.4-150300.3.20.1 * openSUSE Leap 15.3 (aarch64_ilp32) * libtirpc3-64bit-1.3.4-150300.3.20.1 * libtirpc3-64bit-debuginfo-1.3.4-150300.3.20.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libtirpc3-debuginfo-1.3.4-150300.3.20.1 * libtirpc-netconfig-1.3.4-150300.3.20.1 * libtirpc3-1.3.4-150300.3.20.1 * libtirpc-debugsource-1.3.4-150300.3.20.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libtirpc3-debuginfo-1.3.4-150300.3.20.1 * libtirpc-netconfig-1.3.4-150300.3.20.1 * libtirpc3-1.3.4-150300.3.20.1 * libtirpc-debugsource-1.3.4-150300.3.20.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libtirpc3-debuginfo-1.3.4-150300.3.20.1 * libtirpc-netconfig-1.3.4-150300.3.20.1 * libtirpc-debugsource-1.3.4-150300.3.20.1 * libtirpc-devel-1.3.4-150300.3.20.1 * libtirpc3-1.3.4-150300.3.20.1 * openSUSE Leap 15.4 (x86_64) * libtirpc3-32bit-1.3.4-150300.3.20.1 * libtirpc3-32bit-debuginfo-1.3.4-150300.3.20.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libtirpc3-debuginfo-1.3.4-150300.3.20.1 * libtirpc-netconfig-1.3.4-150300.3.20.1 * libtirpc-debugsource-1.3.4-150300.3.20.1 * libtirpc-devel-1.3.4-150300.3.20.1 * libtirpc3-1.3.4-150300.3.20.1 * openSUSE Leap 15.5 (x86_64) * libtirpc3-32bit-1.3.4-150300.3.20.1 * libtirpc3-32bit-debuginfo-1.3.4-150300.3.20.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libtirpc3-debuginfo-1.3.4-150300.3.20.1 * libtirpc-netconfig-1.3.4-150300.3.20.1 * libtirpc3-1.3.4-150300.3.20.1 * libtirpc-debugsource-1.3.4-150300.3.20.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libtirpc3-debuginfo-1.3.4-150300.3.20.1 * libtirpc-netconfig-1.3.4-150300.3.20.1 * libtirpc3-1.3.4-150300.3.20.1 * libtirpc-debugsource-1.3.4-150300.3.20.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libtirpc3-debuginfo-1.3.4-150300.3.20.1 * libtirpc-netconfig-1.3.4-150300.3.20.1 * libtirpc3-1.3.4-150300.3.20.1 * libtirpc-debugsource-1.3.4-150300.3.20.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libtirpc3-debuginfo-1.3.4-150300.3.20.1 * libtirpc-netconfig-1.3.4-150300.3.20.1 * libtirpc3-1.3.4-150300.3.20.1 * libtirpc-debugsource-1.3.4-150300.3.20.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * libtirpc3-debuginfo-1.3.4-150300.3.20.1 * libtirpc-netconfig-1.3.4-150300.3.20.1 * libtirpc3-1.3.4-150300.3.20.1 * libtirpc-debugsource-1.3.4-150300.3.20.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libtirpc3-debuginfo-1.3.4-150300.3.20.1 * libtirpc-netconfig-1.3.4-150300.3.20.1 * libtirpc-debugsource-1.3.4-150300.3.20.1 * libtirpc-devel-1.3.4-150300.3.20.1 * libtirpc3-1.3.4-150300.3.20.1 * Basesystem Module 15-SP4 (x86_64) * libtirpc3-32bit-1.3.4-150300.3.20.1 * libtirpc3-32bit-debuginfo-1.3.4-150300.3.20.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libtirpc3-debuginfo-1.3.4-150300.3.20.1 * libtirpc-netconfig-1.3.4-150300.3.20.1 * libtirpc-debugsource-1.3.4-150300.3.20.1 * libtirpc-devel-1.3.4-150300.3.20.1 * libtirpc3-1.3.4-150300.3.20.1 * Basesystem Module 15-SP5 (x86_64) * libtirpc3-32bit-1.3.4-150300.3.20.1 * libtirpc3-32bit-debuginfo-1.3.4-150300.3.20.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libtirpc3-debuginfo-1.3.4-150300.3.20.1 * libtirpc-netconfig-1.3.4-150300.3.20.1 * libtirpc-debugsource-1.3.4-150300.3.20.1 * libtirpc-devel-1.3.4-150300.3.20.1 * libtirpc3-1.3.4-150300.3.20.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libtirpc3-32bit-1.3.4-150300.3.20.1 * libtirpc3-32bit-debuginfo-1.3.4-150300.3.20.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libtirpc3-debuginfo-1.3.4-150300.3.20.1 * libtirpc-netconfig-1.3.4-150300.3.20.1 * libtirpc-debugsource-1.3.4-150300.3.20.1 * libtirpc-devel-1.3.4-150300.3.20.1 * libtirpc3-1.3.4-150300.3.20.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libtirpc3-32bit-1.3.4-150300.3.20.1 * libtirpc3-32bit-debuginfo-1.3.4-150300.3.20.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libtirpc3-debuginfo-1.3.4-150300.3.20.1 * libtirpc-netconfig-1.3.4-150300.3.20.1 * libtirpc-debugsource-1.3.4-150300.3.20.1 * libtirpc-devel-1.3.4-150300.3.20.1 * libtirpc3-1.3.4-150300.3.20.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libtirpc3-32bit-1.3.4-150300.3.20.1 * libtirpc3-32bit-debuginfo-1.3.4-150300.3.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libtirpc3-debuginfo-1.3.4-150300.3.20.1 * libtirpc-netconfig-1.3.4-150300.3.20.1 * libtirpc-debugsource-1.3.4-150300.3.20.1 * libtirpc-devel-1.3.4-150300.3.20.1 * libtirpc3-1.3.4-150300.3.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libtirpc3-32bit-1.3.4-150300.3.20.1 * libtirpc3-32bit-debuginfo-1.3.4-150300.3.20.1 * SUSE Manager Proxy 4.2 (x86_64) * libtirpc3-debuginfo-1.3.4-150300.3.20.1 * libtirpc-netconfig-1.3.4-150300.3.20.1 * libtirpc-debugsource-1.3.4-150300.3.20.1 * libtirpc3-32bit-debuginfo-1.3.4-150300.3.20.1 * libtirpc-devel-1.3.4-150300.3.20.1 * libtirpc3-32bit-1.3.4-150300.3.20.1 * libtirpc3-1.3.4-150300.3.20.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libtirpc3-debuginfo-1.3.4-150300.3.20.1 * libtirpc-netconfig-1.3.4-150300.3.20.1 * libtirpc-debugsource-1.3.4-150300.3.20.1 * libtirpc3-32bit-debuginfo-1.3.4-150300.3.20.1 * libtirpc-devel-1.3.4-150300.3.20.1 * libtirpc3-32bit-1.3.4-150300.3.20.1 * libtirpc3-1.3.4-150300.3.20.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libtirpc3-debuginfo-1.3.4-150300.3.20.1 * libtirpc-netconfig-1.3.4-150300.3.20.1 * libtirpc-debugsource-1.3.4-150300.3.20.1 * libtirpc-devel-1.3.4-150300.3.20.1 * libtirpc3-1.3.4-150300.3.20.1 * SUSE Manager Server 4.2 (x86_64) * libtirpc3-32bit-1.3.4-150300.3.20.1 * libtirpc3-32bit-debuginfo-1.3.4-150300.3.20.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libtirpc3-debuginfo-1.3.4-150300.3.20.1 * libtirpc-netconfig-1.3.4-150300.3.20.1 * libtirpc-debugsource-1.3.4-150300.3.20.1 * libtirpc-devel-1.3.4-150300.3.20.1 * libtirpc3-1.3.4-150300.3.20.1 * SUSE Enterprise Storage 7.1 (x86_64) * libtirpc3-32bit-1.3.4-150300.3.20.1 * libtirpc3-32bit-debuginfo-1.3.4-150300.3.20.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libtirpc3-debuginfo-1.3.4-150300.3.20.1 * libtirpc-netconfig-1.3.4-150300.3.20.1 * libtirpc3-1.3.4-150300.3.20.1 * libtirpc-debugsource-1.3.4-150300.3.20.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libtirpc3-debuginfo-1.3.4-150300.3.20.1 * libtirpc-netconfig-1.3.4-150300.3.20.1 * libtirpc3-1.3.4-150300.3.20.1 * libtirpc-debugsource-1.3.4-150300.3.20.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libtirpc3-debuginfo-1.3.4-150300.3.20.1 * libtirpc-netconfig-1.3.4-150300.3.20.1 * libtirpc3-1.3.4-150300.3.20.1 * libtirpc-debugsource-1.3.4-150300.3.20.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1196647 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 31 16:30:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Oct 2023 16:30:15 -0000 Subject: SUSE-SU-2023:4309-1: important: Security update for container-suseconnect Message-ID: <169876981527.466.3492818571343990534@smelt2.prg2.suse.org> # Security update for container-suseconnect Announcement ID: SUSE-SU-2023:4309-1 Rating: important References: * bsc#1212475 Affected Products: * Containers Module 15-SP4 * Containers Module 15-SP5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one security fix can now be installed. ## Description: This update of container-suseconnect fixes the following issues: * rebuild the package with the go 1.21 security release (bsc#1212475). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4309=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4309=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4309=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-4309=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-4309=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4309=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4309=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4309=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4309=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4309=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4309=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4309=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4309=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * container-suseconnect-2.4.0-150000.4.42.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * container-suseconnect-2.4.0-150000.4.42.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.42.1 * SUSE CaaS Platform 4.0 (x86_64) * container-suseconnect-2.4.0-150000.4.42.1 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.4.0-150000.4.42.1 * Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64) * container-suseconnect-debuginfo-2.4.0-150000.4.42.1 * container-suseconnect-2.4.0-150000.4.42.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.42.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.42.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.42.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.42.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.4.0-150000.4.42.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.4.0-150000.4.42.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.4.0-150000.4.42.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * container-suseconnect-2.4.0-150000.4.42.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212475 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 31 20:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Oct 2023 20:30:03 -0000 Subject: SUSE-SU-2023:4326-1: important: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP5) Message-ID: <169878420391.13798.7736686940142079683@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP5) Announcement ID: SUSE-SU-2023:4326-1 Rating: important References: * bsc#1212934 * bsc#1214812 * bsc#1215118 * bsc#1215440 Cross-References: * CVE-2023-3390 * CVE-2023-4004 * CVE-2023-4147 * CVE-2023-4623 CVSS scores: * CVE-2023-3390 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3390 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4004 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4147 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4147 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_53 fixes several issues. The following security issues were fixed: * CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1215118). * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215440). * CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1214812). * CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212934). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4326=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4326=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_53-default-debuginfo-5-150500.12.2 * kernel-livepatch-SLE15-SP5_Update_0-debugsource-5-150500.12.2 * kernel-livepatch-5_14_21-150500_53-default-5-150500.12.2 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_53-default-debuginfo-5-150500.12.2 * kernel-livepatch-SLE15-SP5_Update_0-debugsource-5-150500.12.2 * kernel-livepatch-5_14_21-150500_53-default-5-150500.12.2 ## References: * https://www.suse.com/security/cve/CVE-2023-3390.html * https://www.suse.com/security/cve/CVE-2023-4004.html * https://www.suse.com/security/cve/CVE-2023-4147.html * https://www.suse.com/security/cve/CVE-2023-4623.html * https://bugzilla.suse.com/show_bug.cgi?id=1212934 * https://bugzilla.suse.com/show_bug.cgi?id=1214812 * https://bugzilla.suse.com/show_bug.cgi?id=1215118 * https://bugzilla.suse.com/show_bug.cgi?id=1215440 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 31 20:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Oct 2023 20:30:06 -0000 Subject: SUSE-SU-2023:4325-1: important: Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP5) Message-ID: <169878420674.13798.12340518809698207399@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP5) Announcement ID: SUSE-SU-2023:4325-1 Rating: important References: * bsc#1215118 * bsc#1215440 Cross-References: * CVE-2023-4147 * CVE-2023-4623 CVSS scores: * CVE-2023-4147 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4147 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_19 fixes several issues. The following security issues were fixed: * CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1215118). * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215440). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4325=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4325=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_19-default-debuginfo-3-150500.2.1 * kernel-livepatch-5_14_21-150500_55_19-default-3-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_3-debugsource-3-150500.2.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_19-default-debuginfo-3-150500.2.1 * kernel-livepatch-5_14_21-150500_55_19-default-3-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_3-debugsource-3-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4147.html * https://www.suse.com/security/cve/CVE-2023-4623.html * https://bugzilla.suse.com/show_bug.cgi?id=1215118 * https://bugzilla.suse.com/show_bug.cgi?id=1215440 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 31 20:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Oct 2023 20:30:09 -0000 Subject: SUSE-SU-2023:4322-1: important: Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP4) Message-ID: <169878420944.13798.11512786511466645275@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:4322-1 Rating: important References: * bsc#1214812 * bsc#1215118 * bsc#1215440 Cross-References: * CVE-2023-4004 * CVE-2023-4147 * CVE-2023-4623 CVSS scores: * CVE-2023-4004 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4147 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4147 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_74 fixes several issues. The following security issues were fixed: * CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1215118). * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215440). * CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1214812). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4322=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4322=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4320=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4320=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_2-debugsource-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_12-default-debuginfo-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_12-default-4-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_2-debugsource-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_12-default-debuginfo-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_12-default-4-150500.2.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_74-default-4-150400.2.1 * kernel-livepatch-5_14_21-150400_24_74-default-debuginfo-4-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_15-debugsource-4-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_74-default-4-150400.2.1 * kernel-livepatch-5_14_21-150400_24_74-default-debuginfo-4-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_15-debugsource-4-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4004.html * https://www.suse.com/security/cve/CVE-2023-4147.html * https://www.suse.com/security/cve/CVE-2023-4623.html * https://bugzilla.suse.com/show_bug.cgi?id=1214812 * https://bugzilla.suse.com/show_bug.cgi?id=1215118 * https://bugzilla.suse.com/show_bug.cgi?id=1215440 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 31 20:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Oct 2023 20:30:13 -0000 Subject: SUSE-SU-2023:4319-1: important: Security update for the Linux Kernel (Live Patch 49 for SLE 12 SP5) Message-ID: <169878421321.13798.7036823797538703430@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 49 for SLE 12 SP5) Announcement ID: SUSE-SU-2023:4319-1 Rating: important References: * bsc#1209683 * bsc#1210619 Cross-References: * CVE-2023-1281 * CVE-2023-1829 CVSS scores: * CVE-2023-1281 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_179 fixes several issues. The following security issues were fixed: * CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210619). * CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209683). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-4319=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_179-default-2-2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-1281.html * https://www.suse.com/security/cve/CVE-2023-1829.html * https://bugzilla.suse.com/show_bug.cgi?id=1209683 * https://bugzilla.suse.com/show_bug.cgi?id=1210619 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Oct 31 20:30:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Oct 2023 20:30:15 -0000 Subject: SUSE-SU-2023:4321-1: important: Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP5) Message-ID: <169878421509.13798.8327254732603381638@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP5) Announcement ID: SUSE-SU-2023:4321-1 Rating: important References: * bsc#1215440 Cross-References: * CVE-2023-4623 CVSS scores: * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_139 fixes one issue. The following security issue was fixed: * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215440). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-4324=1 SUSE-SLE-Live- Patching-12-SP5-2023-4318=1 * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-4321=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_139-default-11-2.3 * kgraft-patch-4_12_14-122_159-default-6-2.2 * SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64) * kernel-livepatch-4_12_14-150100_197_151-default-4-150100.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-4623.html * https://bugzilla.suse.com/show_bug.cgi?id=1215440 -------------- next part -------------- An HTML attachment was scrubbed... URL: