February 2023 - openSUSE Security Announce

SUSE-SU-2023:0424-1: important: Security update for ImageMagick
by opensuse-security＠opensuse.org 15 Feb '23

15 Feb '23

SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0424-1 Rating: important References: #1207982 #1207983 Cross-References: CVE-2022-44267 CVE-2022-44268 CVSS scores: CVE-2022-44267 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-44267 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-44268 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-44268 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP 15-SP3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: - CVE-2022-44267: Fixed a denial of service when parsing a PNG image (bsc#1207982). - CVE-2022-44268: Fixed arbitrary file disclosure when parsing a PNG image (bsc#1207983). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-424=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-424=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-424=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-424=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-424=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-424=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-424=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-424=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-424=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-424=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-424=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.42.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1 - openSUSE Leap 15.4 (x86_64): libMagick++-7_Q16HDRI4-32bit-7.0.7.34-150200.10.42.1 libMagick++-7_Q16HDRI4-32bit-debuginfo-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.42.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): ImageMagick-7.0.7.34-150200.10.42.1 ImageMagick-config-7-SUSE-7.0.7.34-150200.10.42.1 ImageMagick-config-7-upstream-7.0.7.34-150200.10.42.1 ImageMagick-debuginfo-7.0.7.34-150200.10.42.1 ImageMagick-debugsource-7.0.7.34-150200.10.42.1 ImageMagick-devel-7.0.7.34-150200.10.42.1 libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.42.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.42.1 libMagick++-devel-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1 perl-PerlMagick-7.0.7.34-150200.10.42.1 perl-PerlMagick-debuginfo-7.0.7.34-150200.10.42.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): ImageMagick-7.0.7.34-150200.10.42.1 ImageMagick-config-7-SUSE-7.0.7.34-150200.10.42.1 ImageMagick-config-7-upstream-7.0.7.34-150200.10.42.1 ImageMagick-debuginfo-7.0.7.34-150200.10.42.1 ImageMagick-debugsource-7.0.7.34-150200.10.42.1 ImageMagick-devel-7.0.7.34-150200.10.42.1 libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.42.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.42.1 libMagick++-devel-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1 perl-PerlMagick-7.0.7.34-150200.10.42.1 perl-PerlMagick-debuginfo-7.0.7.34-150200.10.42.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): ImageMagick-7.0.7.34-150200.10.42.1 ImageMagick-config-7-SUSE-7.0.7.34-150200.10.42.1 ImageMagick-config-7-upstream-7.0.7.34-150200.10.42.1 ImageMagick-debuginfo-7.0.7.34-150200.10.42.1 ImageMagick-debugsource-7.0.7.34-150200.10.42.1 ImageMagick-devel-7.0.7.34-150200.10.42.1 libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.42.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.42.1 libMagick++-devel-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1 perl-PerlMagick-7.0.7.34-150200.10.42.1 perl-PerlMagick-debuginfo-7.0.7.34-150200.10.42.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): ImageMagick-7.0.7.34-150200.10.42.1 ImageMagick-config-7-SUSE-7.0.7.34-150200.10.42.1 ImageMagick-config-7-upstream-7.0.7.34-150200.10.42.1 ImageMagick-debuginfo-7.0.7.34-150200.10.42.1 ImageMagick-debugsource-7.0.7.34-150200.10.42.1 ImageMagick-devel-7.0.7.34-150200.10.42.1 libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.42.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.42.1 libMagick++-devel-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1 perl-PerlMagick-7.0.7.34-150200.10.42.1 perl-PerlMagick-debuginfo-7.0.7.34-150200.10.42.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): ImageMagick-7.0.7.34-150200.10.42.1 ImageMagick-config-7-SUSE-7.0.7.34-150200.10.42.1 ImageMagick-config-7-upstream-7.0.7.34-150200.10.42.1 ImageMagick-debuginfo-7.0.7.34-150200.10.42.1 ImageMagick-debugsource-7.0.7.34-150200.10.42.1 ImageMagick-devel-7.0.7.34-150200.10.42.1 libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.42.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.42.1 libMagick++-devel-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1 perl-PerlMagick-7.0.7.34-150200.10.42.1 perl-PerlMagick-debuginfo-7.0.7.34-150200.10.42.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): ImageMagick-7.0.7.34-150200.10.42.1 ImageMagick-config-7-SUSE-7.0.7.34-150200.10.42.1 ImageMagick-config-7-upstream-7.0.7.34-150200.10.42.1 ImageMagick-debuginfo-7.0.7.34-150200.10.42.1 ImageMagick-debugsource-7.0.7.34-150200.10.42.1 ImageMagick-devel-7.0.7.34-150200.10.42.1 libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.42.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.42.1 libMagick++-devel-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1 perl-PerlMagick-7.0.7.34-150200.10.42.1 perl-PerlMagick-debuginfo-7.0.7.34-150200.10.42.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): ImageMagick-7.0.7.34-150200.10.42.1 ImageMagick-config-7-SUSE-7.0.7.34-150200.10.42.1 ImageMagick-config-7-upstream-7.0.7.34-150200.10.42.1 ImageMagick-debuginfo-7.0.7.34-150200.10.42.1 ImageMagick-debugsource-7.0.7.34-150200.10.42.1 ImageMagick-devel-7.0.7.34-150200.10.42.1 libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.42.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.42.1 libMagick++-devel-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1 perl-PerlMagick-7.0.7.34-150200.10.42.1 perl-PerlMagick-debuginfo-7.0.7.34-150200.10.42.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): ImageMagick-7.0.7.34-150200.10.42.1 ImageMagick-config-7-SUSE-7.0.7.34-150200.10.42.1 ImageMagick-config-7-upstream-7.0.7.34-150200.10.42.1 ImageMagick-debuginfo-7.0.7.34-150200.10.42.1 ImageMagick-debugsource-7.0.7.34-150200.10.42.1 ImageMagick-devel-7.0.7.34-150200.10.42.1 libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.42.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.42.1 libMagick++-devel-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1 perl-PerlMagick-7.0.7.34-150200.10.42.1 perl-PerlMagick-debuginfo-7.0.7.34-150200.10.42.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): ImageMagick-7.0.7.34-150200.10.42.1 ImageMagick-config-7-SUSE-7.0.7.34-150200.10.42.1 ImageMagick-config-7-upstream-7.0.7.34-150200.10.42.1 ImageMagick-debuginfo-7.0.7.34-150200.10.42.1 ImageMagick-debugsource-7.0.7.34-150200.10.42.1 ImageMagick-devel-7.0.7.34-150200.10.42.1 libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.42.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.42.1 libMagick++-devel-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1 perl-PerlMagick-7.0.7.34-150200.10.42.1 perl-PerlMagick-debuginfo-7.0.7.34-150200.10.42.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): ImageMagick-7.0.7.34-150200.10.42.1 ImageMagick-config-7-SUSE-7.0.7.34-150200.10.42.1 ImageMagick-config-7-upstream-7.0.7.34-150200.10.42.1 ImageMagick-debuginfo-7.0.7.34-150200.10.42.1 ImageMagick-debugsource-7.0.7.34-150200.10.42.1 ImageMagick-devel-7.0.7.34-150200.10.42.1 libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.42.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.42.1 libMagick++-devel-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.42.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.42.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1 perl-PerlMagick-7.0.7.34-150200.10.42.1 perl-PerlMagick-debuginfo-7.0.7.34-150200.10.42.1 References: https://www.suse.com/security/cve/CVE-2022-44267.html https://www.suse.com/security/cve/CVE-2022-44268.html https://bugzilla.suse.com/1207982 https://bugzilla.suse.com/1207983

1 0

SUSE-SU-2023:0428-1: important: Security update for ImageMagick
by opensuse-security＠opensuse.org 15 Feb '23

15 Feb '23

SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0428-1 Rating: important References: #1207982 #1207983 Cross-References: CVE-2022-44267 CVE-2022-44268 CVSS scores: CVE-2022-44267 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-44267 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-44268 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-44268 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: - CVE-2022-44267: Fixed a denial of service when parsing a PNG image (bsc#1207982). - CVE-2022-44268: Fixed arbitrary file disclosure when parsing a PNG image (bsc#1207983). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-428=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-428=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-428=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ImageMagick-7.1.0.9-150400.6.12.1 ImageMagick-config-7-SUSE-7.1.0.9-150400.6.12.1 ImageMagick-config-7-upstream-7.1.0.9-150400.6.12.1 ImageMagick-debuginfo-7.1.0.9-150400.6.12.1 ImageMagick-debugsource-7.1.0.9-150400.6.12.1 ImageMagick-devel-7.1.0.9-150400.6.12.1 ImageMagick-extra-7.1.0.9-150400.6.12.1 ImageMagick-extra-debuginfo-7.1.0.9-150400.6.12.1 libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.12.1 libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.12.1 libMagick++-devel-7.1.0.9-150400.6.12.1 libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.12.1 libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.12.1 libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.12.1 libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.12.1 perl-PerlMagick-7.1.0.9-150400.6.12.1 perl-PerlMagick-debuginfo-7.1.0.9-150400.6.12.1 - openSUSE Leap 15.4 (x86_64): ImageMagick-devel-32bit-7.1.0.9-150400.6.12.1 libMagick++-7_Q16HDRI5-32bit-7.1.0.9-150400.6.12.1 libMagick++-7_Q16HDRI5-32bit-debuginfo-7.1.0.9-150400.6.12.1 libMagick++-devel-32bit-7.1.0.9-150400.6.12.1 libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-150400.6.12.1 libMagickCore-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.12.1 libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-150400.6.12.1 libMagickWand-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.12.1 - openSUSE Leap 15.4 (noarch): ImageMagick-doc-7.1.0.9-150400.6.12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-7.1.0.9-150400.6.12.1 ImageMagick-debugsource-7.1.0.9-150400.6.12.1 perl-PerlMagick-7.1.0.9-150400.6.12.1 perl-PerlMagick-debuginfo-7.1.0.9-150400.6.12.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): ImageMagick-7.1.0.9-150400.6.12.1 ImageMagick-config-7-SUSE-7.1.0.9-150400.6.12.1 ImageMagick-config-7-upstream-7.1.0.9-150400.6.12.1 ImageMagick-debuginfo-7.1.0.9-150400.6.12.1 ImageMagick-debugsource-7.1.0.9-150400.6.12.1 ImageMagick-devel-7.1.0.9-150400.6.12.1 libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.12.1 libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.12.1 libMagick++-devel-7.1.0.9-150400.6.12.1 libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.12.1 libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.12.1 libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.12.1 libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.12.1 References: https://www.suse.com/security/cve/CVE-2022-44267.html https://www.suse.com/security/cve/CVE-2022-44268.html https://bugzilla.suse.com/1207982 https://bugzilla.suse.com/1207983

1 0

SUSE-SU-2023:0430-1: important: Security update for git
by opensuse-security＠opensuse.org 15 Feb '23

15 Feb '23

SUSE Security Update: Security update for git ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0430-1 Rating: important References: #1208027 #1208028 Cross-References: CVE-2023-22490 CVE-2023-23946 CVSS scores: CVE-2023-22490 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2023-22490 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N CVE-2023-23946 (NVD) : 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2023-23946 (SUSE): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for git fixes the following issues: - CVE-2023-22490: Fixed incorrectly usable local clone optimization even when using a non-local transport (bsc#1208027). - CVE-2023-23946: Fixed issue where a path outside the working tree can be overwritten as the user who is running "git apply" (bsc#1208028). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-430=1 - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-430=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-430=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-430=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-430=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-430=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-430=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-430=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-430=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-430=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-430=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-430=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): git-2.35.3-150300.10.24.1 git-arch-2.35.3-150300.10.24.1 git-core-2.35.3-150300.10.24.1 git-core-debuginfo-2.35.3-150300.10.24.1 git-credential-gnome-keyring-2.35.3-150300.10.24.1 git-credential-gnome-keyring-debuginfo-2.35.3-150300.10.24.1 git-credential-libsecret-2.35.3-150300.10.24.1 git-credential-libsecret-debuginfo-2.35.3-150300.10.24.1 git-cvs-2.35.3-150300.10.24.1 git-daemon-2.35.3-150300.10.24.1 git-daemon-debuginfo-2.35.3-150300.10.24.1 git-debuginfo-2.35.3-150300.10.24.1 git-debugsource-2.35.3-150300.10.24.1 git-email-2.35.3-150300.10.24.1 git-gui-2.35.3-150300.10.24.1 git-p4-2.35.3-150300.10.24.1 git-svn-2.35.3-150300.10.24.1 git-web-2.35.3-150300.10.24.1 gitk-2.35.3-150300.10.24.1 perl-Git-2.35.3-150300.10.24.1 - openSUSE Leap 15.4 (noarch): git-doc-2.35.3-150300.10.24.1 - SUSE Manager Server 4.2 (ppc64le s390x x86_64): git-core-2.35.3-150300.10.24.1 git-core-debuginfo-2.35.3-150300.10.24.1 git-debuginfo-2.35.3-150300.10.24.1 git-debugsource-2.35.3-150300.10.24.1 perl-Git-2.35.3-150300.10.24.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): git-core-2.35.3-150300.10.24.1 git-core-debuginfo-2.35.3-150300.10.24.1 git-debuginfo-2.35.3-150300.10.24.1 git-debugsource-2.35.3-150300.10.24.1 perl-Git-2.35.3-150300.10.24.1 - SUSE Manager Proxy 4.2 (x86_64): git-core-2.35.3-150300.10.24.1 git-core-debuginfo-2.35.3-150300.10.24.1 git-debuginfo-2.35.3-150300.10.24.1 git-debugsource-2.35.3-150300.10.24.1 perl-Git-2.35.3-150300.10.24.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): git-2.35.3-150300.10.24.1 git-arch-2.35.3-150300.10.24.1 git-core-2.35.3-150300.10.24.1 git-core-debuginfo-2.35.3-150300.10.24.1 git-cvs-2.35.3-150300.10.24.1 git-daemon-2.35.3-150300.10.24.1 git-daemon-debuginfo-2.35.3-150300.10.24.1 git-debuginfo-2.35.3-150300.10.24.1 git-debugsource-2.35.3-150300.10.24.1 git-email-2.35.3-150300.10.24.1 git-gui-2.35.3-150300.10.24.1 git-svn-2.35.3-150300.10.24.1 git-web-2.35.3-150300.10.24.1 gitk-2.35.3-150300.10.24.1 perl-Git-2.35.3-150300.10.24.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (noarch): git-doc-2.35.3-150300.10.24.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): git-2.35.3-150300.10.24.1 git-arch-2.35.3-150300.10.24.1 git-core-2.35.3-150300.10.24.1 git-core-debuginfo-2.35.3-150300.10.24.1 git-cvs-2.35.3-150300.10.24.1 git-daemon-2.35.3-150300.10.24.1 git-daemon-debuginfo-2.35.3-150300.10.24.1 git-debuginfo-2.35.3-150300.10.24.1 git-debugsource-2.35.3-150300.10.24.1 git-email-2.35.3-150300.10.24.1 git-gui-2.35.3-150300.10.24.1 git-svn-2.35.3-150300.10.24.1 git-web-2.35.3-150300.10.24.1 gitk-2.35.3-150300.10.24.1 perl-Git-2.35.3-150300.10.24.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (noarch): git-doc-2.35.3-150300.10.24.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): git-2.35.3-150300.10.24.1 git-arch-2.35.3-150300.10.24.1 git-core-2.35.3-150300.10.24.1 git-core-debuginfo-2.35.3-150300.10.24.1 git-cvs-2.35.3-150300.10.24.1 git-daemon-2.35.3-150300.10.24.1 git-daemon-debuginfo-2.35.3-150300.10.24.1 git-debuginfo-2.35.3-150300.10.24.1 git-debugsource-2.35.3-150300.10.24.1 git-email-2.35.3-150300.10.24.1 git-gui-2.35.3-150300.10.24.1 git-svn-2.35.3-150300.10.24.1 git-web-2.35.3-150300.10.24.1 gitk-2.35.3-150300.10.24.1 perl-Git-2.35.3-150300.10.24.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (noarch): git-doc-2.35.3-150300.10.24.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): git-2.35.3-150300.10.24.1 git-arch-2.35.3-150300.10.24.1 git-cvs-2.35.3-150300.10.24.1 git-daemon-2.35.3-150300.10.24.1 git-daemon-debuginfo-2.35.3-150300.10.24.1 git-debuginfo-2.35.3-150300.10.24.1 git-debugsource-2.35.3-150300.10.24.1 git-email-2.35.3-150300.10.24.1 git-gui-2.35.3-150300.10.24.1 git-svn-2.35.3-150300.10.24.1 git-web-2.35.3-150300.10.24.1 gitk-2.35.3-150300.10.24.1 perl-Git-2.35.3-150300.10.24.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): git-doc-2.35.3-150300.10.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): git-core-2.35.3-150300.10.24.1 git-core-debuginfo-2.35.3-150300.10.24.1 git-debuginfo-2.35.3-150300.10.24.1 git-debugsource-2.35.3-150300.10.24.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): git-2.35.3-150300.10.24.1 git-arch-2.35.3-150300.10.24.1 git-core-2.35.3-150300.10.24.1 git-core-debuginfo-2.35.3-150300.10.24.1 git-cvs-2.35.3-150300.10.24.1 git-daemon-2.35.3-150300.10.24.1 git-daemon-debuginfo-2.35.3-150300.10.24.1 git-debuginfo-2.35.3-150300.10.24.1 git-debugsource-2.35.3-150300.10.24.1 git-email-2.35.3-150300.10.24.1 git-gui-2.35.3-150300.10.24.1 git-svn-2.35.3-150300.10.24.1 git-web-2.35.3-150300.10.24.1 gitk-2.35.3-150300.10.24.1 perl-Git-2.35.3-150300.10.24.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (noarch): git-doc-2.35.3-150300.10.24.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): git-2.35.3-150300.10.24.1 git-arch-2.35.3-150300.10.24.1 git-core-2.35.3-150300.10.24.1 git-core-debuginfo-2.35.3-150300.10.24.1 git-cvs-2.35.3-150300.10.24.1 git-daemon-2.35.3-150300.10.24.1 git-daemon-debuginfo-2.35.3-150300.10.24.1 git-debuginfo-2.35.3-150300.10.24.1 git-debugsource-2.35.3-150300.10.24.1 git-email-2.35.3-150300.10.24.1 git-gui-2.35.3-150300.10.24.1 git-svn-2.35.3-150300.10.24.1 git-web-2.35.3-150300.10.24.1 gitk-2.35.3-150300.10.24.1 perl-Git-2.35.3-150300.10.24.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (noarch): git-doc-2.35.3-150300.10.24.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): git-2.35.3-150300.10.24.1 git-arch-2.35.3-150300.10.24.1 git-core-2.35.3-150300.10.24.1 git-core-debuginfo-2.35.3-150300.10.24.1 git-cvs-2.35.3-150300.10.24.1 git-daemon-2.35.3-150300.10.24.1 git-daemon-debuginfo-2.35.3-150300.10.24.1 git-debuginfo-2.35.3-150300.10.24.1 git-debugsource-2.35.3-150300.10.24.1 git-email-2.35.3-150300.10.24.1 git-gui-2.35.3-150300.10.24.1 git-svn-2.35.3-150300.10.24.1 git-web-2.35.3-150300.10.24.1 gitk-2.35.3-150300.10.24.1 perl-Git-2.35.3-150300.10.24.1 - SUSE Enterprise Storage 7.1 (noarch): git-doc-2.35.3-150300.10.24.1 References: https://www.suse.com/security/cve/CVE-2023-22490.html https://www.suse.com/security/cve/CVE-2023-23946.html https://bugzilla.suse.com/1208027 https://bugzilla.suse.com/1208028

1 0

openSUSE-SU-2023:0047-1: important: Security update for phpMyAdmin
by opensuse-security＠opensuse.org 15 Feb '23

15 Feb '23

openSUSE Security Update: Security update for phpMyAdmin ______________________________________________________________________________ Announcement ID: openSUSE-SU-2023:0047-1 Rating: important References: #1195017 #1195018 #1197036 #1208186 Cross-References: CVE-2022-0813 CVE-2022-23807 CVE-2022-23808 CVE-2023-25727 CVSS scores: CVE-2022-0813 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-0813 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-23807 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVE-2022-23808 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: openSUSE Backports SLE-15-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for phpMyAdmin fixes the following issues: phpMyAdmin was updated to 5.2.1 This is a security and bufix release. * Security: - Fix (PMASA-2023-01, CWE-661, boo#1208186, CVE-2023-25727) Fix an XSS attack through the drag-and-drop upload feature. * Bugfixes: - issue #17522 Fix case where the routes cache file is invalid - issue #17506 Fix error when configuring 2FA without XMLWriter or Imagick - issue Fix blank page when some error occurs - issue #17519 Fix Export pages not working in certain conditions - issue #17496 Fix error in table operation page when partitions are broken - issue #17386 Fix system memory and system swap values on Windows - issue #17517 Fix Database Server panel not getting hidden by ShowServerInfo configuration directive - issue #17271 Fix database names not showing on Processes tab - issue #17424 Fix export limit size calculation - issue #17366 Fix refresh rate popup on Monitor page - issue #17577 Fix monitor charts size on RTL languages - issue #17121 Fix password_hash function incorrectly adding single quotes to password before hashing - issue #17586 Fix statistics not showing for empty databases - issue #17592 Clicking on the New index link on the sidebar does not throw an error anymore - issue #17584 It's now possible to browse a database that includes two % in its name - issue Fix PHP 8.2 deprecated string interpolation syntax - issue Some languages are now correctly detected from the HTTP header - issue #17617 Sorting is correctly remembered when $cfg['RememberSorting'] is true - issue #17593 Table filtering now works when action buttons are on the right side of the row - issue #17388 Find and Replace using regex now makes a valid query if no matching result set found - issue #17551 Enum/Set editor will not fail to open when creating a new column - issue #17659 Fix error when a database group is named tables, views, functions, procedures or events - issue #17673 Allow empty values to be inserted into columns - issue #17620 Fix error handling at phpMyAdmin startup for the JS SQL console - issue Fixed debug queries console broken UI for query time and group count - issue Fixed escaping of SQL query and errors for the debug console - issue Fix console toolbar UI when the bookmark feature is disabled and sql debug is enabled - issue #17543 Fix JS error on saving a new designer page - issue #17546 Fix JS error after using save as and open page operation on the designer - issue Fix PHP warning on GIS visualization when there is only one GIS column - issue #17728 Some select HTML tags will now have the correct UI style - issue #17734 PHP deprecations will only be shown when in a development environment - issue #17369 Fix server error when blowfish_secret is not exactly 32 bytes long - issue #17736 Add utf8mb3 as an alias of utf8 on the charset description page - issue #16418 Fix FAQ 1.44 about manually removing vendor folders - issue #12359 Setup page now sends the Content-Security-Policy headers - issue #17747 The Column Visibility Toggle will not be hidden by other elements - issue #17756 Edit/Copy/Delete row now works when using GROUP BY - issue #17248 Support the UUID data type for MariaDB >= 10.7 - issue #17656 Fix replace/change/set table prefix is not working - issue Fix monitor page filter queries only filtering the first row - issue Fix "Link not found!" on foreign columns for tables having no char column to show - issue #17390 Fix "Create view" modal doesn't show on results and empty results - issue #17772 Fix wrong styles for add button from central columns - issue #17389 Fix HTML disappears when exporting settings to browser's storage - issue #17166 Fix "Warning: #1287 'X' is deprecated [...] Please use ST_X instead." on search page - issue Use jquery-migrate.min.js (14KB) instead of jquery-migrate.min.js (31KB) - issue #17842 Use jquery.validate.min.js (24 KB) instead of jquery.validate.js (50 KB) - issue #17281 Fix links to databases for information_schema.SCHEMATA - issue #17553 Fix Metro theme unreadable links above navigation tree - issue #17553 Metro theme UI fixes and improvements - issue #17553 Fix Metro theme login form with - issue #16042 Exported gzip file of database has first ~73 kB uncompressed and rest is gzip compressed in Firefox - issue #17705 Fix inline SQL query edit FK checkbox preventing submit buttons from working - issue #17777 Fix Uncaught TypeError: Cannot read properties of null (reading 'inline') on datepickers when re-opened - issue Fix Original theme buttons style and login form width - issue #17892 Fix closing index edit modal and reopening causes it to fire twice - issue #17606 Fix preview SQL modal not working inside "Add Index" modal - issue Fix PHP error on adding new column on create table form - issue #17482 Default to "Full texts" when running explain statements - issue Fixed Chrome scrolling performance issue on a textarea of an "export as text" page - issue #17703 Fix datepicker appears on all fields, not just date - issue Fix space in the tree line when a DB is expanded - issue #17340 Fix "New Table" page -> "VIRTUAL" attribute is lost when adding a new column - issue #17446 Fix missing option for STORED virtual column on MySQL and PERSISTENT is not supported on MySQL - issue #17446 Lower the check for virtual columns to MySQL>=5.7.6 nothing is supported on 5.7.5 - issue Fix column names option for CSV Export - issue #17177 Fix preview SQL when reordering columns doesn't work on move columns - issue #15887 Fixed DROP TABLE errors ignored on multi table select for DROP - issue #17944 Fix unable to create a view from tree view button - issue #17927 Fix key navigation between select inputs (drop an old Firefox workaround) - issue #17967 Fix missing icon for collapse all button - issue #18006 Fixed UUID columns can't be moved - issue Add `spellcheck="false"` to all password fields and some text fields to avoid spell-jacking data leaks - issue Remove non working "Analyze Explain at MariaDB.org" button (MariaDB stopped this service) - issue #17229 Add support for Web Authentication API because Chrome removed support for the U2F API - issue #18019 Fix "Call to a member function fetchAssoc() on bool" with SQL mode ONLY_FULL_GROUP_BY on monitor search logs - issue Add back UUID and UUID_SHORT to functions on MySQL and all MariaDB versions - issue #17398 Fix clicking on JSON columns triggers update query - issue Fix silent JSON parse error on upload progress - issue #17833 Fix "Add Parameter" button not working for Add Routine Screen - issue #17365 Fixed "Uncaught Error: regexp too big" on server status variables page Update to 5.2.0 * Bugfix - issue #16521 Upgrade Bootstrap to version 5 - issue #16521 Drop support for Internet Explorer and others - issue Upgrade to shapefile 3 - issue #16555 Bump minimum PHP version to 7.2 - issue Remove the phpseclib dependency - issue Upgrade Symfony components to version 5.2 - issue Upgrade to Motranslator 4 - issue #16005 Improve the performance of the Export logic - issue #16829 Add NOT LIKE %...% operator to Table search - issue #16845 Fixed some links not passing through url.php - issue #16382 Remove apc upload progress method (all upload progress code was removed from the PHP extension) - issue #16974 Replace zxcvbn by zxcvbn-ts - issue #15691 Disable the last column checkbox in the column list dropdown instead of not allowing un-check - issue #16138 Ignore the length of integer types and show a warning on MySQL >= 8.0.18 - issue Add support for the Mroonga engine - issue Double click column name to directly copy to clipboard - issue #16425 Add DELETE FROM table on table operations page - issue #16482 Add a select all link for table-specific privileges - issue #14276 Add support for account locking - issue #17143 Use composer/ca-bundle to manage the CA cert file - issue #17143 Require the openssl PHP extension - issue #17171 Remove the printview.css file from themes - issue #17203 Redesign the export and the import pages - issue #16197 Replace the master/slave terminology - issue #17257 Replace libraries/vendor_config.php constants with an array - issue Add the Bootstrap theme - issue #17499 Remove stickyfilljs JavaScript dependency Update to 5.1.3 This is a security and bufix release. * Security - Fix for boo#1197036 (CVE-2022-0813) - Fix for path disclosure under certain server configurations (if display_errors is on, for instance) * Bugfix - issue #17308 Fix broken pagination links in the navigation sidebar - issue #17331 Fix MariaDB has no support for system variable "disabled_storage_engines" - issue #17315 Fix unsupported operand types in Results.php when running "SHOW PROCESSLIST" SQL query - issue #17288 Fixed importing browser settings question box after login when having no pmadb - issue #17288 Fix "First day of calendar" user override has no effect - issue #17239 Fixed repeating headers are not working - issue #17298 Fixed import of email-adresses or links from ODS results in empty contents - issue #17344 Fixed a type error on ODS import with non string values - issue #17239 Fixed header row show/hide columns buttons on each line after hover are shown on each row Update to 5.1.2 This is a security and bufix release. * Security - Fix boo#1195017 (CVE-2022-23807, PMASA-2022-1, CWE-661) Two factor authentication bypass - Fix boo#1195018 (CVE-2022-23808, PMASA-2022-2, CWE-661) Multiple XSS and HTML injection attacks in setup script * Bugfixes - Revert a changed to $cfg['CharTextareaRows'] allow values less than 7 - Fix encoding of enum and set values on edit value - Fixed possible "Undefined index: clause_is_unique" error - Fixed some situations where a user is logged out when working with more than one server - Fixed a problem with assigning privileges to a user using the multiselect list when the database name has an underscore - Enable cookie parameter "SameSite" when the PHP version is 7.3 or newer - Correctly handle the removal of "innodb_file_format" in MariaDB and MySQL Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2023-47=1 Package List: - openSUSE Backports SLE-15-SP4 (noarch): phpMyAdmin-5.2.1-bp154.2.3.1 phpMyAdmin-apache-5.2.1-bp154.2.3.1 phpMyAdmin-lang-5.2.1-bp154.2.3.1 References: https://www.suse.com/security/cve/CVE-2022-0813.html https://www.suse.com/security/cve/CVE-2022-23807.html https://www.suse.com/security/cve/CVE-2022-23808.html https://www.suse.com/security/cve/CVE-2023-25727.html https://bugzilla.suse.com/1195017 https://bugzilla.suse.com/1195018 https://bugzilla.suse.com/1197036 https://bugzilla.suse.com/1208186

1 0

SUSE-SU-2023:0418-1: important: Security update for git
by opensuse-security＠opensuse.org 15 Feb '23

15 Feb '23

SUSE Security Update: Security update for git ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0418-1 Rating: important References: #1204455 #1204456 #1208027 #1208028 Cross-References: CVE-2022-39253 CVE-2022-39260 CVE-2023-22490 CVE-2023-23946 CVSS scores: CVE-2022-39253 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-39253 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2022-39260 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-39260 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2023-22490 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2023-22490 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N CVE-2023-23946 (NVD) : 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2023-23946 (SUSE): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for git fixes the following issues: - CVE-2023-22490: Fixed incorrectly usable local clone optimization even when using a non-local transport (bsc#1208027). - CVE-2023-23946: Fixed issue where a path outside the working tree can be overwritten as the user who is running "git apply" (bsc#1208028). - CVE-2022-39260: Fixed overflow in `split_cmdline()`, leading to arbitrary heap writes and remote code execution (bsc#1204456). - CVE-2022-39253: Fixed dereference issue with symbolic links via the `--local` clone mechanism (bsc#1204455). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-418=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-418=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-418=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-418=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-418=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-418=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-418=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-418=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): git-svn-debuginfo-2.26.2-150000.47.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): git-2.26.2-150000.47.1 git-arch-2.26.2-150000.47.1 git-core-2.26.2-150000.47.1 git-core-debuginfo-2.26.2-150000.47.1 git-cvs-2.26.2-150000.47.1 git-daemon-2.26.2-150000.47.1 git-daemon-debuginfo-2.26.2-150000.47.1 git-debuginfo-2.26.2-150000.47.1 git-debugsource-2.26.2-150000.47.1 git-email-2.26.2-150000.47.1 git-gui-2.26.2-150000.47.1 git-svn-2.26.2-150000.47.1 git-svn-debuginfo-2.26.2-150000.47.1 git-web-2.26.2-150000.47.1 gitk-2.26.2-150000.47.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): git-doc-2.26.2-150000.47.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): git-2.26.2-150000.47.1 git-arch-2.26.2-150000.47.1 git-core-2.26.2-150000.47.1 git-core-debuginfo-2.26.2-150000.47.1 git-cvs-2.26.2-150000.47.1 git-daemon-2.26.2-150000.47.1 git-daemon-debuginfo-2.26.2-150000.47.1 git-debuginfo-2.26.2-150000.47.1 git-debugsource-2.26.2-150000.47.1 git-email-2.26.2-150000.47.1 git-gui-2.26.2-150000.47.1 git-svn-2.26.2-150000.47.1 git-svn-debuginfo-2.26.2-150000.47.1 git-web-2.26.2-150000.47.1 gitk-2.26.2-150000.47.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): git-doc-2.26.2-150000.47.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): git-2.26.2-150000.47.1 git-arch-2.26.2-150000.47.1 git-core-2.26.2-150000.47.1 git-core-debuginfo-2.26.2-150000.47.1 git-cvs-2.26.2-150000.47.1 git-daemon-2.26.2-150000.47.1 git-daemon-debuginfo-2.26.2-150000.47.1 git-debuginfo-2.26.2-150000.47.1 git-debugsource-2.26.2-150000.47.1 git-email-2.26.2-150000.47.1 git-gui-2.26.2-150000.47.1 git-svn-2.26.2-150000.47.1 git-svn-debuginfo-2.26.2-150000.47.1 git-web-2.26.2-150000.47.1 gitk-2.26.2-150000.47.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): git-doc-2.26.2-150000.47.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): git-2.26.2-150000.47.1 git-arch-2.26.2-150000.47.1 git-core-2.26.2-150000.47.1 git-core-debuginfo-2.26.2-150000.47.1 git-cvs-2.26.2-150000.47.1 git-daemon-2.26.2-150000.47.1 git-daemon-debuginfo-2.26.2-150000.47.1 git-debuginfo-2.26.2-150000.47.1 git-debugsource-2.26.2-150000.47.1 git-email-2.26.2-150000.47.1 git-gui-2.26.2-150000.47.1 git-svn-2.26.2-150000.47.1 git-svn-debuginfo-2.26.2-150000.47.1 git-web-2.26.2-150000.47.1 gitk-2.26.2-150000.47.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): git-doc-2.26.2-150000.47.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): git-2.26.2-150000.47.1 git-arch-2.26.2-150000.47.1 git-core-2.26.2-150000.47.1 git-core-debuginfo-2.26.2-150000.47.1 git-cvs-2.26.2-150000.47.1 git-daemon-2.26.2-150000.47.1 git-daemon-debuginfo-2.26.2-150000.47.1 git-debuginfo-2.26.2-150000.47.1 git-debugsource-2.26.2-150000.47.1 git-email-2.26.2-150000.47.1 git-gui-2.26.2-150000.47.1 git-svn-2.26.2-150000.47.1 git-svn-debuginfo-2.26.2-150000.47.1 git-web-2.26.2-150000.47.1 gitk-2.26.2-150000.47.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): git-doc-2.26.2-150000.47.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): git-2.26.2-150000.47.1 git-arch-2.26.2-150000.47.1 git-core-2.26.2-150000.47.1 git-core-debuginfo-2.26.2-150000.47.1 git-cvs-2.26.2-150000.47.1 git-daemon-2.26.2-150000.47.1 git-daemon-debuginfo-2.26.2-150000.47.1 git-debuginfo-2.26.2-150000.47.1 git-debugsource-2.26.2-150000.47.1 git-email-2.26.2-150000.47.1 git-gui-2.26.2-150000.47.1 git-svn-2.26.2-150000.47.1 git-svn-debuginfo-2.26.2-150000.47.1 git-web-2.26.2-150000.47.1 gitk-2.26.2-150000.47.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): git-doc-2.26.2-150000.47.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): git-2.26.2-150000.47.1 git-arch-2.26.2-150000.47.1 git-core-2.26.2-150000.47.1 git-core-debuginfo-2.26.2-150000.47.1 git-cvs-2.26.2-150000.47.1 git-daemon-2.26.2-150000.47.1 git-daemon-debuginfo-2.26.2-150000.47.1 git-debuginfo-2.26.2-150000.47.1 git-debugsource-2.26.2-150000.47.1 git-email-2.26.2-150000.47.1 git-gui-2.26.2-150000.47.1 git-svn-2.26.2-150000.47.1 git-svn-debuginfo-2.26.2-150000.47.1 git-web-2.26.2-150000.47.1 gitk-2.26.2-150000.47.1 - SUSE Enterprise Storage 7 (noarch): git-doc-2.26.2-150000.47.1 - SUSE CaaS Platform 4.0 (x86_64): git-2.26.2-150000.47.1 git-arch-2.26.2-150000.47.1 git-core-2.26.2-150000.47.1 git-core-debuginfo-2.26.2-150000.47.1 git-cvs-2.26.2-150000.47.1 git-daemon-2.26.2-150000.47.1 git-daemon-debuginfo-2.26.2-150000.47.1 git-debuginfo-2.26.2-150000.47.1 git-debugsource-2.26.2-150000.47.1 git-email-2.26.2-150000.47.1 git-gui-2.26.2-150000.47.1 git-svn-2.26.2-150000.47.1 git-svn-debuginfo-2.26.2-150000.47.1 git-web-2.26.2-150000.47.1 gitk-2.26.2-150000.47.1 - SUSE CaaS Platform 4.0 (noarch): git-doc-2.26.2-150000.47.1 References: https://www.suse.com/security/cve/CVE-2022-39253.html https://www.suse.com/security/cve/CVE-2022-39260.html https://www.suse.com/security/cve/CVE-2023-22490.html https://www.suse.com/security/cve/CVE-2023-23946.html https://bugzilla.suse.com/1204455 https://bugzilla.suse.com/1204456 https://bugzilla.suse.com/1208027 https://bugzilla.suse.com/1208028

1 0

SUSE-SU-2023:0419-1: moderate: Security update for nodejs18
by opensuse-security＠opensuse.org 15 Feb '23

15 Feb '23

SUSE Security Update: Security update for nodejs18 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0419-1 Rating: moderate References: #1200303 #1201325 #1201326 #1201327 #1201328 #1203831 #1203832 #1205042 #1205119 #1205236 PED-2097 PED-3192 Cross-References: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 CVE-2022-35255 CVE-2022-35256 CVE-2022-43548 CVSS scores: CVE-2022-32212 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-32212 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-32213 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2022-32213 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2022-32214 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2022-32214 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CVE-2022-32215 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2022-32215 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CVE-2022-35255 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-35255 (SUSE): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N CVE-2022-35256 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2022-35256 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2022-43548 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43548 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Web Scripting 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap 15.5 ______________________________________________________________________________ An update that solves 7 vulnerabilities, contains two features and has three fixes is now available. Description: This update for nodejs18 fixes the following issues: This update ships nodejs18 (jsc#PED-2097) Update to NodejJS 18.13.0 LTS: * build: disable v8 snapshot compression by default * crypto: update root certificates * deps: update ICU to 72.1 * doc: + add doc-only deprecation for headers/trailers setters + add Rafael to the tsc + deprecate use of invalid ports in url.parse + deprecate url.parse() * lib: drop fetch experimental warning * net: add autoSelectFamily and autoSelectFamilyAttemptTimeout options * src: + add uvwasi version + add initial shadow realm support * test_runner: + add t.after() hook + don't use a symbol for runHook() * tls: + add "ca" property to certificate object * util: + add fast path for utf8 encoding + improve textdecoder decode performance + add MIME utilities - Fixes compatibility with ICU 72.1 (bsc#1205236) - Fix migration to openssl-3 (bsc#1205042) Update to NodeJS 18.12.1 LTS: * inspector: DNS rebinding in --inspect via invalid octal IP (bsc#1205119, CVE-2022-43548) Update to NodeJS 18.12.0 LTS: * Running in 'watch' mode using node --watch restarts the process when an imported file is changed. * fs: add FileHandle.prototype.readLines * http: add writeEarlyHints function to ServerResponse * http2: make early hints generic * util: add default value option to parsearg Update to NodeJS 18.11.0: * added experimental watch mode -- running in 'watch' mode using node --watch restarts the process when an imported file is changed * fs: add FileHandle.prototype.readLines * http: add writeEarlyHints function to ServerResponse * http2: make early hints generic * lib: refactor transferable AbortSignal * src: add detailed embedder process initialization API * util: add default value option to parsearg Update to NodeJS 18.10.0: * deps: upgrade npm to 8.19.2 * http: throw error on content-length mismatch * stream: add ReadableByteStream.tee() Update to Nodejs 18.9.1: * deps: llhttp updated to 6.0.10 + CVE-2022-32213 bypass via obs-fold mechanic (bsc#1201325) + Incorrect Parsing of Multi-line Transfer-Encoding (CVE-2022-32215, bsc#1201327) + Incorrect Parsing of Header Fields (CVE-2022-35256, bsc#1203832) * crypto: fix weak randomness in WebCrypto keygen (CVE-2022-35255, bsc#1203831) Update to Nodejs 18.9.0: * lib - add diagnostics channel for process and worker * os - add machine method * report - expose report public native apis * src - expose environment RequestInterrupt api * vm - include vm context in the embedded snapshot Changes in 18.8.0: * bootstrap: implement run-time user-land snapshots via --build-snapshot and --snapshot-blob. See * crypto: + allow zero-length IKM in HKDF and in webcrypto PBKDF2 + allow zero-length secret KeyObject * deps: upgrade npm to 8.18.0 * http: make idle http parser count configurable * net: add local family * src: print source map error source on demand * tls: pass a valid socket on tlsClientError Update to Nodejs 18.7.0: * events: add CustomEvent * http: add drop request event for http server * lib: improved diagnostics_channel subscribe/unsubscribe * util: add tokens to parseArgs - enable crypto policy ciphers for TW and SLE15 SP4+ (bsc#1200303) Update to Nodejs 18.6.0: * Experimental ESM Loader Hooks API. For details see, https://nodejs.org/api/esm.html * dns: export error code constants from dns/promises * esm: add chaining to loaders * http: add diagnostics channel for http client * http: add perf_hooks detail for http request and client * module: add isBuiltIn method * net: add drop event for net server * test_runner: expose describe and it * v8: add v8.startupSnapshot utils For details, see https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18 .6.0 Update to Nodejs 18.5.0: * http: stricter Transfer-Encoding and header separator parsing (bsc#1201325, bsc#1201326, bsc#1201327, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215) * src: fix IPv4 validation in inspector_socket (bsc#1201328, CVE-2022-32212) For details, see https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18 .5.0 Update to Nodejs 18.4.0. For detailed changes see, https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18 .4.0 Initial packaging of Nodejs 18.2.0. For detailed changes since previous versions, see https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V18.md# 18.2.0 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.5: zypper in -t patch openSUSE-SLE-15.5-2023-419=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-419=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP4: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2023-419=1 Package List: - openSUSE Leap 15.5 (aarch64 s390x x86_64): corepack18-18.13.0-150400.9.3.1 nodejs18-18.13.0-150400.9.3.1 nodejs18-debuginfo-18.13.0-150400.9.3.1 nodejs18-debugsource-18.13.0-150400.9.3.1 nodejs18-devel-18.13.0-150400.9.3.1 npm18-18.13.0-150400.9.3.1 - openSUSE Leap 15.5 (noarch): nodejs18-docs-18.13.0-150400.9.3.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): corepack18-18.13.0-150400.9.3.1 nodejs18-18.13.0-150400.9.3.1 nodejs18-debuginfo-18.13.0-150400.9.3.1 nodejs18-debugsource-18.13.0-150400.9.3.1 nodejs18-devel-18.13.0-150400.9.3.1 npm18-18.13.0-150400.9.3.1 - openSUSE Leap 15.4 (noarch): nodejs18-docs-18.13.0-150400.9.3.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP4 (aarch64 ppc64le s390x x86_64): nodejs18-18.13.0-150400.9.3.1 nodejs18-debuginfo-18.13.0-150400.9.3.1 nodejs18-debugsource-18.13.0-150400.9.3.1 nodejs18-devel-18.13.0-150400.9.3.1 npm18-18.13.0-150400.9.3.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP4 (noarch): nodejs18-docs-18.13.0-150400.9.3.1 References: https://www.suse.com/security/cve/CVE-2022-32212.html https://www.suse.com/security/cve/CVE-2022-32213.html https://www.suse.com/security/cve/CVE-2022-32214.html https://www.suse.com/security/cve/CVE-2022-32215.html https://www.suse.com/security/cve/CVE-2022-35255.html https://www.suse.com/security/cve/CVE-2022-35256.html https://www.suse.com/security/cve/CVE-2022-43548.html https://bugzilla.suse.com/1200303 https://bugzilla.suse.com/1201325 https://bugzilla.suse.com/1201326 https://bugzilla.suse.com/1201327 https://bugzilla.suse.com/1201328 https://bugzilla.suse.com/1203831 https://bugzilla.suse.com/1203832 https://bugzilla.suse.com/1205042 https://bugzilla.suse.com/1205119 https://bugzilla.suse.com/1205236

1 0

openSUSE-SU-2023:0046-1: important: Security update for timescaledb
by opensuse-security＠opensuse.org 14 Feb '23

14 Feb '23

openSUSE Security Update: Security update for timescaledb ______________________________________________________________________________ Announcement ID: openSUSE-SU-2023:0046-1 Rating: important References: #1197063 Cross-References: CVE-2022-24128 CVSS scores: CVE-2022-24128 (NVD) : 8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for timescaledb fixes the following issues: Update to version 2.9.3 - https://github.com/timescale/timescaledb/releases/tag/2.9.3 - https://github.com/timescale/timescaledb/releases/tag/2.9.2 - https://github.com/timescale/timescaledb/releases/tag/2.9.1 - https://github.com/timescale/timescaledb/releases/tag/2.9.0 - https://github.com/timescale/timescaledb/releases/tag/2.8.1 - https://github.com/timescale/timescaledb/releases/tag/2.8.0 - https://github.com/timescale/timescaledb/releases/tag/2.7.1 - https://github.com/timescale/timescaledb/releases/tag/2.7.2 - https://github.com/timescale/timescaledb/releases/tag/2.7.0 - https://github.com/timescale/timescaledb/releases/tag/2.6.1 - CVE-2022-24128: Fixed privilege escalation during extension installation (boo#1197063) - https://github.com/timescale/timescaledb/releases/tag/2.6.0 - https://github.com/timescale/timescaledb/releases/tag/2.5.2 - https://github.com/timescale/timescaledb/releases/tag/2.5.1 - https://github.com/timescale/timescaledb/releases/tag/1.7.5 - https://github.com/timescale/timescaledb/releases/tag/2.0.0 - https://github.com/timescale/timescaledb/releases/tag/2.0.1 - https://github.com/timescale/timescaledb/releases/tag/2.0.2 - https://github.com/timescale/timescaledb/releases/tag/2.1.0 - https://github.com/timescale/timescaledb/releases/tag/2.1.1 - https://github.com/timescale/timescaledb/releases/tag/2.2.0 - https://github.com/timescale/timescaledb/releases/tag/2.2.1 - https://github.com/timescale/timescaledb/releases/tag/2.3.0 - https://github.com/timescale/timescaledb/releases/tag/2.3.1 - https://github.com/timescale/timescaledb/releases/tag/2.4.0 - https://github.com/timescale/timescaledb/releases/tag/2.4.1 - https://github.com/timescale/timescaledb/releases/tag/2.4.2 - https://github.com/timescale/timescaledb/releases/tag/2.5.0 - enable postgresql14 - https://github.com/timescale/timescaledb/releases/tag/1.7.2 - https://github.com/timescale/timescaledb/releases/tag/1.7.3 - https://github.com/timescale/timescaledb/releases/tag/1.7.4 Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2023-46=1 Package List: - openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64): postgresql12-timescaledb-2.9.3-bp154.2.3.1 postgresql13-timescaledb-2.9.3-bp154.2.3.1 postgresql14-timescaledb-2.9.3-bp154.2.3.1 postgresql15-timescaledb-2.9.3-bp154.2.3.1 References: https://www.suse.com/security/cve/CVE-2022-24128.html https://bugzilla.suse.com/1197063

1 0

SUSE-SU-2023:0410-1: important: Security update for the Linux Kernel
by opensuse-security＠opensuse.org 14 Feb '23

14 Feb '23

SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0410-1 Rating: important References: #1203693 #1205149 #1206073 #1206389 #1206395 #1206664 #1206677 #1206784 #1207036 #1207186 #1207237 PED-1706 Cross-References: CVE-2022-3107 CVE-2022-3108 CVE-2022-3564 CVE-2022-4662 CVE-2022-47929 CVE-2023-23454 CVSS scores: CVE-2022-3107 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3107 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3108 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3108 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3564 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3564 (SUSE): 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-4662 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4662 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-47929 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-47929 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H CVE-2023-23454 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-23454 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 6 vulnerabilities, contains one feature and has 5 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 kernel was updated receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-3107: Fixed missing check of return value of kvmalloc_array() (bnc#1206395). - CVE-2022-3108: Fixed missing check of return value of kmemdup() (bnc#1206389). - CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bnc#1206073). - CVE-2022-4662: Fixed incorrect access control in the USB core subsystem that could lead a local user to crash the system (bnc#1206664). - CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic control subsystem (bnc#1207237). - CVE-2023-23454: Fixed denial or service in cbq_classify in net/sched/sch_cbq.c (bnc#1207036). The following non-security bugs were fixed: - Added support for enabling livepatching related packages on -RT (jsc#PED-1706). - Added suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149). - HID: betop: check shape of output reports (git-fixes, bsc#1207186). - HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes, bsc#1207186). - HID: check empty report_list in hid_validate_values() (git-fixes, bsc#1206784). - Reverted "constraints: increase disk space for all architectures" (bsc#1203693) - net: sched: atm: dont intepret cls results when asked to drop (bsc#1207036). - net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036). - sctp: fail if no bound addresses can be used for a given scope (bsc#1206677). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-410=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-410=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-410=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-410=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-410=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-410=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): kernel-default-base-debuginfo-4.12.14-150100.197.134.1 kernel-vanilla-4.12.14-150100.197.134.1 kernel-vanilla-base-4.12.14-150100.197.134.1 kernel-vanilla-base-debuginfo-4.12.14-150100.197.134.1 kernel-vanilla-debuginfo-4.12.14-150100.197.134.1 kernel-vanilla-debugsource-4.12.14-150100.197.134.1 kernel-vanilla-devel-4.12.14-150100.197.134.1 kernel-vanilla-devel-debuginfo-4.12.14-150100.197.134.1 kernel-vanilla-livepatch-devel-4.12.14-150100.197.134.1 - openSUSE Leap 15.4 (ppc64le x86_64): kernel-debug-base-4.12.14-150100.197.134.1 kernel-debug-base-debuginfo-4.12.14-150100.197.134.1 - openSUSE Leap 15.4 (x86_64): kernel-kvmsmall-base-4.12.14-150100.197.134.1 kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.134.1 - openSUSE Leap 15.4 (s390x): kernel-default-man-4.12.14-150100.197.134.1 kernel-zfcpdump-man-4.12.14-150100.197.134.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): kernel-default-4.12.14-150100.197.134.1 kernel-default-base-4.12.14-150100.197.134.1 kernel-default-base-debuginfo-4.12.14-150100.197.134.1 kernel-default-debuginfo-4.12.14-150100.197.134.1 kernel-default-debugsource-4.12.14-150100.197.134.1 kernel-default-devel-4.12.14-150100.197.134.1 kernel-default-devel-debuginfo-4.12.14-150100.197.134.1 kernel-obs-build-4.12.14-150100.197.134.1 kernel-obs-build-debugsource-4.12.14-150100.197.134.1 kernel-syms-4.12.14-150100.197.134.1 reiserfs-kmp-default-4.12.14-150100.197.134.1 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.134.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): kernel-devel-4.12.14-150100.197.134.1 kernel-docs-4.12.14-150100.197.134.1 kernel-macros-4.12.14-150100.197.134.1 kernel-source-4.12.14-150100.197.134.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-150100.197.134.1 kernel-default-base-4.12.14-150100.197.134.1 kernel-default-base-debuginfo-4.12.14-150100.197.134.1 kernel-default-debuginfo-4.12.14-150100.197.134.1 kernel-default-debugsource-4.12.14-150100.197.134.1 kernel-default-devel-4.12.14-150100.197.134.1 kernel-default-devel-debuginfo-4.12.14-150100.197.134.1 kernel-obs-build-4.12.14-150100.197.134.1 kernel-obs-build-debugsource-4.12.14-150100.197.134.1 kernel-syms-4.12.14-150100.197.134.1 reiserfs-kmp-default-4.12.14-150100.197.134.1 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.134.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): kernel-devel-4.12.14-150100.197.134.1 kernel-docs-4.12.14-150100.197.134.1 kernel-macros-4.12.14-150100.197.134.1 kernel-source-4.12.14-150100.197.134.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (s390x): kernel-default-man-4.12.14-150100.197.134.1 kernel-zfcpdump-debuginfo-4.12.14-150100.197.134.1 kernel-zfcpdump-debugsource-4.12.14-150100.197.134.1 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-150100.197.134.1 kernel-default-debugsource-4.12.14-150100.197.134.1 kernel-default-livepatch-4.12.14-150100.197.134.1 kernel-default-livepatch-devel-4.12.14-150100.197.134.1 kernel-livepatch-4_12_14-150100_197_134-default-1-150100.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): kernel-default-4.12.14-150100.197.134.1 kernel-default-base-4.12.14-150100.197.134.1 kernel-default-base-debuginfo-4.12.14-150100.197.134.1 kernel-default-debuginfo-4.12.14-150100.197.134.1 kernel-default-debugsource-4.12.14-150100.197.134.1 kernel-default-devel-4.12.14-150100.197.134.1 kernel-default-devel-debuginfo-4.12.14-150100.197.134.1 kernel-obs-build-4.12.14-150100.197.134.1 kernel-obs-build-debugsource-4.12.14-150100.197.134.1 kernel-syms-4.12.14-150100.197.134.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): kernel-devel-4.12.14-150100.197.134.1 kernel-docs-4.12.14-150100.197.134.1 kernel-macros-4.12.14-150100.197.134.1 kernel-source-4.12.14-150100.197.134.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-150100.197.134.1 cluster-md-kmp-default-debuginfo-4.12.14-150100.197.134.1 dlm-kmp-default-4.12.14-150100.197.134.1 dlm-kmp-default-debuginfo-4.12.14-150100.197.134.1 gfs2-kmp-default-4.12.14-150100.197.134.1 gfs2-kmp-default-debuginfo-4.12.14-150100.197.134.1 kernel-default-debuginfo-4.12.14-150100.197.134.1 kernel-default-debugsource-4.12.14-150100.197.134.1 ocfs2-kmp-default-4.12.14-150100.197.134.1 ocfs2-kmp-default-debuginfo-4.12.14-150100.197.134.1 - SUSE CaaS Platform 4.0 (x86_64): kernel-default-4.12.14-150100.197.134.1 kernel-default-base-4.12.14-150100.197.134.1 kernel-default-base-debuginfo-4.12.14-150100.197.134.1 kernel-default-debuginfo-4.12.14-150100.197.134.1 kernel-default-debugsource-4.12.14-150100.197.134.1 kernel-default-devel-4.12.14-150100.197.134.1 kernel-default-devel-debuginfo-4.12.14-150100.197.134.1 kernel-obs-build-4.12.14-150100.197.134.1 kernel-obs-build-debugsource-4.12.14-150100.197.134.1 kernel-syms-4.12.14-150100.197.134.1 reiserfs-kmp-default-4.12.14-150100.197.134.1 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.134.1 - SUSE CaaS Platform 4.0 (noarch): kernel-devel-4.12.14-150100.197.134.1 kernel-docs-4.12.14-150100.197.134.1 kernel-macros-4.12.14-150100.197.134.1 kernel-source-4.12.14-150100.197.134.1 References: https://www.suse.com/security/cve/CVE-2022-3107.html https://www.suse.com/security/cve/CVE-2022-3108.html https://www.suse.com/security/cve/CVE-2022-3564.html https://www.suse.com/security/cve/CVE-2022-4662.html https://www.suse.com/security/cve/CVE-2022-47929.html https://www.suse.com/security/cve/CVE-2023-23454.html https://bugzilla.suse.com/1203693 https://bugzilla.suse.com/1205149 https://bugzilla.suse.com/1206073 https://bugzilla.suse.com/1206389 https://bugzilla.suse.com/1206395 https://bugzilla.suse.com/1206664 https://bugzilla.suse.com/1206677 https://bugzilla.suse.com/1206784 https://bugzilla.suse.com/1207036 https://bugzilla.suse.com/1207186 https://bugzilla.suse.com/1207237

1 0

SUSE-SU-2023:0409-1: important: Security update for the Linux Kernel
by opensuse-security＠opensuse.org 14 Feb '23

14 Feb '23

SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0409-1 Rating: important References: #1195175 #1204502 #1206677 #1207034 #1207497 #1207508 #1207769 #1207878 Cross-References: CVE-2022-3606 CVE-2023-0179 CVSS scores: CVE-2022-3606 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3606 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-0179 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that solves two vulnerabilities and has 6 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-3606: Fixed a null pointer dereference inside the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF (bnc#1204502). - CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034). The following non-security bugs were fixed: - KVM: VMX: fix crash cleanup when KVM wasn't used (bsc#1207508). - RDMA/core: Fix ib block iterator counter overflow (bsc#1207878). - bcache: fix set_at_max_writeback_rate() for multiple attached devices (git-fixes). - blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes). - blktrace: ensure our debugfs dir exists (git-fixes). - dm btree: add a defensive bounds check to insert_at() (git-fixes). - dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes). - dm cache: Fix UAF in destroy() (git-fixes). - dm cache: set needs_check flag after aborting metadata (git-fixes). - dm clone: Fix UAF in clone_dtr() (git-fixes). - dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes). - dm integrity: fix flush with external metadata device (git-fixes). - dm integrity: flush the journal on suspend (git-fixes). - dm integrity: select CRYPTO_SKCIPHER (git-fixes). - dm ioctl: fix misbehavior if list_versions races with module loading (git-fixes). - dm ioctl: prevent potential spectre v1 gadget (git-fixes). - dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes). - dm space maps: do not reset space map allocation cursor when committing (git-fixes). - dm table: Remove BUG_ON(in_interrupt()) (git-fixes). - dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes). - dm thin: Fix UAF in run_timer_softirq() (git-fixes). - dm thin: Use last transaction's pmd->root when commit failed (git-fixes). - dm thin: resume even if in FAIL mode (git-fixes). - dm verity: fix require_signatures module_param permissions (git-fixes). - dm verity: skip verity work if I/O error when system is shutting down (git-fixes). - drivers:md:fix a potential use-after-free bug (git-fixes). - kabi/severities: add mlx5 internal symbols - loop: unset GENHD_FL_NO_PART_SCAN on LOOP_CONFIGURE (git-fixes). - loop: use sysfs_emit() in the sysfs xxx show() (git-fixes). - md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes). - md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes). - md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes). - md: protect md_unregister_thread from reentrancy (git-fixes). - mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769). - nbd: Fix hung on disconnect request if socket is closed before (git-fixes). - nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes). - nbd: Fix incorrect error handle when first_minor is illegal in nbd_dev_add (git-fixes). - nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes). - nbd: fix io hung while disconnecting device (git-fixes). - nbd: fix max value for 'first_minor' (git-fixes). - nbd: fix race between nbd_alloc_config() and module removal (git-fixes). - nbd: make the config put is called before the notifying the waiter (git-fixes). - nbd: restore default timeout when setting it to zero (git-fixes). - net/mlx5: Allocate individual capability (bsc#1195175). - net/mlx5: Dynamically resize flow counters query buffer (bsc#1195175). - net/mlx5: Fix flow counters SF bulk query len (bsc#1195175). - net/mlx5: Reduce flow counters bulk query buffer size for SFs (bsc#1195175). - net/mlx5: Reorganize current and maximal capabilities to be per-type (bsc#1195175). - net/mlx5: Use order-0 allocations for EQs (bsc#1195175). - null_blk: fix ida error handling in null_add_dev() (git-fixes). - rbd: work around -Wuninitialized warning (git-fixes). - scsi: 3w-9xxx: Avoid disabling device if failing to enable it (git-fixes). - scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic (git-fixes). - scsi: NCR5380: Add disconnect_mask module parameter (git-fixes). - scsi: Revert "scsi: qla2xxx: Fix disk failure to rediscover" (git-fixes). - scsi: advansys: Fix kernel pointer leak (git-fixes). - scsi: aha152x: Fix aha152x_setup() __setup handler return value (git-fixes). - scsi: aic7xxx: Adjust indentation in ahc_find_syncrate (git-fixes). - scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8 (git-fixes). - scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE (git-fixes). - scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: bnx2fc: Return failure if io_req is already in ABTS processing (git-fixes). - scsi: core: Avoid printing an error if target_alloc() returns -ENXIO (git-fixes). - scsi: core: Cap scsi_host cmd_per_lun at can_queue (git-fixes). - scsi: core: Do not start concurrent async scan on same host (git-fixes). - scsi: core: Fix a race between scsi_done() and scsi_timeout() (git-fixes). - scsi: core: Fix capacity set to zero after offlinining device (git-fixes). - scsi: core: Fix hang of freezing queue between blocking and running device (git-fixes). - scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma() (git-fixes). - scsi: core: Restrict legal sdev_state transitions via sysfs (git-fixes). - scsi: core: free sgtables in case command setup fails (git-fixes). - scsi: core: sysfs: Fix hang when device state is set via sysfs (git-fixes). - scsi: core: sysfs: Fix setting device state to SDEV_RUNNING (git-fixes). - scsi: cxlflash: Fix error return code in cxlflash_probe() (git-fixes). - scsi: fcoe: Fix possible name leak when device_register() fails (git-fixes). - scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (git-fixes). - scsi: fnic: Fix memleak in vnic_dev_init_devcmd2 (git-fixes). - scsi: fnic: fix use after free (git-fixes). - scsi: hisi_sas: Check sas_port before using it (git-fixes). - scsi: hisi_sas: Do not reset phy timer to wait for stray phy up (git-fixes). - scsi: hisi_sas: Drop free_irq() of devm_request_irq() allocated irq (git-fixes). - scsi: hisi_sas: Propagate errors in interrupt_init_v1_hw() (git-fixes). - scsi: hisi_sas: Replace in_softirq() check in hisi_sas_task_exec() (git-fixes). - scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes). - scsi: hpsa: Fix memory leak in hpsa_init_one() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes). - scsi: ipr: Fix WARNING in ipr_init() (git-fixes). - scsi: ipr: Fix missing/incorrect resource cleanup in error case (git-fixes). - scsi: iscsi: Add iscsi_cls_conn refcount helpers (git-fixes). - scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func (git-fixes). - scsi: iscsi: Do not destroy session if there are outstanding connections (git-fixes). - scsi: iscsi: Do not put host in iscsi_set_flashnode_param() (git-fixes). - scsi: iscsi: Do not send data to unbound connection (git-fixes). - scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj (git-fixes). - scsi: iscsi: Fix shost->max_id use (git-fixes). - scsi: iscsi: Report unbind session event when the target has been removed (git-fixes). - scsi: iscsi: Unblock session then wake up error handler (git-fixes). - scsi: libfc: Fix a format specifier (git-fixes). - scsi: libfc: Fix use after free in fc_exch_abts_resp() (git-fixes). - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes). - scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling (git-fixes). - scsi: libsas: Add LUN number check in .slave_alloc callback (git-fixes). - scsi: megaraid: Fix error check return value of register_chrdev() (git-fixes). - scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry() (git-fixes). - scsi: megaraid_sas: Fix double kfree() (git-fixes). - scsi: megaraid_sas: Fix resource leak in case of probe failure (git-fixes). - scsi: megaraid_sas: Handle missing interrupts while re-enabling IRQs (git-fixes). - scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes). - scsi: mpt3sas: Block PCI config access from userspace during reset (git-fixes). - scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() (git-fixes). - scsi: mpt3sas: Fix timeouts observed while reenabling IRQ (git-fixes). - scsi: mpt3sas: Increase IOCInit request timeout to 30s (git-fixes). - scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes). - scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: mvumi: Fix error return in mvumi_io_attach() (git-fixes). - scsi: myrb: Fix up null pointer access on myrb_cleanup() (git-fixes). - scsi: myrs: Fix crash in error case (git-fixes). - scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes). - scsi: pm: Balance pm_only counter of request queue during system resume (git-fixes). - scsi: pmcraid: Fix missing resource cleanup in error case (git-fixes). - scsi: qedf: Add check to synchronize abort and flush (git-fixes). - scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes). - scsi: qedf: Fix refcount issue when LOGO is received during TMF (git-fixes). - scsi: qedf: Return SUCCESS if stale rport is encountered (git-fixes). - scsi: qedi: Fix failed disconnect handling (git-fixes). - scsi: qedi: Fix list_del corruption while removing active I/O (git-fixes). - scsi: qedi: Fix null ref during abort handling (git-fixes). - scsi: qedi: Protect active command list to avoid list corruption (git-fixes). - scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes). - scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (git-fixes). - scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() (git-fixes). - scsi: scsi_debug: num_tgts must be >= 0 (git-fixes). - scsi: scsi_dh_alua: Check for negative result value (git-fixes). - scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg() (git-fixes). - scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg() (git-fixes). - scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach() (git-fixes). - scsi: scsi_transport_spi: Fix function pointer check (git-fixes). - scsi: scsi_transport_spi: Set RQF_PM for domain validation commands (git-fixes). - scsi: sd: Free scsi_disk device via put_device() (git-fixes). - scsi: sd: Suppress spurious errors when WRITE SAME is being disabled (git-fixes). - scsi: ses: Fix unsigned comparison with less than zero (git-fixes). - scsi: ses: Retry failed Send/Receive Diagnostic commands (git-fixes). - scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes). - scsi: sr: Do not use GFP_DMA (git-fixes). - scsi: sr: Fix sr_probe() missing deallocate of device minor (git-fixes). - scsi: sr: Return appropriate error code when disk is ejected (git-fixes). - scsi: sr: Return correct event when media event code is 3 (git-fixes). - scsi: st: Fix a use after free in st_open() (git-fixes). - scsi: ufs-pci: Ensure UFS device is in PowerDown mode for suspend-to-disk ->poweroff() (git-fixes). - scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices (git-fixes). - scsi: ufs: Clean up completed request without interrupt notification (git-fixes). - scsi: ufs: Fix a race condition in the tracing code (git-fixes). - scsi: ufs: Fix error handing during hibern8 enter (git-fixes). - scsi: ufs: Fix illegal offset in UPIU event trace (git-fixes). - scsi: ufs: Fix interrupt error message for shared interrupts (git-fixes). - scsi: ufs: Fix irq return code (git-fixes). - scsi: ufs: Fix possible infinite loop in ufshcd_hold (git-fixes). - scsi: ufs: Fix tm request when non-fatal error happens (git-fixes). - scsi: ufs: Fix unbalanced scsi_block_reqs_cnt caused by ufshcd_hold() (git-fixes). - scsi: ufs: Fix up auto hibern8 enablement (git-fixes). - scsi: ufs: Fix wrong print message in dev_err() (git-fixes). - scsi: ufs: Improve interrupt handling for shared interrupts (git-fixes). - scsi: ufs: Make sure clk scaling happens only when HBA is runtime ACTIVE (git-fixes). - scsi: ufs: Make ufshcd_add_command_trace() easier to read (git-fixes). - scsi: ufs: fix potential bug which ends in system hang (git-fixes). - scsi: ufs: ufs-qcom: Fix race conditions caused by ufs_qcom_testbus_config() (git-fixes). - scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported" (git-fixes). - scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes). - scsi: vmw_pvscsi: Set correct residual data length (git-fixes). - scsi: vmw_pvscsi: Set residual data length conditionally (git-fixes). - sctp: fail if no bound addresses can be used for a given scope (bsc#1206677). - watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497). - watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2023-409=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-409=1 - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-409=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-409=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-409=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-409=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-409=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-409=1 - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-409=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-409=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-409=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-409=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-409=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-409=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-409=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): kernel-default-5.3.18-150300.59.112.1 kernel-default-base-5.3.18-150300.59.112.1.150300.18.64.1 kernel-default-debuginfo-5.3.18-150300.59.112.1 kernel-default-debugsource-5.3.18-150300.59.112.1 - openSUSE Leap 15.4 (aarch64): dtb-al-5.3.18-150300.59.112.1 dtb-zte-5.3.18-150300.59.112.1 - SUSE Manager Server 4.2 (ppc64le s390x x86_64): kernel-default-5.3.18-150300.59.112.1 kernel-default-base-5.3.18-150300.59.112.1.150300.18.64.1 kernel-default-debuginfo-5.3.18-150300.59.112.1 kernel-default-debugsource-5.3.18-150300.59.112.1 kernel-default-devel-5.3.18-150300.59.112.1 kernel-default-devel-debuginfo-5.3.18-150300.59.112.1 - SUSE Manager Server 4.2 (x86_64): kernel-preempt-5.3.18-150300.59.112.1 kernel-preempt-debuginfo-5.3.18-150300.59.112.1 kernel-preempt-debugsource-5.3.18-150300.59.112.1 - SUSE Manager Server 4.2 (noarch): kernel-devel-5.3.18-150300.59.112.1 kernel-macros-5.3.18-150300.59.112.1 - SUSE Manager Server 4.2 (s390x): kernel-zfcpdump-5.3.18-150300.59.112.1 kernel-zfcpdump-debuginfo-5.3.18-150300.59.112.1 kernel-zfcpdump-debugsource-5.3.18-150300.59.112.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): kernel-default-5.3.18-150300.59.112.1 kernel-default-base-5.3.18-150300.59.112.1.150300.18.64.1 kernel-default-debuginfo-5.3.18-150300.59.112.1 kernel-default-debugsource-5.3.18-150300.59.112.1 kernel-default-devel-5.3.18-150300.59.112.1 kernel-default-devel-debuginfo-5.3.18-150300.59.112.1 kernel-preempt-5.3.18-150300.59.112.1 kernel-preempt-debuginfo-5.3.18-150300.59.112.1 kernel-preempt-debugsource-5.3.18-150300.59.112.1 - SUSE Manager Retail Branch Server 4.2 (noarch): kernel-devel-5.3.18-150300.59.112.1 kernel-macros-5.3.18-150300.59.112.1 - SUSE Manager Proxy 4.2 (noarch): kernel-devel-5.3.18-150300.59.112.1 kernel-macros-5.3.18-150300.59.112.1 - SUSE Manager Proxy 4.2 (x86_64): kernel-default-5.3.18-150300.59.112.1 kernel-default-base-5.3.18-150300.59.112.1.150300.18.64.1 kernel-default-debuginfo-5.3.18-150300.59.112.1 kernel-default-debugsource-5.3.18-150300.59.112.1 kernel-default-devel-5.3.18-150300.59.112.1 kernel-default-devel-debuginfo-5.3.18-150300.59.112.1 kernel-preempt-5.3.18-150300.59.112.1 kernel-preempt-debuginfo-5.3.18-150300.59.112.1 kernel-preempt-debugsource-5.3.18-150300.59.112.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): kernel-default-5.3.18-150300.59.112.1 kernel-default-base-5.3.18-150300.59.112.1.150300.18.64.1 kernel-default-debuginfo-5.3.18-150300.59.112.1 kernel-default-debugsource-5.3.18-150300.59.112.1 kernel-default-devel-5.3.18-150300.59.112.1 kernel-default-devel-debuginfo-5.3.18-150300.59.112.1 kernel-obs-build-5.3.18-150300.59.112.1 kernel-obs-build-debugsource-5.3.18-150300.59.112.1 kernel-syms-5.3.18-150300.59.112.1 reiserfs-kmp-default-5.3.18-150300.59.112.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.112.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (noarch): kernel-devel-5.3.18-150300.59.112.1 kernel-docs-5.3.18-150300.59.112.1 kernel-macros-5.3.18-150300.59.112.1 kernel-source-5.3.18-150300.59.112.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (x86_64): kernel-preempt-5.3.18-150300.59.112.1 kernel-preempt-debuginfo-5.3.18-150300.59.112.1 kernel-preempt-debugsource-5.3.18-150300.59.112.1 kernel-preempt-devel-5.3.18-150300.59.112.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.112.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-150300.59.112.1 kernel-default-base-5.3.18-150300.59.112.1.150300.18.64.1 kernel-default-debuginfo-5.3.18-150300.59.112.1 kernel-default-debugsource-5.3.18-150300.59.112.1 kernel-default-devel-5.3.18-150300.59.112.1 kernel-default-devel-debuginfo-5.3.18-150300.59.112.1 kernel-obs-build-5.3.18-150300.59.112.1 kernel-obs-build-debugsource-5.3.18-150300.59.112.1 kernel-syms-5.3.18-150300.59.112.1 reiserfs-kmp-default-5.3.18-150300.59.112.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.112.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 x86_64): kernel-preempt-5.3.18-150300.59.112.1 kernel-preempt-debuginfo-5.3.18-150300.59.112.1 kernel-preempt-debugsource-5.3.18-150300.59.112.1 kernel-preempt-devel-5.3.18-150300.59.112.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.112.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64): kernel-64kb-5.3.18-150300.59.112.1 kernel-64kb-debuginfo-5.3.18-150300.59.112.1 kernel-64kb-debugsource-5.3.18-150300.59.112.1 kernel-64kb-devel-5.3.18-150300.59.112.1 kernel-64kb-devel-debuginfo-5.3.18-150300.59.112.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (noarch): kernel-devel-5.3.18-150300.59.112.1 kernel-docs-5.3.18-150300.59.112.1 kernel-macros-5.3.18-150300.59.112.1 kernel-source-5.3.18-150300.59.112.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (s390x): kernel-zfcpdump-5.3.18-150300.59.112.1 kernel-zfcpdump-debuginfo-5.3.18-150300.59.112.1 kernel-zfcpdump-debugsource-5.3.18-150300.59.112.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): kernel-default-5.3.18-150300.59.112.1 kernel-default-base-5.3.18-150300.59.112.1.150300.18.64.1 kernel-default-debuginfo-5.3.18-150300.59.112.1 kernel-default-debugsource-5.3.18-150300.59.112.1 kernel-default-devel-5.3.18-150300.59.112.1 kernel-default-devel-debuginfo-5.3.18-150300.59.112.1 kernel-obs-build-5.3.18-150300.59.112.1 kernel-obs-build-debugsource-5.3.18-150300.59.112.1 kernel-preempt-5.3.18-150300.59.112.1 kernel-preempt-debuginfo-5.3.18-150300.59.112.1 kernel-preempt-debugsource-5.3.18-150300.59.112.1 kernel-preempt-devel-5.3.18-150300.59.112.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.112.1 kernel-syms-5.3.18-150300.59.112.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (noarch): kernel-devel-5.3.18-150300.59.112.1 kernel-docs-5.3.18-150300.59.112.1 kernel-macros-5.3.18-150300.59.112.1 kernel-source-5.3.18-150300.59.112.1 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-150300.59.112.1 kernel-default-debugsource-5.3.18-150300.59.112.1 kernel-default-livepatch-5.3.18-150300.59.112.1 kernel-default-livepatch-devel-5.3.18-150300.59.112.1 kernel-livepatch-5_3_18-150300_59_112-default-1-150300.7.3.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): kernel-default-5.3.18-150300.59.112.1 kernel-default-base-5.3.18-150300.59.112.1.150300.18.64.1 kernel-default-debuginfo-5.3.18-150300.59.112.1 kernel-default-debugsource-5.3.18-150300.59.112.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): kernel-default-5.3.18-150300.59.112.1 kernel-default-base-5.3.18-150300.59.112.1.150300.18.64.1 kernel-default-debuginfo-5.3.18-150300.59.112.1 kernel-default-debugsource-5.3.18-150300.59.112.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): kernel-default-5.3.18-150300.59.112.1 kernel-default-base-5.3.18-150300.59.112.1.150300.18.64.1 kernel-default-debuginfo-5.3.18-150300.59.112.1 kernel-default-debugsource-5.3.18-150300.59.112.1 kernel-default-devel-5.3.18-150300.59.112.1 kernel-default-devel-debuginfo-5.3.18-150300.59.112.1 kernel-obs-build-5.3.18-150300.59.112.1 kernel-obs-build-debugsource-5.3.18-150300.59.112.1 kernel-preempt-5.3.18-150300.59.112.1 kernel-preempt-debuginfo-5.3.18-150300.59.112.1 kernel-preempt-debugsource-5.3.18-150300.59.112.1 kernel-preempt-devel-5.3.18-150300.59.112.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.112.1 kernel-syms-5.3.18-150300.59.112.1 reiserfs-kmp-default-5.3.18-150300.59.112.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.112.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64): kernel-64kb-5.3.18-150300.59.112.1 kernel-64kb-debuginfo-5.3.18-150300.59.112.1 kernel-64kb-debugsource-5.3.18-150300.59.112.1 kernel-64kb-devel-5.3.18-150300.59.112.1 kernel-64kb-devel-debuginfo-5.3.18-150300.59.112.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (noarch): kernel-devel-5.3.18-150300.59.112.1 kernel-docs-5.3.18-150300.59.112.1 kernel-macros-5.3.18-150300.59.112.1 kernel-source-5.3.18-150300.59.112.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): kernel-default-5.3.18-150300.59.112.1 kernel-default-base-5.3.18-150300.59.112.1.150300.18.64.1 kernel-default-debuginfo-5.3.18-150300.59.112.1 kernel-default-debugsource-5.3.18-150300.59.112.1 kernel-default-devel-5.3.18-150300.59.112.1 kernel-default-devel-debuginfo-5.3.18-150300.59.112.1 kernel-obs-build-5.3.18-150300.59.112.1 kernel-obs-build-debugsource-5.3.18-150300.59.112.1 kernel-preempt-5.3.18-150300.59.112.1 kernel-preempt-debuginfo-5.3.18-150300.59.112.1 kernel-preempt-debugsource-5.3.18-150300.59.112.1 kernel-preempt-devel-5.3.18-150300.59.112.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.112.1 kernel-syms-5.3.18-150300.59.112.1 reiserfs-kmp-default-5.3.18-150300.59.112.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.112.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64): kernel-64kb-5.3.18-150300.59.112.1 kernel-64kb-debuginfo-5.3.18-150300.59.112.1 kernel-64kb-debugsource-5.3.18-150300.59.112.1 kernel-64kb-devel-5.3.18-150300.59.112.1 kernel-64kb-devel-debuginfo-5.3.18-150300.59.112.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (noarch): kernel-devel-5.3.18-150300.59.112.1 kernel-docs-5.3.18-150300.59.112.1 kernel-macros-5.3.18-150300.59.112.1 kernel-source-5.3.18-150300.59.112.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-150300.59.112.1 cluster-md-kmp-default-debuginfo-5.3.18-150300.59.112.1 dlm-kmp-default-5.3.18-150300.59.112.1 dlm-kmp-default-debuginfo-5.3.18-150300.59.112.1 gfs2-kmp-default-5.3.18-150300.59.112.1 gfs2-kmp-default-debuginfo-5.3.18-150300.59.112.1 kernel-default-debuginfo-5.3.18-150300.59.112.1 kernel-default-debugsource-5.3.18-150300.59.112.1 ocfs2-kmp-default-5.3.18-150300.59.112.1 ocfs2-kmp-default-debuginfo-5.3.18-150300.59.112.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): kernel-default-5.3.18-150300.59.112.1 kernel-default-base-5.3.18-150300.59.112.1.150300.18.64.1 kernel-default-debuginfo-5.3.18-150300.59.112.1 kernel-default-debugsource-5.3.18-150300.59.112.1 kernel-default-devel-5.3.18-150300.59.112.1 kernel-default-devel-debuginfo-5.3.18-150300.59.112.1 kernel-obs-build-5.3.18-150300.59.112.1 kernel-obs-build-debugsource-5.3.18-150300.59.112.1 kernel-preempt-5.3.18-150300.59.112.1 kernel-preempt-debuginfo-5.3.18-150300.59.112.1 kernel-preempt-debugsource-5.3.18-150300.59.112.1 kernel-preempt-devel-5.3.18-150300.59.112.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.112.1 kernel-syms-5.3.18-150300.59.112.1 reiserfs-kmp-default-5.3.18-150300.59.112.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.112.1 - SUSE Enterprise Storage 7.1 (aarch64): kernel-64kb-5.3.18-150300.59.112.1 kernel-64kb-debuginfo-5.3.18-150300.59.112.1 kernel-64kb-debugsource-5.3.18-150300.59.112.1 kernel-64kb-devel-5.3.18-150300.59.112.1 kernel-64kb-devel-debuginfo-5.3.18-150300.59.112.1 - SUSE Enterprise Storage 7.1 (noarch): kernel-devel-5.3.18-150300.59.112.1 kernel-docs-5.3.18-150300.59.112.1 kernel-macros-5.3.18-150300.59.112.1 kernel-source-5.3.18-150300.59.112.1 References: https://www.suse.com/security/cve/CVE-2022-3606.html https://www.suse.com/security/cve/CVE-2023-0179.html https://bugzilla.suse.com/1195175 https://bugzilla.suse.com/1204502 https://bugzilla.suse.com/1206677 https://bugzilla.suse.com/1207034 https://bugzilla.suse.com/1207497 https://bugzilla.suse.com/1207508 https://bugzilla.suse.com/1207769 https://bugzilla.suse.com/1207878

1 0

SUSE-SU-2023:0411-1: critical: Security update for haproxy
by opensuse-security＠opensuse.org 14 Feb '23

14 Feb '23

SUSE Security Update: Security update for haproxy ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0411-1 Rating: critical References: #1208132 Cross-References: CVE-2023-25725 CVSS scores: CVE-2023-25725 (SUSE): 9.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L Affected Products: SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise Micro 5.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for haproxy fixes the following issues: - CVE-2023-25725: Fixed a serious vulnerability in the HTTP/1 parser (bsc#1208132). - Fixed an issue where sensitive data might leak to the backend. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2023-411=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-411=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2023-411=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-411=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): haproxy-2.4.8+git0.d1f8d41e0-150400.3.10.1 haproxy-debuginfo-2.4.8+git0.d1f8d41e0-150400.3.10.1 haproxy-debugsource-2.4.8+git0.d1f8d41e0-150400.3.10.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): haproxy-2.4.8+git0.d1f8d41e0-150400.3.10.1 haproxy-debuginfo-2.4.8+git0.d1f8d41e0-150400.3.10.1 haproxy-debugsource-2.4.8+git0.d1f8d41e0-150400.3.10.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): haproxy-2.4.8+git0.d1f8d41e0-150400.3.10.1 haproxy-debuginfo-2.4.8+git0.d1f8d41e0-150400.3.10.1 haproxy-debugsource-2.4.8+git0.d1f8d41e0-150400.3.10.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): haproxy-2.4.8+git0.d1f8d41e0-150400.3.10.1 haproxy-debuginfo-2.4.8+git0.d1f8d41e0-150400.3.10.1 haproxy-debugsource-2.4.8+git0.d1f8d41e0-150400.3.10.1 References: https://www.suse.com/security/cve/CVE-2023-25725.html https://bugzilla.suse.com/1208132

1 0