openSUSE Updates
Threads by month
- ----- 2024 -----
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
February 2023
- 2 participants
- 107 discussions
SUSE-SU-2023:0431-1: important: Security update for apache2-mod_security2
by opensuse-security@opensuse.org 15 Feb '23
by opensuse-security@opensuse.org 15 Feb '23
15 Feb '23
SUSE Security Update: Security update for apache2-mod_security2
______________________________________________________________________________
Announcement ID: SUSE-SU-2023:0431-1
Rating: important
References: #1207379
Cross-References: CVE-2023-24021
CVSS scores:
CVE-2023-24021 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2023-24021 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Server Applications 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for apache2-mod_security2 fixes the following issues:
- CVE-2023-24021: Fixed FILES_TMP_CONTENT missing complete content
(bsc#1207379).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2023-431=1
- SUSE Linux Enterprise Module for Server Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-431=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
apache2-mod_security2-2.9.4-150400.3.6.1
apache2-mod_security2-debuginfo-2.9.4-150400.3.6.1
apache2-mod_security2-debugsource-2.9.4-150400.3.6.1
- SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
apache2-mod_security2-2.9.4-150400.3.6.1
apache2-mod_security2-debuginfo-2.9.4-150400.3.6.1
apache2-mod_security2-debugsource-2.9.4-150400.3.6.1
References:
https://www.suse.com/security/cve/CVE-2023-24021.html
https://bugzilla.suse.com/1207379
1
0
SUSE-RU-2023:0432-1: moderate: Recommended update for graphite2
by maintenance@opensuse.org 15 Feb '23
by maintenance@opensuse.org 15 Feb '23
15 Feb '23
SUSE Recommended Update: Recommended update for graphite2
______________________________________________________________________________
Announcement ID: SUSE-RU-2023:0432-1
Rating: moderate
References: #1207676
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 7
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Micro 5.3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Realtime Extension 15-SP3
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3-LTSS
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.4
openSUSE Leap Micro 5.2
openSUSE Leap Micro 5.3
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update for graphite2 fixes the following issue:
- Correct license string to LGPL-2.1-or-later OR MPL-2.0 OR
GPL-2.0-or-later (bsc#1207676)
Patch Instructions:
To install this SUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.3:
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-432=1
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2023-432=1
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2023-432=1
- SUSE Manager Server 4.2:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-432=1
- SUSE Manager Retail Branch Server 4.2:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-432=1
- SUSE Manager Proxy 4.2:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-432=1
- SUSE Linux Enterprise Server for SAP 15-SP3:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-432=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-432=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-432=1
- SUSE Linux Enterprise Server 15-SP3-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-432=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-432=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-432=1
- SUSE Linux Enterprise Realtime Extension 15-SP3:
zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-432=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-432=1
- SUSE Linux Enterprise Micro 5.3:
zypper in -t patch SUSE-SLE-Micro-5.3-2023-432=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-432=1
- SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-432=1
- SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-432=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-432=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-432=1
- SUSE Enterprise Storage 7.1:
zypper in -t patch SUSE-Storage-7.1-2023-432=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2023-432=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap Micro 5.3 (aarch64 x86_64):
graphite2-debuginfo-1.3.11-150000.4.3.1
graphite2-debugsource-1.3.11-150000.4.3.1
libgraphite2-3-1.3.11-150000.4.3.1
libgraphite2-3-debuginfo-1.3.11-150000.4.3.1
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
graphite2-debuginfo-1.3.11-150000.4.3.1
graphite2-debugsource-1.3.11-150000.4.3.1
libgraphite2-3-1.3.11-150000.4.3.1
libgraphite2-3-debuginfo-1.3.11-150000.4.3.1
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
graphite2-1.3.11-150000.4.3.1
graphite2-debuginfo-1.3.11-150000.4.3.1
graphite2-debugsource-1.3.11-150000.4.3.1
graphite2-devel-1.3.11-150000.4.3.1
libgraphite2-3-1.3.11-150000.4.3.1
libgraphite2-3-debuginfo-1.3.11-150000.4.3.1
- openSUSE Leap 15.4 (x86_64):
libgraphite2-3-32bit-1.3.11-150000.4.3.1
libgraphite2-3-32bit-debuginfo-1.3.11-150000.4.3.1
- SUSE Manager Server 4.2 (ppc64le s390x x86_64):
graphite2-debuginfo-1.3.11-150000.4.3.1
graphite2-debugsource-1.3.11-150000.4.3.1
graphite2-devel-1.3.11-150000.4.3.1
libgraphite2-3-1.3.11-150000.4.3.1
libgraphite2-3-debuginfo-1.3.11-150000.4.3.1
- SUSE Manager Server 4.2 (x86_64):
libgraphite2-3-32bit-1.3.11-150000.4.3.1
libgraphite2-3-32bit-debuginfo-1.3.11-150000.4.3.1
- SUSE Manager Retail Branch Server 4.2 (x86_64):
graphite2-debuginfo-1.3.11-150000.4.3.1
graphite2-debugsource-1.3.11-150000.4.3.1
graphite2-devel-1.3.11-150000.4.3.1
libgraphite2-3-1.3.11-150000.4.3.1
libgraphite2-3-32bit-1.3.11-150000.4.3.1
libgraphite2-3-32bit-debuginfo-1.3.11-150000.4.3.1
libgraphite2-3-debuginfo-1.3.11-150000.4.3.1
- SUSE Manager Proxy 4.2 (x86_64):
graphite2-debuginfo-1.3.11-150000.4.3.1
graphite2-debugsource-1.3.11-150000.4.3.1
graphite2-devel-1.3.11-150000.4.3.1
libgraphite2-3-1.3.11-150000.4.3.1
libgraphite2-3-32bit-1.3.11-150000.4.3.1
libgraphite2-3-32bit-debuginfo-1.3.11-150000.4.3.1
libgraphite2-3-debuginfo-1.3.11-150000.4.3.1
- SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64):
graphite2-debuginfo-1.3.11-150000.4.3.1
graphite2-debugsource-1.3.11-150000.4.3.1
graphite2-devel-1.3.11-150000.4.3.1
libgraphite2-3-1.3.11-150000.4.3.1
libgraphite2-3-debuginfo-1.3.11-150000.4.3.1
- SUSE Linux Enterprise Server for SAP 15-SP3 (x86_64):
libgraphite2-3-32bit-1.3.11-150000.4.3.1
libgraphite2-3-32bit-debuginfo-1.3.11-150000.4.3.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
graphite2-debuginfo-1.3.11-150000.4.3.1
graphite2-debugsource-1.3.11-150000.4.3.1
graphite2-devel-1.3.11-150000.4.3.1
libgraphite2-3-1.3.11-150000.4.3.1
libgraphite2-3-debuginfo-1.3.11-150000.4.3.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64):
libgraphite2-3-32bit-1.3.11-150000.4.3.1
libgraphite2-3-32bit-debuginfo-1.3.11-150000.4.3.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
graphite2-debuginfo-1.3.11-150000.4.3.1
graphite2-debugsource-1.3.11-150000.4.3.1
graphite2-devel-1.3.11-150000.4.3.1
libgraphite2-3-1.3.11-150000.4.3.1
libgraphite2-3-debuginfo-1.3.11-150000.4.3.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64):
libgraphite2-3-32bit-1.3.11-150000.4.3.1
libgraphite2-3-32bit-debuginfo-1.3.11-150000.4.3.1
- SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64):
graphite2-debuginfo-1.3.11-150000.4.3.1
graphite2-debugsource-1.3.11-150000.4.3.1
graphite2-devel-1.3.11-150000.4.3.1
libgraphite2-3-1.3.11-150000.4.3.1
libgraphite2-3-debuginfo-1.3.11-150000.4.3.1
- SUSE Linux Enterprise Server 15-SP3-LTSS (x86_64):
libgraphite2-3-32bit-1.3.11-150000.4.3.1
libgraphite2-3-32bit-debuginfo-1.3.11-150000.4.3.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
graphite2-debuginfo-1.3.11-150000.4.3.1
graphite2-debugsource-1.3.11-150000.4.3.1
graphite2-devel-1.3.11-150000.4.3.1
libgraphite2-3-1.3.11-150000.4.3.1
libgraphite2-3-debuginfo-1.3.11-150000.4.3.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64):
libgraphite2-3-32bit-1.3.11-150000.4.3.1
libgraphite2-3-32bit-debuginfo-1.3.11-150000.4.3.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
graphite2-debuginfo-1.3.11-150000.4.3.1
graphite2-debugsource-1.3.11-150000.4.3.1
graphite2-devel-1.3.11-150000.4.3.1
libgraphite2-3-1.3.11-150000.4.3.1
libgraphite2-3-debuginfo-1.3.11-150000.4.3.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64):
libgraphite2-3-32bit-1.3.11-150000.4.3.1
libgraphite2-3-32bit-debuginfo-1.3.11-150000.4.3.1
- SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64):
graphite2-debuginfo-1.3.11-150000.4.3.1
graphite2-debugsource-1.3.11-150000.4.3.1
graphite2-devel-1.3.11-150000.4.3.1
libgraphite2-3-1.3.11-150000.4.3.1
libgraphite2-3-32bit-1.3.11-150000.4.3.1
libgraphite2-3-32bit-debuginfo-1.3.11-150000.4.3.1
libgraphite2-3-debuginfo-1.3.11-150000.4.3.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
graphite2-debuginfo-1.3.11-150000.4.3.1
graphite2-debugsource-1.3.11-150000.4.3.1
graphite2-devel-1.3.11-150000.4.3.1
libgraphite2-3-1.3.11-150000.4.3.1
libgraphite2-3-debuginfo-1.3.11-150000.4.3.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64):
libgraphite2-3-32bit-1.3.11-150000.4.3.1
libgraphite2-3-32bit-debuginfo-1.3.11-150000.4.3.1
- SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64):
graphite2-debuginfo-1.3.11-150000.4.3.1
graphite2-debugsource-1.3.11-150000.4.3.1
libgraphite2-3-1.3.11-150000.4.3.1
libgraphite2-3-debuginfo-1.3.11-150000.4.3.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
graphite2-debuginfo-1.3.11-150000.4.3.1
graphite2-debugsource-1.3.11-150000.4.3.1
libgraphite2-3-1.3.11-150000.4.3.1
libgraphite2-3-debuginfo-1.3.11-150000.4.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64):
graphite2-debuginfo-1.3.11-150000.4.3.1
graphite2-debugsource-1.3.11-150000.4.3.1
graphite2-devel-1.3.11-150000.4.3.1
libgraphite2-3-1.3.11-150000.4.3.1
libgraphite2-3-debuginfo-1.3.11-150000.4.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (x86_64):
libgraphite2-3-32bit-1.3.11-150000.4.3.1
libgraphite2-3-32bit-debuginfo-1.3.11-150000.4.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64):
graphite2-debuginfo-1.3.11-150000.4.3.1
graphite2-debugsource-1.3.11-150000.4.3.1
graphite2-devel-1.3.11-150000.4.3.1
libgraphite2-3-1.3.11-150000.4.3.1
libgraphite2-3-debuginfo-1.3.11-150000.4.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (x86_64):
libgraphite2-3-32bit-1.3.11-150000.4.3.1
libgraphite2-3-32bit-debuginfo-1.3.11-150000.4.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
graphite2-debuginfo-1.3.11-150000.4.3.1
graphite2-debugsource-1.3.11-150000.4.3.1
graphite2-devel-1.3.11-150000.4.3.1
libgraphite2-3-1.3.11-150000.4.3.1
libgraphite2-3-debuginfo-1.3.11-150000.4.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64):
libgraphite2-3-32bit-1.3.11-150000.4.3.1
libgraphite2-3-32bit-debuginfo-1.3.11-150000.4.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
graphite2-debuginfo-1.3.11-150000.4.3.1
graphite2-debugsource-1.3.11-150000.4.3.1
graphite2-devel-1.3.11-150000.4.3.1
libgraphite2-3-1.3.11-150000.4.3.1
libgraphite2-3-debuginfo-1.3.11-150000.4.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64):
libgraphite2-3-32bit-1.3.11-150000.4.3.1
libgraphite2-3-32bit-debuginfo-1.3.11-150000.4.3.1
- SUSE Enterprise Storage 7.1 (aarch64 x86_64):
graphite2-debuginfo-1.3.11-150000.4.3.1
graphite2-debugsource-1.3.11-150000.4.3.1
graphite2-devel-1.3.11-150000.4.3.1
libgraphite2-3-1.3.11-150000.4.3.1
libgraphite2-3-debuginfo-1.3.11-150000.4.3.1
- SUSE Enterprise Storage 7.1 (x86_64):
libgraphite2-3-32bit-1.3.11-150000.4.3.1
libgraphite2-3-32bit-debuginfo-1.3.11-150000.4.3.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
graphite2-debuginfo-1.3.11-150000.4.3.1
graphite2-debugsource-1.3.11-150000.4.3.1
graphite2-devel-1.3.11-150000.4.3.1
libgraphite2-3-1.3.11-150000.4.3.1
libgraphite2-3-debuginfo-1.3.11-150000.4.3.1
- SUSE Enterprise Storage 7 (x86_64):
libgraphite2-3-32bit-1.3.11-150000.4.3.1
libgraphite2-3-32bit-debuginfo-1.3.11-150000.4.3.1
- SUSE CaaS Platform 4.0 (x86_64):
graphite2-debuginfo-1.3.11-150000.4.3.1
graphite2-debugsource-1.3.11-150000.4.3.1
graphite2-devel-1.3.11-150000.4.3.1
libgraphite2-3-1.3.11-150000.4.3.1
libgraphite2-3-32bit-1.3.11-150000.4.3.1
libgraphite2-3-32bit-debuginfo-1.3.11-150000.4.3.1
libgraphite2-3-debuginfo-1.3.11-150000.4.3.1
References:
https://bugzilla.suse.com/1207676
1
0
SUSE-SU-2023:0429-1: important: Security update for curl
by opensuse-security@opensuse.org 15 Feb '23
by opensuse-security@opensuse.org 15 Feb '23
15 Feb '23
SUSE Security Update: Security update for curl
______________________________________________________________________________
Announcement ID: SUSE-SU-2023:0429-1
Rating: important
References: #1207990 #1207991 #1207992
Cross-References: CVE-2023-23914 CVE-2023-23915 CVE-2023-23916
CVSS scores:
CVE-2023-23914 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2023-23915 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2023-23916 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Micro 5.3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
openSUSE Leap Micro 5.3
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for curl fixes the following issues:
- CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990).
- CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991).
- CVE-2023-23916: Fixed HTTP multi-header compression denial of service
(bsc#1207992).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.3:
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-429=1
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2023-429=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-429=1
- SUSE Linux Enterprise Micro 5.3:
zypper in -t patch SUSE-SLE-Micro-5.3-2023-429=1
Package List:
- openSUSE Leap Micro 5.3 (aarch64 x86_64):
curl-7.79.1-150400.5.15.1
curl-debuginfo-7.79.1-150400.5.15.1
curl-debugsource-7.79.1-150400.5.15.1
libcurl4-7.79.1-150400.5.15.1
libcurl4-debuginfo-7.79.1-150400.5.15.1
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
curl-7.79.1-150400.5.15.1
curl-debuginfo-7.79.1-150400.5.15.1
curl-debugsource-7.79.1-150400.5.15.1
libcurl-devel-7.79.1-150400.5.15.1
libcurl4-7.79.1-150400.5.15.1
libcurl4-debuginfo-7.79.1-150400.5.15.1
- openSUSE Leap 15.4 (x86_64):
libcurl-devel-32bit-7.79.1-150400.5.15.1
libcurl4-32bit-7.79.1-150400.5.15.1
libcurl4-32bit-debuginfo-7.79.1-150400.5.15.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
curl-7.79.1-150400.5.15.1
curl-debuginfo-7.79.1-150400.5.15.1
curl-debugsource-7.79.1-150400.5.15.1
libcurl-devel-7.79.1-150400.5.15.1
libcurl4-7.79.1-150400.5.15.1
libcurl4-debuginfo-7.79.1-150400.5.15.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64):
libcurl4-32bit-7.79.1-150400.5.15.1
libcurl4-32bit-debuginfo-7.79.1-150400.5.15.1
- SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64):
curl-7.79.1-150400.5.15.1
curl-debuginfo-7.79.1-150400.5.15.1
curl-debugsource-7.79.1-150400.5.15.1
libcurl4-7.79.1-150400.5.15.1
libcurl4-debuginfo-7.79.1-150400.5.15.1
References:
https://www.suse.com/security/cve/CVE-2023-23914.html
https://www.suse.com/security/cve/CVE-2023-23915.html
https://www.suse.com/security/cve/CVE-2023-23916.html
https://bugzilla.suse.com/1207990
https://bugzilla.suse.com/1207991
https://bugzilla.suse.com/1207992
1
0
SUSE-SU-2023:0423-1: moderate: Security update for aws-efs-utils
by opensuse-security@opensuse.org 15 Feb '23
by opensuse-security@opensuse.org 15 Feb '23
15 Feb '23
SUSE Security Update: Security update for aws-efs-utils
______________________________________________________________________________
Announcement ID: SUSE-SU-2023:0423-1
Rating: moderate
References: #1191055 #1206737
Cross-References: CVE-2022-46174
CVSS scores:
CVE-2022-46174 (NVD) : 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
CVE-2022-46174 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products:
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise High Performance Computing 15-SP1
SUSE Linux Enterprise High Performance Computing 15-SP2
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Public Cloud 15-SP1
SUSE Linux Enterprise Module for Public Cloud 15-SP2
SUSE Linux Enterprise Module for Public Cloud 15-SP3
SUSE Linux Enterprise Module for Public Cloud 15-SP4
SUSE Linux Enterprise Server 15-SP1
SUSE Linux Enterprise Server 15-SP2
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP1
SUSE Linux Enterprise Server for SAP Applications 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.0
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.0
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.0
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
This update for aws-efs-utils fixes the following issues:
- Updated to version 1.34.5:
- CVE-2022-46174: Fixed a race condition when mounting filesystems using
TLS, which could result in various failures (bsc#1206737).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2023-423=1
- SUSE Linux Enterprise Module for Public Cloud 15-SP4:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-423=1
- SUSE Linux Enterprise Module for Public Cloud 15-SP3:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-423=1
- SUSE Linux Enterprise Module for Public Cloud 15-SP2:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-423=1
- SUSE Linux Enterprise Module for Public Cloud 15-SP1:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-423=1
Package List:
- openSUSE Leap 15.4 (noarch):
aws-efs-utils-1.34.5-150100.4.11.1
- SUSE Linux Enterprise Module for Public Cloud 15-SP4 (noarch):
aws-efs-utils-1.34.5-150100.4.11.1
- SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch):
aws-efs-utils-1.34.5-150100.4.11.1
- SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch):
aws-efs-utils-1.34.5-150100.4.11.1
- SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch):
aws-efs-utils-1.34.5-150100.4.11.1
References:
https://www.suse.com/security/cve/CVE-2022-46174.html
https://bugzilla.suse.com/1191055
https://bugzilla.suse.com/1206737
1
0
SUSE-SU-2023:0427-1: important: Security update for bind
by opensuse-security@opensuse.org 15 Feb '23
by opensuse-security@opensuse.org 15 Feb '23
15 Feb '23
SUSE Security Update: Security update for bind
______________________________________________________________________________
Announcement ID: SUSE-SU-2023:0427-1
Rating: important
References: #1207471
Cross-References: CVE-2022-3094
CVSS scores:
CVE-2022-3094 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-3094 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Realtime Extension 15-SP3
SUSE Linux Enterprise Server 15-SP3-LTSS
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for bind fixes the following issues:
- CVE-2022-3094: Fixed memory exhaustion due to UPDATE message flooding
(bsc#1207471).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2023-427=1
- SUSE Manager Server 4.2:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-427=1
- SUSE Manager Retail Branch Server 4.2:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-427=1
- SUSE Manager Proxy 4.2:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-427=1
- SUSE Linux Enterprise Server for SAP 15-SP3:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-427=1
- SUSE Linux Enterprise Server 15-SP3-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-427=1
- SUSE Linux Enterprise Realtime Extension 15-SP3:
zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-427=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-427=1
- SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-427=1
- SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-427=1
- SUSE Enterprise Storage 7.1:
zypper in -t patch SUSE-Storage-7.1-2023-427=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
bind-chrootenv-9.16.6-150300.22.27.1
bind-devel-9.16.6-150300.22.27.1
libbind9-1600-9.16.6-150300.22.27.1
libbind9-1600-debuginfo-9.16.6-150300.22.27.1
libdns1605-9.16.6-150300.22.27.1
libdns1605-debuginfo-9.16.6-150300.22.27.1
libirs-devel-9.16.6-150300.22.27.1
libirs1601-9.16.6-150300.22.27.1
libirs1601-debuginfo-9.16.6-150300.22.27.1
libisc1606-9.16.6-150300.22.27.1
libisc1606-debuginfo-9.16.6-150300.22.27.1
libisccc1600-9.16.6-150300.22.27.1
libisccc1600-debuginfo-9.16.6-150300.22.27.1
libisccfg1600-9.16.6-150300.22.27.1
libisccfg1600-debuginfo-9.16.6-150300.22.27.1
libns1604-9.16.6-150300.22.27.1
libns1604-debuginfo-9.16.6-150300.22.27.1
- SUSE Manager Server 4.2 (ppc64le s390x x86_64):
bind-9.16.6-150300.22.27.1
bind-chrootenv-9.16.6-150300.22.27.1
bind-debuginfo-9.16.6-150300.22.27.1
bind-debugsource-9.16.6-150300.22.27.1
bind-devel-9.16.6-150300.22.27.1
bind-utils-9.16.6-150300.22.27.1
bind-utils-debuginfo-9.16.6-150300.22.27.1
libbind9-1600-9.16.6-150300.22.27.1
libbind9-1600-debuginfo-9.16.6-150300.22.27.1
libdns1605-9.16.6-150300.22.27.1
libdns1605-debuginfo-9.16.6-150300.22.27.1
libirs-devel-9.16.6-150300.22.27.1
libirs1601-9.16.6-150300.22.27.1
libirs1601-debuginfo-9.16.6-150300.22.27.1
libisc1606-9.16.6-150300.22.27.1
libisc1606-debuginfo-9.16.6-150300.22.27.1
libisccc1600-9.16.6-150300.22.27.1
libisccc1600-debuginfo-9.16.6-150300.22.27.1
libisccfg1600-9.16.6-150300.22.27.1
libisccfg1600-debuginfo-9.16.6-150300.22.27.1
libns1604-9.16.6-150300.22.27.1
libns1604-debuginfo-9.16.6-150300.22.27.1
- SUSE Manager Server 4.2 (noarch):
bind-doc-9.16.6-150300.22.27.1
python3-bind-9.16.6-150300.22.27.1
- SUSE Manager Retail Branch Server 4.2 (x86_64):
bind-9.16.6-150300.22.27.1
bind-chrootenv-9.16.6-150300.22.27.1
bind-debuginfo-9.16.6-150300.22.27.1
bind-debugsource-9.16.6-150300.22.27.1
bind-devel-9.16.6-150300.22.27.1
bind-utils-9.16.6-150300.22.27.1
bind-utils-debuginfo-9.16.6-150300.22.27.1
libbind9-1600-9.16.6-150300.22.27.1
libbind9-1600-debuginfo-9.16.6-150300.22.27.1
libdns1605-9.16.6-150300.22.27.1
libdns1605-debuginfo-9.16.6-150300.22.27.1
libirs-devel-9.16.6-150300.22.27.1
libirs1601-9.16.6-150300.22.27.1
libirs1601-debuginfo-9.16.6-150300.22.27.1
libisc1606-9.16.6-150300.22.27.1
libisc1606-debuginfo-9.16.6-150300.22.27.1
libisccc1600-9.16.6-150300.22.27.1
libisccc1600-debuginfo-9.16.6-150300.22.27.1
libisccfg1600-9.16.6-150300.22.27.1
libisccfg1600-debuginfo-9.16.6-150300.22.27.1
libns1604-9.16.6-150300.22.27.1
libns1604-debuginfo-9.16.6-150300.22.27.1
- SUSE Manager Retail Branch Server 4.2 (noarch):
bind-doc-9.16.6-150300.22.27.1
python3-bind-9.16.6-150300.22.27.1
- SUSE Manager Proxy 4.2 (x86_64):
bind-9.16.6-150300.22.27.1
bind-chrootenv-9.16.6-150300.22.27.1
bind-debuginfo-9.16.6-150300.22.27.1
bind-debugsource-9.16.6-150300.22.27.1
bind-devel-9.16.6-150300.22.27.1
bind-utils-9.16.6-150300.22.27.1
bind-utils-debuginfo-9.16.6-150300.22.27.1
libbind9-1600-9.16.6-150300.22.27.1
libbind9-1600-debuginfo-9.16.6-150300.22.27.1
libdns1605-9.16.6-150300.22.27.1
libdns1605-debuginfo-9.16.6-150300.22.27.1
libirs-devel-9.16.6-150300.22.27.1
libirs1601-9.16.6-150300.22.27.1
libirs1601-debuginfo-9.16.6-150300.22.27.1
libisc1606-9.16.6-150300.22.27.1
libisc1606-debuginfo-9.16.6-150300.22.27.1
libisccc1600-9.16.6-150300.22.27.1
libisccc1600-debuginfo-9.16.6-150300.22.27.1
libisccfg1600-9.16.6-150300.22.27.1
libisccfg1600-debuginfo-9.16.6-150300.22.27.1
libns1604-9.16.6-150300.22.27.1
libns1604-debuginfo-9.16.6-150300.22.27.1
- SUSE Manager Proxy 4.2 (noarch):
bind-doc-9.16.6-150300.22.27.1
python3-bind-9.16.6-150300.22.27.1
- SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64):
bind-9.16.6-150300.22.27.1
bind-chrootenv-9.16.6-150300.22.27.1
bind-debuginfo-9.16.6-150300.22.27.1
bind-debugsource-9.16.6-150300.22.27.1
bind-devel-9.16.6-150300.22.27.1
bind-utils-9.16.6-150300.22.27.1
bind-utils-debuginfo-9.16.6-150300.22.27.1
libbind9-1600-9.16.6-150300.22.27.1
libbind9-1600-debuginfo-9.16.6-150300.22.27.1
libdns1605-9.16.6-150300.22.27.1
libdns1605-debuginfo-9.16.6-150300.22.27.1
libirs-devel-9.16.6-150300.22.27.1
libirs1601-9.16.6-150300.22.27.1
libirs1601-debuginfo-9.16.6-150300.22.27.1
libisc1606-9.16.6-150300.22.27.1
libisc1606-debuginfo-9.16.6-150300.22.27.1
libisccc1600-9.16.6-150300.22.27.1
libisccc1600-debuginfo-9.16.6-150300.22.27.1
libisccfg1600-9.16.6-150300.22.27.1
libisccfg1600-debuginfo-9.16.6-150300.22.27.1
libns1604-9.16.6-150300.22.27.1
libns1604-debuginfo-9.16.6-150300.22.27.1
- SUSE Linux Enterprise Server for SAP 15-SP3 (noarch):
bind-doc-9.16.6-150300.22.27.1
python3-bind-9.16.6-150300.22.27.1
- SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64):
bind-9.16.6-150300.22.27.1
bind-chrootenv-9.16.6-150300.22.27.1
bind-debuginfo-9.16.6-150300.22.27.1
bind-debugsource-9.16.6-150300.22.27.1
bind-devel-9.16.6-150300.22.27.1
bind-utils-9.16.6-150300.22.27.1
bind-utils-debuginfo-9.16.6-150300.22.27.1
libbind9-1600-9.16.6-150300.22.27.1
libbind9-1600-debuginfo-9.16.6-150300.22.27.1
libdns1605-9.16.6-150300.22.27.1
libdns1605-debuginfo-9.16.6-150300.22.27.1
libirs-devel-9.16.6-150300.22.27.1
libirs1601-9.16.6-150300.22.27.1
libirs1601-debuginfo-9.16.6-150300.22.27.1
libisc1606-9.16.6-150300.22.27.1
libisc1606-debuginfo-9.16.6-150300.22.27.1
libisccc1600-9.16.6-150300.22.27.1
libisccc1600-debuginfo-9.16.6-150300.22.27.1
libisccfg1600-9.16.6-150300.22.27.1
libisccfg1600-debuginfo-9.16.6-150300.22.27.1
libns1604-9.16.6-150300.22.27.1
libns1604-debuginfo-9.16.6-150300.22.27.1
- SUSE Linux Enterprise Server 15-SP3-LTSS (noarch):
bind-doc-9.16.6-150300.22.27.1
python3-bind-9.16.6-150300.22.27.1
- SUSE Linux Enterprise Realtime Extension 15-SP3 (noarch):
bind-doc-9.16.6-150300.22.27.1
python3-bind-9.16.6-150300.22.27.1
- SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64):
bind-9.16.6-150300.22.27.1
bind-chrootenv-9.16.6-150300.22.27.1
bind-debuginfo-9.16.6-150300.22.27.1
bind-debugsource-9.16.6-150300.22.27.1
bind-devel-9.16.6-150300.22.27.1
bind-utils-9.16.6-150300.22.27.1
bind-utils-debuginfo-9.16.6-150300.22.27.1
libbind9-1600-9.16.6-150300.22.27.1
libbind9-1600-debuginfo-9.16.6-150300.22.27.1
libdns1605-9.16.6-150300.22.27.1
libdns1605-debuginfo-9.16.6-150300.22.27.1
libirs-devel-9.16.6-150300.22.27.1
libirs1601-9.16.6-150300.22.27.1
libirs1601-debuginfo-9.16.6-150300.22.27.1
libisc1606-9.16.6-150300.22.27.1
libisc1606-debuginfo-9.16.6-150300.22.27.1
libisccc1600-9.16.6-150300.22.27.1
libisccc1600-debuginfo-9.16.6-150300.22.27.1
libisccfg1600-9.16.6-150300.22.27.1
libisccfg1600-debuginfo-9.16.6-150300.22.27.1
libns1604-9.16.6-150300.22.27.1
libns1604-debuginfo-9.16.6-150300.22.27.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
bind-debuginfo-9.16.6-150300.22.27.1
bind-debugsource-9.16.6-150300.22.27.1
libbind9-1600-9.16.6-150300.22.27.1
libbind9-1600-debuginfo-9.16.6-150300.22.27.1
libdns1605-9.16.6-150300.22.27.1
libdns1605-debuginfo-9.16.6-150300.22.27.1
libirs1601-9.16.6-150300.22.27.1
libirs1601-debuginfo-9.16.6-150300.22.27.1
libisc1606-9.16.6-150300.22.27.1
libisc1606-debuginfo-9.16.6-150300.22.27.1
libisccc1600-9.16.6-150300.22.27.1
libisccc1600-debuginfo-9.16.6-150300.22.27.1
libisccfg1600-9.16.6-150300.22.27.1
libisccfg1600-debuginfo-9.16.6-150300.22.27.1
libns1604-9.16.6-150300.22.27.1
libns1604-debuginfo-9.16.6-150300.22.27.1
- SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64):
bind-9.16.6-150300.22.27.1
bind-chrootenv-9.16.6-150300.22.27.1
bind-debuginfo-9.16.6-150300.22.27.1
bind-debugsource-9.16.6-150300.22.27.1
bind-devel-9.16.6-150300.22.27.1
bind-utils-9.16.6-150300.22.27.1
bind-utils-debuginfo-9.16.6-150300.22.27.1
libbind9-1600-9.16.6-150300.22.27.1
libbind9-1600-debuginfo-9.16.6-150300.22.27.1
libdns1605-9.16.6-150300.22.27.1
libdns1605-debuginfo-9.16.6-150300.22.27.1
libirs-devel-9.16.6-150300.22.27.1
libirs1601-9.16.6-150300.22.27.1
libirs1601-debuginfo-9.16.6-150300.22.27.1
libisc1606-9.16.6-150300.22.27.1
libisc1606-debuginfo-9.16.6-150300.22.27.1
libisccc1600-9.16.6-150300.22.27.1
libisccc1600-debuginfo-9.16.6-150300.22.27.1
libisccfg1600-9.16.6-150300.22.27.1
libisccfg1600-debuginfo-9.16.6-150300.22.27.1
libns1604-9.16.6-150300.22.27.1
libns1604-debuginfo-9.16.6-150300.22.27.1
- SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (noarch):
bind-doc-9.16.6-150300.22.27.1
python3-bind-9.16.6-150300.22.27.1
- SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64):
bind-9.16.6-150300.22.27.1
bind-chrootenv-9.16.6-150300.22.27.1
bind-debuginfo-9.16.6-150300.22.27.1
bind-debugsource-9.16.6-150300.22.27.1
bind-devel-9.16.6-150300.22.27.1
bind-utils-9.16.6-150300.22.27.1
bind-utils-debuginfo-9.16.6-150300.22.27.1
libbind9-1600-9.16.6-150300.22.27.1
libbind9-1600-debuginfo-9.16.6-150300.22.27.1
libdns1605-9.16.6-150300.22.27.1
libdns1605-debuginfo-9.16.6-150300.22.27.1
libirs-devel-9.16.6-150300.22.27.1
libirs1601-9.16.6-150300.22.27.1
libirs1601-debuginfo-9.16.6-150300.22.27.1
libisc1606-9.16.6-150300.22.27.1
libisc1606-debuginfo-9.16.6-150300.22.27.1
libisccc1600-9.16.6-150300.22.27.1
libisccc1600-debuginfo-9.16.6-150300.22.27.1
libisccfg1600-9.16.6-150300.22.27.1
libisccfg1600-debuginfo-9.16.6-150300.22.27.1
libns1604-9.16.6-150300.22.27.1
libns1604-debuginfo-9.16.6-150300.22.27.1
- SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (noarch):
bind-doc-9.16.6-150300.22.27.1
python3-bind-9.16.6-150300.22.27.1
- SUSE Enterprise Storage 7.1 (aarch64 x86_64):
bind-9.16.6-150300.22.27.1
bind-chrootenv-9.16.6-150300.22.27.1
bind-debuginfo-9.16.6-150300.22.27.1
bind-debugsource-9.16.6-150300.22.27.1
bind-devel-9.16.6-150300.22.27.1
bind-utils-9.16.6-150300.22.27.1
bind-utils-debuginfo-9.16.6-150300.22.27.1
libbind9-1600-9.16.6-150300.22.27.1
libbind9-1600-debuginfo-9.16.6-150300.22.27.1
libdns1605-9.16.6-150300.22.27.1
libdns1605-debuginfo-9.16.6-150300.22.27.1
libirs-devel-9.16.6-150300.22.27.1
libirs1601-9.16.6-150300.22.27.1
libirs1601-debuginfo-9.16.6-150300.22.27.1
libisc1606-9.16.6-150300.22.27.1
libisc1606-debuginfo-9.16.6-150300.22.27.1
libisccc1600-9.16.6-150300.22.27.1
libisccc1600-debuginfo-9.16.6-150300.22.27.1
libisccfg1600-9.16.6-150300.22.27.1
libisccfg1600-debuginfo-9.16.6-150300.22.27.1
libns1604-9.16.6-150300.22.27.1
libns1604-debuginfo-9.16.6-150300.22.27.1
- SUSE Enterprise Storage 7.1 (noarch):
bind-doc-9.16.6-150300.22.27.1
python3-bind-9.16.6-150300.22.27.1
References:
https://www.suse.com/security/cve/CVE-2022-3094.html
https://bugzilla.suse.com/1207471
1
0
SUSE-SU-2023:0424-1: important: Security update for ImageMagick
by opensuse-security@opensuse.org 15 Feb '23
by opensuse-security@opensuse.org 15 Feb '23
15 Feb '23
SUSE Security Update: Security update for ImageMagick
______________________________________________________________________________
Announcement ID: SUSE-SU-2023:0424-1
Rating: important
References: #1207982 #1207983
Cross-References: CVE-2022-44267 CVE-2022-44268
CVSS scores:
CVE-2022-44267 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-44267 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-44268 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2022-44268 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products:
SUSE Enterprise Storage 7
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS
SUSE Linux Enterprise Realtime Extension 15-SP3
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3-LTSS
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP 15-SP3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for ImageMagick fixes the following issues:
- CVE-2022-44267: Fixed a denial of service when parsing a PNG image
(bsc#1207982).
- CVE-2022-44268: Fixed arbitrary file disclosure when parsing a PNG image
(bsc#1207983).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2023-424=1
- SUSE Linux Enterprise Server for SAP 15-SP3:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-424=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-424=1
- SUSE Linux Enterprise Server 15-SP3-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-424=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-424=1
- SUSE Linux Enterprise Realtime Extension 15-SP3:
zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-424=1
- SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-424=1
- SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-424=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-424=1
- SUSE Enterprise Storage 7.1:
zypper in -t patch SUSE-Storage-7.1-2023-424=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2023-424=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.42.1
libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.42.1
libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.42.1
libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1
libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.42.1
libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1
- openSUSE Leap 15.4 (x86_64):
libMagick++-7_Q16HDRI4-32bit-7.0.7.34-150200.10.42.1
libMagick++-7_Q16HDRI4-32bit-debuginfo-7.0.7.34-150200.10.42.1
libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-150200.10.42.1
libMagickCore-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.42.1
libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-150200.10.42.1
libMagickWand-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.42.1
- SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64):
ImageMagick-7.0.7.34-150200.10.42.1
ImageMagick-config-7-SUSE-7.0.7.34-150200.10.42.1
ImageMagick-config-7-upstream-7.0.7.34-150200.10.42.1
ImageMagick-debuginfo-7.0.7.34-150200.10.42.1
ImageMagick-debugsource-7.0.7.34-150200.10.42.1
ImageMagick-devel-7.0.7.34-150200.10.42.1
libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.42.1
libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.42.1
libMagick++-devel-7.0.7.34-150200.10.42.1
libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.42.1
libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1
libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.42.1
libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1
perl-PerlMagick-7.0.7.34-150200.10.42.1
perl-PerlMagick-debuginfo-7.0.7.34-150200.10.42.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
ImageMagick-7.0.7.34-150200.10.42.1
ImageMagick-config-7-SUSE-7.0.7.34-150200.10.42.1
ImageMagick-config-7-upstream-7.0.7.34-150200.10.42.1
ImageMagick-debuginfo-7.0.7.34-150200.10.42.1
ImageMagick-debugsource-7.0.7.34-150200.10.42.1
ImageMagick-devel-7.0.7.34-150200.10.42.1
libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.42.1
libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.42.1
libMagick++-devel-7.0.7.34-150200.10.42.1
libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.42.1
libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1
libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.42.1
libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1
perl-PerlMagick-7.0.7.34-150200.10.42.1
perl-PerlMagick-debuginfo-7.0.7.34-150200.10.42.1
- SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64):
ImageMagick-7.0.7.34-150200.10.42.1
ImageMagick-config-7-SUSE-7.0.7.34-150200.10.42.1
ImageMagick-config-7-upstream-7.0.7.34-150200.10.42.1
ImageMagick-debuginfo-7.0.7.34-150200.10.42.1
ImageMagick-debugsource-7.0.7.34-150200.10.42.1
ImageMagick-devel-7.0.7.34-150200.10.42.1
libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.42.1
libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.42.1
libMagick++-devel-7.0.7.34-150200.10.42.1
libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.42.1
libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1
libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.42.1
libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1
perl-PerlMagick-7.0.7.34-150200.10.42.1
perl-PerlMagick-debuginfo-7.0.7.34-150200.10.42.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
ImageMagick-7.0.7.34-150200.10.42.1
ImageMagick-config-7-SUSE-7.0.7.34-150200.10.42.1
ImageMagick-config-7-upstream-7.0.7.34-150200.10.42.1
ImageMagick-debuginfo-7.0.7.34-150200.10.42.1
ImageMagick-debugsource-7.0.7.34-150200.10.42.1
ImageMagick-devel-7.0.7.34-150200.10.42.1
libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.42.1
libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.42.1
libMagick++-devel-7.0.7.34-150200.10.42.1
libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.42.1
libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1
libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.42.1
libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1
perl-PerlMagick-7.0.7.34-150200.10.42.1
perl-PerlMagick-debuginfo-7.0.7.34-150200.10.42.1
- SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64):
ImageMagick-7.0.7.34-150200.10.42.1
ImageMagick-config-7-SUSE-7.0.7.34-150200.10.42.1
ImageMagick-config-7-upstream-7.0.7.34-150200.10.42.1
ImageMagick-debuginfo-7.0.7.34-150200.10.42.1
ImageMagick-debugsource-7.0.7.34-150200.10.42.1
ImageMagick-devel-7.0.7.34-150200.10.42.1
libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.42.1
libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.42.1
libMagick++-devel-7.0.7.34-150200.10.42.1
libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.42.1
libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1
libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.42.1
libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1
perl-PerlMagick-7.0.7.34-150200.10.42.1
perl-PerlMagick-debuginfo-7.0.7.34-150200.10.42.1
- SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64):
ImageMagick-7.0.7.34-150200.10.42.1
ImageMagick-config-7-SUSE-7.0.7.34-150200.10.42.1
ImageMagick-config-7-upstream-7.0.7.34-150200.10.42.1
ImageMagick-debuginfo-7.0.7.34-150200.10.42.1
ImageMagick-debugsource-7.0.7.34-150200.10.42.1
ImageMagick-devel-7.0.7.34-150200.10.42.1
libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.42.1
libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.42.1
libMagick++-devel-7.0.7.34-150200.10.42.1
libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.42.1
libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1
libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.42.1
libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1
perl-PerlMagick-7.0.7.34-150200.10.42.1
perl-PerlMagick-debuginfo-7.0.7.34-150200.10.42.1
- SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64):
ImageMagick-7.0.7.34-150200.10.42.1
ImageMagick-config-7-SUSE-7.0.7.34-150200.10.42.1
ImageMagick-config-7-upstream-7.0.7.34-150200.10.42.1
ImageMagick-debuginfo-7.0.7.34-150200.10.42.1
ImageMagick-debugsource-7.0.7.34-150200.10.42.1
ImageMagick-devel-7.0.7.34-150200.10.42.1
libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.42.1
libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.42.1
libMagick++-devel-7.0.7.34-150200.10.42.1
libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.42.1
libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1
libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.42.1
libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1
perl-PerlMagick-7.0.7.34-150200.10.42.1
perl-PerlMagick-debuginfo-7.0.7.34-150200.10.42.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
ImageMagick-7.0.7.34-150200.10.42.1
ImageMagick-config-7-SUSE-7.0.7.34-150200.10.42.1
ImageMagick-config-7-upstream-7.0.7.34-150200.10.42.1
ImageMagick-debuginfo-7.0.7.34-150200.10.42.1
ImageMagick-debugsource-7.0.7.34-150200.10.42.1
ImageMagick-devel-7.0.7.34-150200.10.42.1
libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.42.1
libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.42.1
libMagick++-devel-7.0.7.34-150200.10.42.1
libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.42.1
libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1
libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.42.1
libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1
perl-PerlMagick-7.0.7.34-150200.10.42.1
perl-PerlMagick-debuginfo-7.0.7.34-150200.10.42.1
- SUSE Enterprise Storage 7.1 (aarch64 x86_64):
ImageMagick-7.0.7.34-150200.10.42.1
ImageMagick-config-7-SUSE-7.0.7.34-150200.10.42.1
ImageMagick-config-7-upstream-7.0.7.34-150200.10.42.1
ImageMagick-debuginfo-7.0.7.34-150200.10.42.1
ImageMagick-debugsource-7.0.7.34-150200.10.42.1
ImageMagick-devel-7.0.7.34-150200.10.42.1
libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.42.1
libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.42.1
libMagick++-devel-7.0.7.34-150200.10.42.1
libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.42.1
libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1
libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.42.1
libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1
perl-PerlMagick-7.0.7.34-150200.10.42.1
perl-PerlMagick-debuginfo-7.0.7.34-150200.10.42.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
ImageMagick-7.0.7.34-150200.10.42.1
ImageMagick-config-7-SUSE-7.0.7.34-150200.10.42.1
ImageMagick-config-7-upstream-7.0.7.34-150200.10.42.1
ImageMagick-debuginfo-7.0.7.34-150200.10.42.1
ImageMagick-debugsource-7.0.7.34-150200.10.42.1
ImageMagick-devel-7.0.7.34-150200.10.42.1
libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.42.1
libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.42.1
libMagick++-devel-7.0.7.34-150200.10.42.1
libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.42.1
libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1
libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.42.1
libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.42.1
perl-PerlMagick-7.0.7.34-150200.10.42.1
perl-PerlMagick-debuginfo-7.0.7.34-150200.10.42.1
References:
https://www.suse.com/security/cve/CVE-2022-44267.html
https://www.suse.com/security/cve/CVE-2022-44268.html
https://bugzilla.suse.com/1207982
https://bugzilla.suse.com/1207983
1
0
SUSE-SU-2023:0428-1: important: Security update for ImageMagick
by opensuse-security@opensuse.org 15 Feb '23
by opensuse-security@opensuse.org 15 Feb '23
15 Feb '23
SUSE Security Update: Security update for ImageMagick
______________________________________________________________________________
Announcement ID: SUSE-SU-2023:0428-1
Rating: important
References: #1207982 #1207983
Cross-References: CVE-2022-44267 CVE-2022-44268
CVSS scores:
CVE-2022-44267 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-44267 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-44268 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2022-44268 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Desktop Applications 15-SP4
SUSE Linux Enterprise Module for Development Tools 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for ImageMagick fixes the following issues:
- CVE-2022-44267: Fixed a denial of service when parsing a PNG image
(bsc#1207982).
- CVE-2022-44268: Fixed arbitrary file disclosure when parsing a PNG image
(bsc#1207983).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2023-428=1
- SUSE Linux Enterprise Module for Development Tools 15-SP4:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-428=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-428=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
ImageMagick-7.1.0.9-150400.6.12.1
ImageMagick-config-7-SUSE-7.1.0.9-150400.6.12.1
ImageMagick-config-7-upstream-7.1.0.9-150400.6.12.1
ImageMagick-debuginfo-7.1.0.9-150400.6.12.1
ImageMagick-debugsource-7.1.0.9-150400.6.12.1
ImageMagick-devel-7.1.0.9-150400.6.12.1
ImageMagick-extra-7.1.0.9-150400.6.12.1
ImageMagick-extra-debuginfo-7.1.0.9-150400.6.12.1
libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.12.1
libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.12.1
libMagick++-devel-7.1.0.9-150400.6.12.1
libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.12.1
libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.12.1
libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.12.1
libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.12.1
perl-PerlMagick-7.1.0.9-150400.6.12.1
perl-PerlMagick-debuginfo-7.1.0.9-150400.6.12.1
- openSUSE Leap 15.4 (x86_64):
ImageMagick-devel-32bit-7.1.0.9-150400.6.12.1
libMagick++-7_Q16HDRI5-32bit-7.1.0.9-150400.6.12.1
libMagick++-7_Q16HDRI5-32bit-debuginfo-7.1.0.9-150400.6.12.1
libMagick++-devel-32bit-7.1.0.9-150400.6.12.1
libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-150400.6.12.1
libMagickCore-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.12.1
libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-150400.6.12.1
libMagickWand-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.12.1
- openSUSE Leap 15.4 (noarch):
ImageMagick-doc-7.1.0.9-150400.6.12.1
- SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64):
ImageMagick-debuginfo-7.1.0.9-150400.6.12.1
ImageMagick-debugsource-7.1.0.9-150400.6.12.1
perl-PerlMagick-7.1.0.9-150400.6.12.1
perl-PerlMagick-debuginfo-7.1.0.9-150400.6.12.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
ImageMagick-7.1.0.9-150400.6.12.1
ImageMagick-config-7-SUSE-7.1.0.9-150400.6.12.1
ImageMagick-config-7-upstream-7.1.0.9-150400.6.12.1
ImageMagick-debuginfo-7.1.0.9-150400.6.12.1
ImageMagick-debugsource-7.1.0.9-150400.6.12.1
ImageMagick-devel-7.1.0.9-150400.6.12.1
libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.12.1
libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.12.1
libMagick++-devel-7.1.0.9-150400.6.12.1
libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.12.1
libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.12.1
libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.12.1
libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.12.1
References:
https://www.suse.com/security/cve/CVE-2022-44267.html
https://www.suse.com/security/cve/CVE-2022-44268.html
https://bugzilla.suse.com/1207982
https://bugzilla.suse.com/1207983
1
0
SUSE-SU-2023:0430-1: important: Security update for git
by opensuse-security@opensuse.org 15 Feb '23
by opensuse-security@opensuse.org 15 Feb '23
15 Feb '23
SUSE Security Update: Security update for git
______________________________________________________________________________
Announcement ID: SUSE-SU-2023:0430-1
Rating: important
References: #1208027 #1208028
Cross-References: CVE-2023-22490 CVE-2023-23946
CVSS scores:
CVE-2023-22490 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2023-22490 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
CVE-2023-23946 (NVD) : 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2023-23946 (SUSE): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
Affected Products:
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Development Tools 15-SP4
SUSE Linux Enterprise Realtime Extension 15-SP3
SUSE Linux Enterprise Server 15-SP3-LTSS
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for git fixes the following issues:
- CVE-2023-22490: Fixed incorrectly usable local clone optimization even
when using a non-local transport (bsc#1208027).
- CVE-2023-23946: Fixed issue where a path outside the working tree can
be overwritten as the user who is running "git apply" (bsc#1208028).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2023-430=1
- SUSE Manager Server 4.2:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-430=1
- SUSE Manager Retail Branch Server 4.2:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-430=1
- SUSE Manager Proxy 4.2:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-430=1
- SUSE Linux Enterprise Server for SAP 15-SP3:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-430=1
- SUSE Linux Enterprise Server 15-SP3-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-430=1
- SUSE Linux Enterprise Realtime Extension 15-SP3:
zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-430=1
- SUSE Linux Enterprise Module for Development Tools 15-SP4:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-430=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-430=1
- SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-430=1
- SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-430=1
- SUSE Enterprise Storage 7.1:
zypper in -t patch SUSE-Storage-7.1-2023-430=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
git-2.35.3-150300.10.24.1
git-arch-2.35.3-150300.10.24.1
git-core-2.35.3-150300.10.24.1
git-core-debuginfo-2.35.3-150300.10.24.1
git-credential-gnome-keyring-2.35.3-150300.10.24.1
git-credential-gnome-keyring-debuginfo-2.35.3-150300.10.24.1
git-credential-libsecret-2.35.3-150300.10.24.1
git-credential-libsecret-debuginfo-2.35.3-150300.10.24.1
git-cvs-2.35.3-150300.10.24.1
git-daemon-2.35.3-150300.10.24.1
git-daemon-debuginfo-2.35.3-150300.10.24.1
git-debuginfo-2.35.3-150300.10.24.1
git-debugsource-2.35.3-150300.10.24.1
git-email-2.35.3-150300.10.24.1
git-gui-2.35.3-150300.10.24.1
git-p4-2.35.3-150300.10.24.1
git-svn-2.35.3-150300.10.24.1
git-web-2.35.3-150300.10.24.1
gitk-2.35.3-150300.10.24.1
perl-Git-2.35.3-150300.10.24.1
- openSUSE Leap 15.4 (noarch):
git-doc-2.35.3-150300.10.24.1
- SUSE Manager Server 4.2 (ppc64le s390x x86_64):
git-core-2.35.3-150300.10.24.1
git-core-debuginfo-2.35.3-150300.10.24.1
git-debuginfo-2.35.3-150300.10.24.1
git-debugsource-2.35.3-150300.10.24.1
perl-Git-2.35.3-150300.10.24.1
- SUSE Manager Retail Branch Server 4.2 (x86_64):
git-core-2.35.3-150300.10.24.1
git-core-debuginfo-2.35.3-150300.10.24.1
git-debuginfo-2.35.3-150300.10.24.1
git-debugsource-2.35.3-150300.10.24.1
perl-Git-2.35.3-150300.10.24.1
- SUSE Manager Proxy 4.2 (x86_64):
git-core-2.35.3-150300.10.24.1
git-core-debuginfo-2.35.3-150300.10.24.1
git-debuginfo-2.35.3-150300.10.24.1
git-debugsource-2.35.3-150300.10.24.1
perl-Git-2.35.3-150300.10.24.1
- SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64):
git-2.35.3-150300.10.24.1
git-arch-2.35.3-150300.10.24.1
git-core-2.35.3-150300.10.24.1
git-core-debuginfo-2.35.3-150300.10.24.1
git-cvs-2.35.3-150300.10.24.1
git-daemon-2.35.3-150300.10.24.1
git-daemon-debuginfo-2.35.3-150300.10.24.1
git-debuginfo-2.35.3-150300.10.24.1
git-debugsource-2.35.3-150300.10.24.1
git-email-2.35.3-150300.10.24.1
git-gui-2.35.3-150300.10.24.1
git-svn-2.35.3-150300.10.24.1
git-web-2.35.3-150300.10.24.1
gitk-2.35.3-150300.10.24.1
perl-Git-2.35.3-150300.10.24.1
- SUSE Linux Enterprise Server for SAP 15-SP3 (noarch):
git-doc-2.35.3-150300.10.24.1
- SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64):
git-2.35.3-150300.10.24.1
git-arch-2.35.3-150300.10.24.1
git-core-2.35.3-150300.10.24.1
git-core-debuginfo-2.35.3-150300.10.24.1
git-cvs-2.35.3-150300.10.24.1
git-daemon-2.35.3-150300.10.24.1
git-daemon-debuginfo-2.35.3-150300.10.24.1
git-debuginfo-2.35.3-150300.10.24.1
git-debugsource-2.35.3-150300.10.24.1
git-email-2.35.3-150300.10.24.1
git-gui-2.35.3-150300.10.24.1
git-svn-2.35.3-150300.10.24.1
git-web-2.35.3-150300.10.24.1
gitk-2.35.3-150300.10.24.1
perl-Git-2.35.3-150300.10.24.1
- SUSE Linux Enterprise Server 15-SP3-LTSS (noarch):
git-doc-2.35.3-150300.10.24.1
- SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64):
git-2.35.3-150300.10.24.1
git-arch-2.35.3-150300.10.24.1
git-core-2.35.3-150300.10.24.1
git-core-debuginfo-2.35.3-150300.10.24.1
git-cvs-2.35.3-150300.10.24.1
git-daemon-2.35.3-150300.10.24.1
git-daemon-debuginfo-2.35.3-150300.10.24.1
git-debuginfo-2.35.3-150300.10.24.1
git-debugsource-2.35.3-150300.10.24.1
git-email-2.35.3-150300.10.24.1
git-gui-2.35.3-150300.10.24.1
git-svn-2.35.3-150300.10.24.1
git-web-2.35.3-150300.10.24.1
gitk-2.35.3-150300.10.24.1
perl-Git-2.35.3-150300.10.24.1
- SUSE Linux Enterprise Realtime Extension 15-SP3 (noarch):
git-doc-2.35.3-150300.10.24.1
- SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64):
git-2.35.3-150300.10.24.1
git-arch-2.35.3-150300.10.24.1
git-cvs-2.35.3-150300.10.24.1
git-daemon-2.35.3-150300.10.24.1
git-daemon-debuginfo-2.35.3-150300.10.24.1
git-debuginfo-2.35.3-150300.10.24.1
git-debugsource-2.35.3-150300.10.24.1
git-email-2.35.3-150300.10.24.1
git-gui-2.35.3-150300.10.24.1
git-svn-2.35.3-150300.10.24.1
git-web-2.35.3-150300.10.24.1
gitk-2.35.3-150300.10.24.1
perl-Git-2.35.3-150300.10.24.1
- SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch):
git-doc-2.35.3-150300.10.24.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
git-core-2.35.3-150300.10.24.1
git-core-debuginfo-2.35.3-150300.10.24.1
git-debuginfo-2.35.3-150300.10.24.1
git-debugsource-2.35.3-150300.10.24.1
- SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64):
git-2.35.3-150300.10.24.1
git-arch-2.35.3-150300.10.24.1
git-core-2.35.3-150300.10.24.1
git-core-debuginfo-2.35.3-150300.10.24.1
git-cvs-2.35.3-150300.10.24.1
git-daemon-2.35.3-150300.10.24.1
git-daemon-debuginfo-2.35.3-150300.10.24.1
git-debuginfo-2.35.3-150300.10.24.1
git-debugsource-2.35.3-150300.10.24.1
git-email-2.35.3-150300.10.24.1
git-gui-2.35.3-150300.10.24.1
git-svn-2.35.3-150300.10.24.1
git-web-2.35.3-150300.10.24.1
gitk-2.35.3-150300.10.24.1
perl-Git-2.35.3-150300.10.24.1
- SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (noarch):
git-doc-2.35.3-150300.10.24.1
- SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64):
git-2.35.3-150300.10.24.1
git-arch-2.35.3-150300.10.24.1
git-core-2.35.3-150300.10.24.1
git-core-debuginfo-2.35.3-150300.10.24.1
git-cvs-2.35.3-150300.10.24.1
git-daemon-2.35.3-150300.10.24.1
git-daemon-debuginfo-2.35.3-150300.10.24.1
git-debuginfo-2.35.3-150300.10.24.1
git-debugsource-2.35.3-150300.10.24.1
git-email-2.35.3-150300.10.24.1
git-gui-2.35.3-150300.10.24.1
git-svn-2.35.3-150300.10.24.1
git-web-2.35.3-150300.10.24.1
gitk-2.35.3-150300.10.24.1
perl-Git-2.35.3-150300.10.24.1
- SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (noarch):
git-doc-2.35.3-150300.10.24.1
- SUSE Enterprise Storage 7.1 (aarch64 x86_64):
git-2.35.3-150300.10.24.1
git-arch-2.35.3-150300.10.24.1
git-core-2.35.3-150300.10.24.1
git-core-debuginfo-2.35.3-150300.10.24.1
git-cvs-2.35.3-150300.10.24.1
git-daemon-2.35.3-150300.10.24.1
git-daemon-debuginfo-2.35.3-150300.10.24.1
git-debuginfo-2.35.3-150300.10.24.1
git-debugsource-2.35.3-150300.10.24.1
git-email-2.35.3-150300.10.24.1
git-gui-2.35.3-150300.10.24.1
git-svn-2.35.3-150300.10.24.1
git-web-2.35.3-150300.10.24.1
gitk-2.35.3-150300.10.24.1
perl-Git-2.35.3-150300.10.24.1
- SUSE Enterprise Storage 7.1 (noarch):
git-doc-2.35.3-150300.10.24.1
References:
https://www.suse.com/security/cve/CVE-2023-22490.html
https://www.suse.com/security/cve/CVE-2023-23946.html
https://bugzilla.suse.com/1208027
https://bugzilla.suse.com/1208028
1
0
openSUSE-SU-2023:0047-1: important: Security update for phpMyAdmin
by opensuse-security@opensuse.org 15 Feb '23
by opensuse-security@opensuse.org 15 Feb '23
15 Feb '23
openSUSE Security Update: Security update for phpMyAdmin
______________________________________________________________________________
Announcement ID: openSUSE-SU-2023:0047-1
Rating: important
References: #1195017 #1195018 #1197036 #1208186
Cross-References: CVE-2022-0813 CVE-2022-23807 CVE-2022-23808
CVE-2023-25727
CVSS scores:
CVE-2022-0813 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-0813 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2022-23807 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CVE-2022-23808 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes four vulnerabilities is now available.
Description:
This update for phpMyAdmin fixes the following issues:
phpMyAdmin was updated to 5.2.1
This is a security and bufix release.
* Security:
- Fix (PMASA-2023-01, CWE-661, boo#1208186, CVE-2023-25727) Fix an XSS
attack through the drag-and-drop upload feature.
* Bugfixes:
- issue #17522 Fix case where the routes cache file is invalid
- issue #17506 Fix error when configuring 2FA without XMLWriter or
Imagick
- issue Fix blank page when some error occurs
- issue #17519 Fix Export pages not working in certain conditions
- issue #17496 Fix error in table operation page when partitions are
broken
- issue #17386 Fix system memory and system swap values on Windows
- issue #17517 Fix Database Server panel not getting hidden by
ShowServerInfo configuration directive
- issue #17271 Fix database names not showing on Processes tab
- issue #17424 Fix export limit size calculation
- issue #17366 Fix refresh rate popup on Monitor page
- issue #17577 Fix monitor charts size on RTL languages
- issue #17121 Fix password_hash function incorrectly adding single
quotes to password before hashing
- issue #17586 Fix statistics not showing for empty databases
- issue #17592 Clicking on the New index link on the sidebar does not
throw an error anymore
- issue #17584 It's now possible to browse a database that includes two
% in its name
- issue Fix PHP 8.2 deprecated string interpolation syntax
- issue Some languages are now correctly detected from the HTTP
header
- issue #17617 Sorting is correctly remembered when
$cfg['RememberSorting'] is true
- issue #17593 Table filtering now works when action buttons are on the
right side of the row
- issue #17388 Find and Replace using regex now makes a valid query if
no matching result set found
- issue #17551 Enum/Set editor will not fail to open when creating a new
column
- issue #17659 Fix error when a database group is named tables, views,
functions, procedures or events
- issue #17673 Allow empty values to be inserted into columns
- issue #17620 Fix error handling at phpMyAdmin startup for the JS SQL
console
- issue Fixed debug queries console broken UI for query time and
group count
- issue Fixed escaping of SQL query and errors for the debug
console
- issue Fix console toolbar UI when the bookmark feature is
disabled and sql debug is enabled
- issue #17543 Fix JS error on saving a new designer page
- issue #17546 Fix JS error after using save as and open page operation
on the designer
- issue Fix PHP warning on GIS visualization when there is only
one GIS column
- issue #17728 Some select HTML tags will now have the correct UI style
- issue #17734 PHP deprecations will only be shown when in a development
environment
- issue #17369 Fix server error when blowfish_secret is not exactly 32
bytes long
- issue #17736 Add utf8mb3 as an alias of utf8 on the charset
description page
- issue #16418 Fix FAQ 1.44 about manually removing vendor folders
- issue #12359 Setup page now sends the Content-Security-Policy headers
- issue #17747 The Column Visibility Toggle will not be hidden by other
elements
- issue #17756 Edit/Copy/Delete row now works when using GROUP BY
- issue #17248 Support the UUID data type for MariaDB >= 10.7
- issue #17656 Fix replace/change/set table prefix is not working
- issue Fix monitor page filter queries only filtering the first
row
- issue Fix "Link not found!" on foreign columns for tables
having no char column to show
- issue #17390 Fix "Create view" modal doesn't show on results and empty
results
- issue #17772 Fix wrong styles for add button from central columns
- issue #17389 Fix HTML disappears when exporting settings to browser's
storage
- issue #17166 Fix "Warning: #1287 'X' is deprecated [...] Please use
ST_X instead." on search page
- issue Use jquery-migrate.min.js (14KB) instead of
jquery-migrate.min.js (31KB)
- issue #17842 Use jquery.validate.min.js (24 KB) instead of
jquery.validate.js (50 KB)
- issue #17281 Fix links to databases for information_schema.SCHEMATA
- issue #17553 Fix Metro theme unreadable links above navigation tree
- issue #17553 Metro theme UI fixes and improvements
- issue #17553 Fix Metro theme login form with
- issue #16042 Exported gzip file of database has first ~73 kB
uncompressed and rest is gzip compressed in Firefox
- issue #17705 Fix inline SQL query edit FK checkbox preventing submit
buttons from working
- issue #17777 Fix Uncaught TypeError: Cannot read properties of null
(reading 'inline') on datepickers when re-opened
- issue Fix Original theme buttons style and login form width
- issue #17892 Fix closing index edit modal and reopening causes it to
fire twice
- issue #17606 Fix preview SQL modal not working inside "Add Index" modal
- issue Fix PHP error on adding new column on create table form
- issue #17482 Default to "Full texts" when running explain statements
- issue Fixed Chrome scrolling performance issue on a textarea of
an "export as text" page
- issue #17703 Fix datepicker appears on all fields, not just date
- issue Fix space in the tree line when a DB is expanded
- issue #17340 Fix "New Table" page -> "VIRTUAL" attribute is lost when
adding a new column
- issue #17446 Fix missing option for STORED virtual column on MySQL and
PERSISTENT is not supported on MySQL
- issue #17446 Lower the check for virtual columns to MySQL>=5.7.6
nothing is supported on 5.7.5
- issue Fix column names option for CSV Export
- issue #17177 Fix preview SQL when reordering columns doesn't work on
move columns
- issue #15887 Fixed DROP TABLE errors ignored on multi table select for
DROP
- issue #17944 Fix unable to create a view from tree view button
- issue #17927 Fix key navigation between select inputs (drop an old
Firefox workaround)
- issue #17967 Fix missing icon for collapse all button
- issue #18006 Fixed UUID columns can't be moved
- issue Add `spellcheck="false"` to all password fields and some
text fields to avoid spell-jacking data leaks
- issue Remove non working "Analyze Explain at MariaDB.org"
button (MariaDB stopped this service)
- issue #17229 Add support for Web Authentication API because Chrome
removed support for the U2F API
- issue #18019 Fix "Call to a member function fetchAssoc() on bool" with
SQL mode ONLY_FULL_GROUP_BY on monitor search logs
- issue Add back UUID and UUID_SHORT to functions on MySQL and
all MariaDB versions
- issue #17398 Fix clicking on JSON columns triggers update query
- issue Fix silent JSON parse error on upload progress
- issue #17833 Fix "Add Parameter" button not working for Add Routine
Screen
- issue #17365 Fixed "Uncaught Error: regexp too big" on server status
variables page
Update to 5.2.0
* Bugfix
- issue #16521 Upgrade Bootstrap to version 5
- issue #16521 Drop support for Internet Explorer and others
- issue Upgrade to shapefile 3
- issue #16555 Bump minimum PHP version to 7.2
- issue Remove the phpseclib dependency
- issue Upgrade Symfony components to version 5.2
- issue Upgrade to Motranslator 4
- issue #16005 Improve the performance of the Export logic
- issue #16829 Add NOT LIKE %...% operator to Table search
- issue #16845 Fixed some links not passing through url.php
- issue #16382 Remove apc upload progress method (all upload progress
code was removed from the PHP extension)
- issue #16974 Replace zxcvbn by zxcvbn-ts
- issue #15691 Disable the last column checkbox in the column list
dropdown instead of not allowing un-check
- issue #16138 Ignore the length of integer types and show a warning on
MySQL >= 8.0.18
- issue Add support for the Mroonga engine
- issue Double click column name to directly copy to clipboard
- issue #16425 Add DELETE FROM table on table operations page
- issue #16482 Add a select all link for table-specific privileges
- issue #14276 Add support for account locking
- issue #17143 Use composer/ca-bundle to manage the CA cert file
- issue #17143 Require the openssl PHP extension
- issue #17171 Remove the printview.css file from themes
- issue #17203 Redesign the export and the import pages
- issue #16197 Replace the master/slave terminology
- issue #17257 Replace libraries/vendor_config.php constants with an
array
- issue Add the Bootstrap theme
- issue #17499 Remove stickyfilljs JavaScript dependency
Update to 5.1.3
This is a security and bufix release.
* Security
- Fix for boo#1197036 (CVE-2022-0813)
- Fix for path disclosure under certain server configurations (if
display_errors is on, for instance)
* Bugfix
- issue #17308 Fix broken pagination links in the navigation sidebar
- issue #17331 Fix MariaDB has no support for system variable
"disabled_storage_engines"
- issue #17315 Fix unsupported operand types in Results.php when running
"SHOW PROCESSLIST" SQL query
- issue #17288 Fixed importing browser settings question box after login
when having no pmadb
- issue #17288 Fix "First day of calendar" user override has no effect
- issue #17239 Fixed repeating headers are not working
- issue #17298 Fixed import of email-adresses or links from ODS results
in empty contents
- issue #17344 Fixed a type error on ODS import with non string values
- issue #17239 Fixed header row show/hide columns buttons on each line
after hover are shown on each row
Update to 5.1.2
This is a security and bufix release.
* Security
- Fix boo#1195017 (CVE-2022-23807, PMASA-2022-1, CWE-661) Two factor
authentication bypass
- Fix boo#1195018 (CVE-2022-23808, PMASA-2022-2, CWE-661) Multiple XSS
and HTML injection attacks in setup script
* Bugfixes
- Revert a changed to $cfg['CharTextareaRows'] allow values less than 7
- Fix encoding of enum and set values on edit value
- Fixed possible "Undefined index: clause_is_unique" error
- Fixed some situations where a user is logged out when working with
more than one server
- Fixed a problem with assigning privileges to a user using the
multiselect list when the database name has an underscore
- Enable cookie parameter "SameSite" when the PHP version is 7.3 or newer
- Correctly handle the removal of "innodb_file_format" in MariaDB and
MySQL
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2023-47=1
Package List:
- openSUSE Backports SLE-15-SP4 (noarch):
phpMyAdmin-5.2.1-bp154.2.3.1
phpMyAdmin-apache-5.2.1-bp154.2.3.1
phpMyAdmin-lang-5.2.1-bp154.2.3.1
References:
https://www.suse.com/security/cve/CVE-2022-0813.html
https://www.suse.com/security/cve/CVE-2022-23807.html
https://www.suse.com/security/cve/CVE-2022-23808.html
https://www.suse.com/security/cve/CVE-2023-25727.html
https://bugzilla.suse.com/1195017
https://bugzilla.suse.com/1195018
https://bugzilla.suse.com/1197036
https://bugzilla.suse.com/1208186
1
0
SUSE-SU-2023:0418-1: important: Security update for git
by opensuse-security@opensuse.org 15 Feb '23
by opensuse-security@opensuse.org 15 Feb '23
15 Feb '23
SUSE Security Update: Security update for git
______________________________________________________________________________
Announcement ID: SUSE-SU-2023:0418-1
Rating: important
References: #1204455 #1204456 #1208027 #1208028
Cross-References: CVE-2022-39253 CVE-2022-39260 CVE-2023-22490
CVE-2023-23946
CVSS scores:
CVE-2022-39253 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2022-39253 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2022-39260 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-39260 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVE-2023-22490 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2023-22490 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
CVE-2023-23946 (NVD) : 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2023-23946 (SUSE): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 7
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes four vulnerabilities is now available.
Description:
This update for git fixes the following issues:
- CVE-2023-22490: Fixed incorrectly usable local clone optimization even
when using a non-local transport (bsc#1208027).
- CVE-2023-23946: Fixed issue where a path outside the working tree can
be overwritten as the user who is running "git apply" (bsc#1208028).
- CVE-2022-39260: Fixed overflow in `split_cmdline()`, leading to
arbitrary heap writes and remote code execution (bsc#1204456).
- CVE-2022-39253: Fixed dereference issue with symbolic links via the
`--local` clone mechanism (bsc#1204455).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2023-418=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-418=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-418=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-418=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-418=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-418=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-418=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2023-418=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
git-svn-debuginfo-2.26.2-150000.47.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
git-2.26.2-150000.47.1
git-arch-2.26.2-150000.47.1
git-core-2.26.2-150000.47.1
git-core-debuginfo-2.26.2-150000.47.1
git-cvs-2.26.2-150000.47.1
git-daemon-2.26.2-150000.47.1
git-daemon-debuginfo-2.26.2-150000.47.1
git-debuginfo-2.26.2-150000.47.1
git-debugsource-2.26.2-150000.47.1
git-email-2.26.2-150000.47.1
git-gui-2.26.2-150000.47.1
git-svn-2.26.2-150000.47.1
git-svn-debuginfo-2.26.2-150000.47.1
git-web-2.26.2-150000.47.1
gitk-2.26.2-150000.47.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):
git-doc-2.26.2-150000.47.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
git-2.26.2-150000.47.1
git-arch-2.26.2-150000.47.1
git-core-2.26.2-150000.47.1
git-core-debuginfo-2.26.2-150000.47.1
git-cvs-2.26.2-150000.47.1
git-daemon-2.26.2-150000.47.1
git-daemon-debuginfo-2.26.2-150000.47.1
git-debuginfo-2.26.2-150000.47.1
git-debugsource-2.26.2-150000.47.1
git-email-2.26.2-150000.47.1
git-gui-2.26.2-150000.47.1
git-svn-2.26.2-150000.47.1
git-svn-debuginfo-2.26.2-150000.47.1
git-web-2.26.2-150000.47.1
gitk-2.26.2-150000.47.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):
git-doc-2.26.2-150000.47.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
git-2.26.2-150000.47.1
git-arch-2.26.2-150000.47.1
git-core-2.26.2-150000.47.1
git-core-debuginfo-2.26.2-150000.47.1
git-cvs-2.26.2-150000.47.1
git-daemon-2.26.2-150000.47.1
git-daemon-debuginfo-2.26.2-150000.47.1
git-debuginfo-2.26.2-150000.47.1
git-debugsource-2.26.2-150000.47.1
git-email-2.26.2-150000.47.1
git-gui-2.26.2-150000.47.1
git-svn-2.26.2-150000.47.1
git-svn-debuginfo-2.26.2-150000.47.1
git-web-2.26.2-150000.47.1
gitk-2.26.2-150000.47.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):
git-doc-2.26.2-150000.47.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
git-2.26.2-150000.47.1
git-arch-2.26.2-150000.47.1
git-core-2.26.2-150000.47.1
git-core-debuginfo-2.26.2-150000.47.1
git-cvs-2.26.2-150000.47.1
git-daemon-2.26.2-150000.47.1
git-daemon-debuginfo-2.26.2-150000.47.1
git-debuginfo-2.26.2-150000.47.1
git-debugsource-2.26.2-150000.47.1
git-email-2.26.2-150000.47.1
git-gui-2.26.2-150000.47.1
git-svn-2.26.2-150000.47.1
git-svn-debuginfo-2.26.2-150000.47.1
git-web-2.26.2-150000.47.1
gitk-2.26.2-150000.47.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):
git-doc-2.26.2-150000.47.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
git-2.26.2-150000.47.1
git-arch-2.26.2-150000.47.1
git-core-2.26.2-150000.47.1
git-core-debuginfo-2.26.2-150000.47.1
git-cvs-2.26.2-150000.47.1
git-daemon-2.26.2-150000.47.1
git-daemon-debuginfo-2.26.2-150000.47.1
git-debuginfo-2.26.2-150000.47.1
git-debugsource-2.26.2-150000.47.1
git-email-2.26.2-150000.47.1
git-gui-2.26.2-150000.47.1
git-svn-2.26.2-150000.47.1
git-svn-debuginfo-2.26.2-150000.47.1
git-web-2.26.2-150000.47.1
gitk-2.26.2-150000.47.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):
git-doc-2.26.2-150000.47.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
git-2.26.2-150000.47.1
git-arch-2.26.2-150000.47.1
git-core-2.26.2-150000.47.1
git-core-debuginfo-2.26.2-150000.47.1
git-cvs-2.26.2-150000.47.1
git-daemon-2.26.2-150000.47.1
git-daemon-debuginfo-2.26.2-150000.47.1
git-debuginfo-2.26.2-150000.47.1
git-debugsource-2.26.2-150000.47.1
git-email-2.26.2-150000.47.1
git-gui-2.26.2-150000.47.1
git-svn-2.26.2-150000.47.1
git-svn-debuginfo-2.26.2-150000.47.1
git-web-2.26.2-150000.47.1
gitk-2.26.2-150000.47.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):
git-doc-2.26.2-150000.47.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
git-2.26.2-150000.47.1
git-arch-2.26.2-150000.47.1
git-core-2.26.2-150000.47.1
git-core-debuginfo-2.26.2-150000.47.1
git-cvs-2.26.2-150000.47.1
git-daemon-2.26.2-150000.47.1
git-daemon-debuginfo-2.26.2-150000.47.1
git-debuginfo-2.26.2-150000.47.1
git-debugsource-2.26.2-150000.47.1
git-email-2.26.2-150000.47.1
git-gui-2.26.2-150000.47.1
git-svn-2.26.2-150000.47.1
git-svn-debuginfo-2.26.2-150000.47.1
git-web-2.26.2-150000.47.1
gitk-2.26.2-150000.47.1
- SUSE Enterprise Storage 7 (noarch):
git-doc-2.26.2-150000.47.1
- SUSE CaaS Platform 4.0 (x86_64):
git-2.26.2-150000.47.1
git-arch-2.26.2-150000.47.1
git-core-2.26.2-150000.47.1
git-core-debuginfo-2.26.2-150000.47.1
git-cvs-2.26.2-150000.47.1
git-daemon-2.26.2-150000.47.1
git-daemon-debuginfo-2.26.2-150000.47.1
git-debuginfo-2.26.2-150000.47.1
git-debugsource-2.26.2-150000.47.1
git-email-2.26.2-150000.47.1
git-gui-2.26.2-150000.47.1
git-svn-2.26.2-150000.47.1
git-svn-debuginfo-2.26.2-150000.47.1
git-web-2.26.2-150000.47.1
gitk-2.26.2-150000.47.1
- SUSE CaaS Platform 4.0 (noarch):
git-doc-2.26.2-150000.47.1
References:
https://www.suse.com/security/cve/CVE-2022-39253.html
https://www.suse.com/security/cve/CVE-2022-39260.html
https://www.suse.com/security/cve/CVE-2023-22490.html
https://www.suse.com/security/cve/CVE-2023-23946.html
https://bugzilla.suse.com/1204455
https://bugzilla.suse.com/1204456
https://bugzilla.suse.com/1208027
https://bugzilla.suse.com/1208028
1
0